The work is based on labs and exercises from previous offerings of CSCI 363.
In this lab you will create a pair of programs that mimic the behavior of Linux login server and client. You will be given a set of source programs as a starting point. One of the programs, login.c asks the user to enter a user name and a corresponding password. The program checks the validity of the user name and password against a given database. If the user name and password matches properly, the program starts a user shell with which the user can do any Linux work. The other two programs are a pair of remote login client and server rshClient.c and rshd.c, some of the functions are implemented in a separate file called rsh.c. This set of programs allow a user to remote log into a server without any authentication. Your task is to try these programs first, then read the programs to understand the process. Finally you will revise the programs such that the remote login server will ask for user name and password for authentication. Only the users with proper credentials can log onto the remote server.
You first do the following to gain some first-hand experiences.
~cs363/Spring16/student/labs/lab06/into your lab06 directory.
make. A number of executables will be generated. The program mlogin allows a user to enter a user name and a password to use a shell on a local Linux system. The program rshd is a server program that allows a user to get into a remote system without password. The program loginClient is a client program that will connect to a host that is running rshd. The program mypasswd is a program that allows you to create a password for an existing system user. You also should see two text files called passwd and shadow which is a faked password file and a faked shadow file. The use of these files will become clear as we move on the lab exercises.
man -s 5 passwdif you are not sure how the file is structured. You then set a password for the account you just added to the passwd file by the command
host% ./mypasswd userwhere user is a user name that is in the passwd file. The program will ask you for a password. Note that this is a faked password. Don't enter your real password. This faked password is stored in a shadow file in your current directory.
We describe some basic ideas here. There are three major components in this set of programs.
rshdwaits on a particular port for clients to connect. Once it receives and accepts a connection request, it spawns a child either using a thread, or forking a new process to service the client.
getspnam(). We created a pair of faked system calls because on our Linux systems, we no longer use the passwd and shadow files to check user credentials. But the essential concepts are the same. Read manual pages on
getspnam()to gain some basic understanding of this concept.
You will develop a set of remote login service program using the two existing pairs of programs. You should have a client program that will take the user name and password on the local machine. The client program then sends the pair of user name and password to the remote machine (server). The remote login service should check the validity of the user name and password combination. If the user is valid, the program provides a shell service to the remote client. If the user is invalid, the program simply ignores the request and prompt the user for next trial if so chose by the user, just like any Linux systems would do. The user credential files passwd and shadow reside on the server side.Revise the server/client to check user name and password
Your first task is to revise the server (rshd.c and rsh.c) and client (rshClient.c) such that your client program and the server program can run on two different Linux computers with user name and password checking. You will have to add the part of the logic in login.c that reads user name and password into rshClient.c at proper place. You also need to add the part of the logic in login.c that check the user name and password to the server rshd.c and rsh.c at proper place.
Note that at this point the user name and password sent to the remote server are in plain text. So the service is not secure. In order to make a secure service, we need to use Secure Sockets Layer or SSL protocol, which we will explore later in the semester.Revise the server to run on your VM
After you make the programs work properly on our local Linux machines, you are asked to revise the programs to run the server program on your VM so the program can access a set of user names and passwords on the VM. You have to complete two separate sets of tasks to make the programs work.
First, you need to change the firewall set-ups on the VM side such that the server program can run on the VM at a particular port.
useradd user-idto add a new user. For example,
passwd. For example,
chkconfig iptables off service iptables stop
-A INPUT -p tcp -m multiport --dports 8000 -m comment --comment "700 allow port 8000" -j ACCEPTin the file /etc/sysconfig/iptables after the
--dport 22line. The number "8000" is a sample port number. Please make sure use a port number that you feel comfortable. (Don't just use the one given as the example above.)
service iptables reload
Next you need to revise the rshd program so it will use the real
getspnam() function in the Linux system. Notice that in your current program, the function
getspnam() is custom developed to mimic the behavior of the system function with the same name. The reason for doing so is that your program usually runs from user space that doesn't have the privilege of reading user information. But when running on your VM as the root user, the program has access to these real data. Thus you can use real system calls to access these information. The following is what you need to do.
sftpon your Linux computer. For example
sftp mynode-123-4 cd cs363-lab06 mput *
extern struct spwd *getspnam();because now you will be using the function provided by the system.
Now you should be able to compile the program by simply doing a
make. Fix any errors you might have. Then run
rshd on the VM.
With the server (rshd) running on the VM, you can compile and run your client on any other Linux computers and the pair of programs should allow you to log into the VM from local Linux machine, and work in a way similar to ssh.
When all is working well on the VM side, please copy all program files, including the Makefile back to your Linux side. Put them in the subdirectory native. You are asked to submit this set of files as well.
You are asked to commit and push all program files in your lab06 and its subdirectory native.
In addition, create an answer.txt file. Include four sets of screen outputs, using copy-and-paste, or
script. Please label these output files with the following number with a proper title.
Congratulations! You just finished this lab.