How do I write a c++ program that registers a user and allows the user to login and out using fingerprint and the program to calculate between the time taken for the user to login and out?
The program outputs log in and log out as the same even if you log out an hour later.
Related
I need to detect all user login events including user authentication status (success/fail) from a C++ program. In other words, I need to detect all authentication success / authentication fail events.
I found online a few ways of doing this but each one has its own disadvantages:
Parsing the log files (/var/log/auth.log for example) but I find this quite inefficient to parse a text file and the format may be different from version to version.
Use audit subsystem to detect user activity but the audit subsystem is relatively new, and it may not be present on older machines
Use a PAM (portable authentication module) to detect user activity by injecting a .so in the authentication stack. Using this approach, I was able to nicely detect successful logins (by detecting the user "session start" event) but I'm struggling to detect the failed login attempts
because there is no specific event for this.
My current implementation is capturing the "auth start" and "session start" events using a PAM plugin and consider that a login failed if the "auth start" is not followed by a "session start" within a time threshold. The time threshold must be pretty big in order to avoid false positive (at least as long as the password input timeout) and this makes this method to have a huge delay. I also tried to capture the custom PAM plugin unload event (by adding a module destructor function) but the sshd for example, does not close the forked process when the SSH connection is closed.
Is there any trick I can do with the PAM module (or another Linux feature / module) to detect, in real time, the user login failed events?
Parsing btmp or utmp records may help . Those files are binary and there are lots of examples around about these.
I have a website. the user is authorized, enters the site URL, then sets the interval in minutes (for example, 7 minutes). Then the user leaves the site.After 7 minutes, the program, the script, the service should start, I do not know how it's called and perform certain actions with the site that the user specified and then send the result to the mail. Tell me how can I do this service?What would it work even if the user came out and closed the browser. I can not understand in what direction I should move ... I use AWS from Amazon
UPD: let's describe in more detail. There is a login field, the user enters the login / password, the data is checked in a database called users, cookies are set with the user id (idUser), then the user enters one or more sites, they are stored in a database named data_ (idUser). The interval is stored in settings_ (idUser) value in the range 1-60 min. Suppose he sets the interval of 7 minutes. Then the user closes the tab, closes the browser. A specified interval (7 minutes) starts a script that takes data from the database data_ (idUser), (there are several URL sites stored there). The script processes them and sends the results of site verification to the mail. But the problem is also that the script will be one, and how to access the bd if I do not know idUser, because I can not get them from the cookie either ... Maybe I should change the database structure altogether?
I've been working on a program in c++ that fork a pty. Everything goes well except for one thing: when the root run the program, the pty logs-in as the root user. In the same way, if a user 'x' runs the program, the new pty logs in as 'x' user.
How can it start a pty asking for the user credentias and login in? i know that ssh or pty1(ctr + alt + 1) does.
EDIT: Here is like i fork the pty
http://pastebin.com/3vLQynz2
To be allowed to run something as a different user, you have to have to right to change to uid (man setuid). Normally you can only do this as user 'root'.
Therefore if you want to implement something like this either your program has to run as suid root or you have to use some other executeable that is suid root. For example you could ask the user which user it wants to be. Then run /bin/su to ask the user for his password.
BTW: the mentioned binary /bin/login will only work if you already run as user 'root'.
i am using c++ win32 API.
i tried to get user details using GetUserNameExA();
i have use this function into system logondialog source(GINA).
in my logfile,it gives
CN=ComputerName,CN=Computers,DC=JEGAN,DC=COM".
But it's used after logon on to system,at that time it gives user details like "CN=sanju,CN=USERS,DC=JEGAN,DC=COM" in my other solution.
i want user details only,but it gives system details at the logon time,how can i achieve user details at logontime?
note: i have already tried ADSI,LDAP functions & directoryservices cant able to use.so suggest any other system functions.
David is correct - the GINA DLL is loaded by the WinLogon.exe process. Check Task Manager and you'll see that WinLogon.exe runs as Local System. The GetUserName and GetUserNameEx functions provide information about the identity for the current thread:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms724435.aspx
From a 20,000 foot view, after a user's credentials have been validated, the GINA notifies all Network Providers of the successful login. After this, it loads the user's profile and creates the user's shell (Explorer.exe) which is then displayed.
You might try using a Network Provider instead. They are fully supported up through Windows 8 and multiple NPs can be defined for the system so you won't run into the 'chaining' issues that GINAs have.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa378775.aspx
The NPLogonNotify function will receive the user's cleartext name, domain and password (sometimes you'll receive a UPN as username in which case the domain is blank). You can use this information as is, perform LDAP-based lookups to AD or use LogonUser & ImpersonateLoggedOnUser before calling GetUserNameEx. Be extremely careful with this last approach since network providers run as Local system within the WinLogon.exe process. Always call RevertToSelf and CloseHandle to undo/clean up the previous calls.
The only (quite quirky) workaround for what you are trying to do is to log on some other user account on the side which has access to the domain and can thus query user details (don't remember the permissions needed in detail, though). Otherwise I'd suggest you go with Gregg's answer.
With a thread impersonated as such user you should then be able to query the information for the user that you are going to log on (how do you even know by that time?) via NetUserGetInfo() and friends. Choose the USER_INFO_* struct that best suits your needs and simply ask the domain server for the information. This should also work on earlier and later systems (the functionality, not the GINA itself).
I have a program running as root and call another program to run(A).
I want A to run when the user logs on. I've used command: su - 'username' -c A,
or in the A main function, I've called: setuid(current_uid_logged).
But I don't know the way to get the user-name of the logged on user, or the uid in the root process.
Ways that I've tried: getenv("USERNAME") or getlogin() always return root account.
I've confused with getlogin(), my program is running when kernel start and wait for user login (I have a thread to wait a Finder process (Mac OSX) running to detect user logged on), wait 10 seconds and call getlogin() but sometime, it returned root but can return user login. I think Finder process is running when user logged on.
But when I call my app to run with sudo command, getlogin() always returns current user logged on.
How do I do this?
getlogin(3) returns the name of the user who owns the process's controlling terminal. This has nothing to do with the username of whoever might log in to the GUI of the operating system. Instead, getlogin(3) and getuid(2) will only ever return the name / uid of the user account that started the program -- they have more to do with the process history than with any user sitting in front of the computer.
There are similar stories with the environment variables USER and LOGNAME -- if either one was set in a process, it was by a process higher in the process's call tree. It too cannot be influenced by whichever user eventually sits in front of the computer.
I'm sure there is some mechanism to discover the currently-logged-on user on an OS X machine, but it won't be a traditional Unix API that provides it to you.
how about uid_t getuid()?
more details at http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man2/getuid.2.html