Monday Feb 11, 2013

Recovering Passwords in Solaris 11

About once a year, I'll find a way to lock myself out of a Solaris system. Here's how to get out of this scenario. You'll need a Solaris 11 Live CD or Live USB stick.
  • Boot up from the Live CD/USB
  • Select the 'Text Console' option from the GRUB menu
  • Login to the solaris console using the username/password of jack/jack
  • Switch to root
  • $ sudo su
    password jack
    
  • Mount the solaris boot environment in a temporary directory
  • # beadm mount solaris /a
    
  • Edit the shadow file
  • # vi /a/etc/shadow
    
  • Find your username and remove the password hash
  • Convert
    username:iEwei23SamPleHashonf0981:15746::::::17216
    to
    username::15746::::::17216
    
  • Allow empty passwords at login
  • $ vi /a/etc/default/login
    Switch this line
    PASSREQ=YES
    to
    PASSREQ=NO
    
  • Update the boot archive
  • # bootadm update-archive -R /a
    
  • Reboot and remove the Live CD/USB from system
  • # reboot
    
    If prompted for a password, hit return since this has now been blanked.

Tuesday Feb 09, 2010

Retrieving MAC Address in Solaris using C as a non-root user

I needed to find a way to get the physical (MAC) address using C. From what I could gather from searching opensolaris.org, there are two methods for retrieving it: libdlpi and arp. libdlpi is the more elegant solution as it requires a simple call to dlpi_get_physaddr(). This is how ifconfig prints your network interface's MAC address. Unfortunately, libdlpi calls are only permitted as root.

As explained by James Carlson:

The reason it was like this was historical: getting the MAC address in
ifconfig meant opening up the DLPI node and talking to the driver. As
the drivers didn't have discrete privileges for each operation, and
you had to be almighty root to touch them, 'ifconfig' didn't show the
MAC address when not privileged.
\*whatever\*

The second solution is to use arp. In Solaris you can determine the physical address by looking at the arp tables directly (`arp -a | grep <INTERFACE>` or `netstat -p | grep <INTERFACE>`). With C, this can be done by using the if sockets and arp libraries.

I wrote up a solution called "getmac" using both methods. You can gather it here.

  • Directions
    $ wget http://www.pauliesworld.org/project/getmac.c
    $ gcc getmac.c -o getmac -lsocket -ldlpi
    $ ./getmac <interface_name>
    arp:	ffffffffffff
    dlpi:	dlpi failure, are you root?
    $ pfexec ./getmac <interface_name>
    arp:	ffffffffffff
    dlpi:	ffffffffffff
    
Remember to use pfexec for the libdlpi method.
About

Hiya, my name is Paul Johnson and I'm a software engineer working on the ZFS storage appliance .

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today