2004-11-03 13:51:07 +00:00
|
|
|
.\" Copyright (c) 2003 Andries Brouwer (aeb@cwi.nl) and
|
|
|
|
.\" Walter Harms (walter.harms@informatik.uni-oldenburg.de)
|
|
|
|
.\"
|
|
|
|
.\" Distributed under GPL
|
|
|
|
.\"
|
add_key.2, keyctl.2, request_key.2, stime.2, time.2, ctime.3, difftime.3, ftime.3, getspnam.3, mq_receive.3, mq_send.3, rtime.3, sem_wait.3, string.3, timeradd.3, tzset.3, rtc.4, core.5, icmp.7, time.7, zic.8: Updated .TH timestamp
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2010-02-25 09:43:57 +00:00
|
|
|
.TH GETSPNAM 3 2010-02-25 "GNU" "Linux Programmer's Manual"
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH NAME
|
|
|
|
getspnam, getspnam_r, getspent, getspent_r, setspent, endspent,
|
|
|
|
fgetspent, fgetspent_r, sgetspent, sgetspent_r, putspent,
|
|
|
|
lckpwdf, ulckpwdf \- get shadow password file entry
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.nf
|
|
|
|
/* General shadow password file API */
|
|
|
|
.br
|
|
|
|
.B #include <shadow.h>
|
|
|
|
.sp
|
|
|
|
.BI "struct spwd *getspnam(const char *" name );
|
|
|
|
.sp
|
|
|
|
.B struct spwd *getspent(void);
|
|
|
|
.sp
|
|
|
|
.B void setspent(void);
|
|
|
|
.sp
|
|
|
|
.B void endspent(void);
|
|
|
|
.sp
|
|
|
|
.BI "struct spwd *fgetspent(FILE *" fp );
|
|
|
|
.sp
|
|
|
|
.BI "struct spwd *sgetspent(const char *" s );
|
|
|
|
.sp
|
|
|
|
.BI "int putspent(struct spwd *" p ", FILE *" fp );
|
|
|
|
.sp
|
|
|
|
.B int lckpwdf(void);
|
|
|
|
.sp
|
|
|
|
.B int ulckpwdf(void);
|
|
|
|
.sp
|
|
|
|
/* GNU extension */
|
|
|
|
.br
|
|
|
|
.B #include <shadow.h>
|
|
|
|
.sp
|
|
|
|
.BI "int getspent_r(struct spwd *" spbuf ,
|
|
|
|
.br
|
|
|
|
.BI " char *" buf ", size_t " buflen ", struct spwd **" spbufp );
|
|
|
|
.sp
|
|
|
|
.BI "int getspnam_r(const char *" name ", struct spwd *" spbuf ,
|
|
|
|
.br
|
|
|
|
.BI " char *" buf ", size_t " buflen ", struct spwd **" spbufp );
|
|
|
|
.sp
|
|
|
|
.BI "int fgetspent_r(FILE *" fp ", struct spwd *" spbuf ,
|
|
|
|
.br
|
|
|
|
.BI " char *" buf ", size_t " buflen ", struct spwd **" spbufp );
|
|
|
|
.sp
|
|
|
|
.BI "int sgetspent_r(const char *" s ", struct spwd *" spbuf ,
|
|
|
|
.br
|
|
|
|
.BI " char *" buf ", size_t " buflen ", struct spwd **" spbufp );
|
|
|
|
.fi
|
2007-07-08 12:11:40 +00:00
|
|
|
.sp
|
|
|
|
.in -4n
|
|
|
|
Feature Test Macro Requirements for glibc (see
|
|
|
|
.BR feature_test_macros (7)):
|
|
|
|
.in
|
|
|
|
.sp
|
|
|
|
.ad l
|
|
|
|
.BR getspent_r (),
|
|
|
|
.BR getspnam_r (),
|
|
|
|
.BR fgetspent_r (),
|
|
|
|
.BR sgetspent_r ():
|
2010-09-19 05:20:55 +00:00
|
|
|
.RS 4
|
2007-07-08 12:11:40 +00:00
|
|
|
_BSD_SOURCE || _SVID_SOURCE
|
2010-09-19 05:20:55 +00:00
|
|
|
.RE
|
2007-07-08 12:11:40 +00:00
|
|
|
.ad b
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH DESCRIPTION
|
|
|
|
Long ago it was considered safe to have encrypted passwords openly
|
2007-04-12 22:42:49 +00:00
|
|
|
visible in the password file.
|
|
|
|
When computers got faster and people
|
2004-11-03 13:51:07 +00:00
|
|
|
got more security-conscious, this was no longer acceptable.
|
|
|
|
Julianne Frances Haugh implemented the shadow password suite
|
|
|
|
that keeps the encrypted passwords in
|
2005-07-04 08:59:13 +00:00
|
|
|
the shadow password database
|
2007-04-12 22:42:49 +00:00
|
|
|
(e.g., the local shadow password file
|
2004-11-03 13:51:07 +00:00
|
|
|
.IR /etc/shadow ,
|
2005-07-04 08:59:13 +00:00
|
|
|
NIS, and LDAP),
|
2004-11-03 13:51:07 +00:00
|
|
|
readable only by root.
|
|
|
|
.LP
|
2005-07-04 08:59:13 +00:00
|
|
|
The functions described below resemble those for
|
|
|
|
the traditional password database
|
|
|
|
(e.g., see
|
|
|
|
.BR getpwnam (3)
|
|
|
|
and
|
|
|
|
.BR getpwent (3)).
|
2006-03-20 04:46:28 +00:00
|
|
|
.\" FIXME I've commented out the following for the
|
2007-04-12 22:42:49 +00:00
|
|
|
.\" moment. The relationship between PAM and nsswitch.conf needs
|
|
|
|
.\" to be clearly documented in one place, which is pointed to by
|
|
|
|
.\" the pages for the user, group, and shadow password functions.
|
2006-03-20 04:46:28 +00:00
|
|
|
.\" (Jul 2005, mtk)
|
2007-04-12 22:42:49 +00:00
|
|
|
.\"
|
|
|
|
.\" This shadow password setup has been superseded by PAM
|
2005-07-04 08:59:13 +00:00
|
|
|
.\" (pluggable authentication modules), and the file
|
|
|
|
.\" .I /etc/nsswitch.conf
|
|
|
|
.\" now describes the sources to be used.
|
2004-11-03 13:51:07 +00:00
|
|
|
.LP
|
|
|
|
The
|
2005-10-19 07:07:02 +00:00
|
|
|
.BR getspnam ()
|
2004-11-03 13:51:07 +00:00
|
|
|
function returns a pointer to a structure containing
|
2005-07-04 08:59:13 +00:00
|
|
|
the broken-out fields of the record in the shadow password database
|
2008-06-30 14:36:59 +00:00
|
|
|
that matches the username
|
2004-11-03 13:51:07 +00:00
|
|
|
.IR name .
|
|
|
|
.LP
|
|
|
|
The
|
2005-10-19 07:07:02 +00:00
|
|
|
.BR getspent ()
|
2005-07-04 08:59:13 +00:00
|
|
|
function returns a pointer to the next entry in the shadow password
|
|
|
|
database.
|
2004-11-03 13:51:07 +00:00
|
|
|
The position in the input stream is initialized by
|
2005-10-19 07:07:02 +00:00
|
|
|
.BR setspent ().
|
2004-11-03 13:51:07 +00:00
|
|
|
When done reading, the program may call
|
2005-10-19 07:07:02 +00:00
|
|
|
.BR endspent ()
|
2004-11-03 13:51:07 +00:00
|
|
|
so that resources can be deallocated.
|
|
|
|
.\" some systems require a call of setspent() before the first getspent()
|
|
|
|
.\" glibc does not
|
|
|
|
.LP
|
|
|
|
The
|
2005-10-19 07:07:02 +00:00
|
|
|
.BR fgetspent ()
|
2004-11-03 13:51:07 +00:00
|
|
|
function is similar to
|
2005-10-19 07:07:02 +00:00
|
|
|
.BR getspent ()
|
2004-11-03 13:51:07 +00:00
|
|
|
but uses the supplied stream instead of the one implicitly opened by
|
2005-10-19 07:07:02 +00:00
|
|
|
.BR setspent ().
|
2004-11-03 13:51:07 +00:00
|
|
|
.LP
|
|
|
|
The
|
2005-10-19 07:07:02 +00:00
|
|
|
.BR sgetspent ()
|
2004-11-03 13:51:07 +00:00
|
|
|
function parses the supplied string
|
|
|
|
.I s
|
2005-07-04 08:59:13 +00:00
|
|
|
into a struct
|
|
|
|
.IR spwd .
|
2004-11-03 13:51:07 +00:00
|
|
|
.LP
|
|
|
|
The
|
2005-10-19 07:07:02 +00:00
|
|
|
.BR putspent ()
|
2005-07-04 08:59:13 +00:00
|
|
|
function writes the contents of the supplied struct
|
|
|
|
.I spwd
|
2007-12-22 22:10:40 +00:00
|
|
|
.I *p
|
2004-11-03 13:51:07 +00:00
|
|
|
as a text line in the shadow password file format to the stream
|
|
|
|
.IR fp .
|
|
|
|
String entries with value NULL and numerical entries with value \-1
|
|
|
|
are written as an empty string.
|
|
|
|
.LP
|
|
|
|
The
|
2005-10-19 07:07:02 +00:00
|
|
|
.BR lckpwdf ()
|
2007-04-12 22:42:49 +00:00
|
|
|
function is intended to protect against multiple simultaneous accesses
|
2005-07-04 08:59:13 +00:00
|
|
|
of the shadow password database.
|
|
|
|
It tries to acquire a lock, and returns 0 on success,
|
|
|
|
or \-1 on failure (lock not obtained within 15 seconds).
|
2004-11-03 13:51:07 +00:00
|
|
|
The
|
2005-10-19 07:07:02 +00:00
|
|
|
.BR ulckpwdf ()
|
2004-11-03 13:51:07 +00:00
|
|
|
function releases the lock again.
|
|
|
|
Note that there is no protection against direct access of the shadow
|
2007-04-12 22:42:49 +00:00
|
|
|
password file.
|
|
|
|
Only programs that use
|
2005-10-19 07:07:02 +00:00
|
|
|
.BR lckpwdf ()
|
2004-11-03 13:51:07 +00:00
|
|
|
will notice the lock.
|
|
|
|
.LP
|
2005-07-04 08:59:13 +00:00
|
|
|
These were the functions that formed the original shadow API.
|
2004-11-03 13:51:07 +00:00
|
|
|
They are widely available.
|
|
|
|
.\" Also in libc5
|
|
|
|
.\" SUN doesn't have sgetspent()
|
|
|
|
.SS "Reentrant versions"
|
2005-07-04 08:59:13 +00:00
|
|
|
Analogous to the reentrant functions for the password database, glibc
|
|
|
|
also has reentrant functions for the shadow password database.
|
2004-11-03 13:51:07 +00:00
|
|
|
The
|
2005-10-19 07:07:02 +00:00
|
|
|
.BR getspnam_r ()
|
2004-11-03 13:51:07 +00:00
|
|
|
function is like
|
2005-10-19 07:07:02 +00:00
|
|
|
.BR getspnam ()
|
2005-07-04 08:59:13 +00:00
|
|
|
but stores the retrieved shadow password structure in the space pointed to by
|
2004-11-03 13:51:07 +00:00
|
|
|
.IR spbuf .
|
2005-07-04 08:59:13 +00:00
|
|
|
This shadow password structure contains pointers to strings, and these strings
|
2004-11-03 13:51:07 +00:00
|
|
|
are stored in the buffer
|
|
|
|
.I buf
|
|
|
|
of size
|
|
|
|
.IR buflen .
|
|
|
|
A pointer to the result (in case of success) or NULL (in case no entry
|
|
|
|
was found or an error occurred) is stored in
|
2007-12-22 22:10:40 +00:00
|
|
|
.IR *spbufp .
|
2004-11-03 13:51:07 +00:00
|
|
|
.LP
|
|
|
|
The functions
|
2005-10-19 07:07:02 +00:00
|
|
|
.BR getspent_r (),
|
|
|
|
.BR fgetspent_r (),
|
2004-11-03 13:51:07 +00:00
|
|
|
and
|
2005-10-19 07:07:02 +00:00
|
|
|
.BR sgetspent_r ()
|
getgrent_r.3, gethostbyname.3, getmntent.3, getnetent_r.3, getprotoent_r.3, getpwent_r.3, getrpcent_r.3, getservent_r.3, getspnam.3: Global fix: s/non-reentrant/nonrentrant/
The tendency in English, as prescribed in style guides like
Chicago MoS, is towards removing hyphens after prefixes
like "non-" etc.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2010-01-16 16:55:51 +00:00
|
|
|
are similarly analogous to their nonreentrant counterparts.
|
2004-11-03 13:51:07 +00:00
|
|
|
.LP
|
|
|
|
Some non-glibc systems also have functions with these names,
|
|
|
|
often with different prototypes.
|
|
|
|
.\" SUN doesn't have sgetspent_r()
|
|
|
|
.SS Structure
|
2005-07-04 08:59:13 +00:00
|
|
|
The shadow password structure is defined in \fI<shadow.h>\fP as follows:
|
2004-11-03 13:51:07 +00:00
|
|
|
.sp
|
2007-12-19 06:16:04 +00:00
|
|
|
.in +4n
|
2004-11-03 13:51:07 +00:00
|
|
|
.nf
|
|
|
|
struct spwd {
|
2008-07-08 22:14:19 +00:00
|
|
|
char *sp_namp; /* Login name */
|
|
|
|
char *sp_pwdp; /* Encrypted password */
|
|
|
|
long sp_lstchg; /* Date of last change (measured
|
stime.2, time.2, utimensat.2, ctime.3, difftime.3, ftime.3, getspnam.3, mq_receive.3, mq_send.3, rtime.3, sem_wait.3, strftime.3, strptime.3, timeradd.3, rtc.4, core.5, proc.5, icmp.7, time.7: Global fix: Consistently define the Epoch
All definitions of the Epoch have been refactored to the following:
1970-01-01 00:00:00 +0000 (UTC)
That form is more consistent, logical, precise, and internationally
recognizable than the other variants.
Also, some wording has been altered as well.
Signed-off-by: Michael Witten <mfwitten@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2010-01-17 03:53:52 +00:00
|
|
|
in days since 1970-01-01 00:00:00 +0000 (UTC)) */
|
2008-07-08 22:14:19 +00:00
|
|
|
long sp_min; /* Min # of days between changes */
|
|
|
|
long sp_max; /* Max # of days between changes */
|
|
|
|
long sp_warn; /* # of days before password expires
|
|
|
|
to warn user to change it */
|
|
|
|
long sp_inact; /* # of days after password expires
|
|
|
|
until account is disabled */
|
|
|
|
long sp_expire; /* Date when account expires (measured
|
stime.2, time.2, utimensat.2, ctime.3, difftime.3, ftime.3, getspnam.3, mq_receive.3, mq_send.3, rtime.3, sem_wait.3, strftime.3, strptime.3, timeradd.3, rtc.4, core.5, proc.5, icmp.7, time.7: Global fix: Consistently define the Epoch
All definitions of the Epoch have been refactored to the following:
1970-01-01 00:00:00 +0000 (UTC)
That form is more consistent, logical, precise, and internationally
recognizable than the other variants.
Also, some wording has been altered as well.
Signed-off-by: Michael Witten <mfwitten@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2010-01-17 03:53:52 +00:00
|
|
|
in days since 1970-01-01 00:00:00 +0000 (UTC)) */
|
2008-07-08 22:14:19 +00:00
|
|
|
unsigned long sp_flag; /* Reserved */
|
2004-11-03 13:51:07 +00:00
|
|
|
};
|
|
|
|
.fi
|
2007-12-19 06:16:04 +00:00
|
|
|
.in
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH "RETURN VALUE"
|
2005-07-04 08:59:13 +00:00
|
|
|
The functions that return a pointer return NULL if no more entries
|
|
|
|
are available or if an error occurs during processing.
|
2007-07-18 20:24:30 +00:00
|
|
|
The functions which have \fIint\fP as the return value return 0 for
|
2005-06-15 14:10:23 +00:00
|
|
|
success and \-1 for failure.
|
2004-11-03 13:51:07 +00:00
|
|
|
.LP
|
getgrent_r.3, gethostbyname.3, getmntent.3, getnetent_r.3, getprotoent_r.3, getpwent_r.3, getrpcent_r.3, getservent_r.3, getspnam.3: Global fix: s/non-reentrant/nonrentrant/
The tendency in English, as prescribed in style guides like
Chicago MoS, is towards removing hyphens after prefixes
like "non-" etc.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2010-01-16 16:55:51 +00:00
|
|
|
For the nonreentrant functions, the return value may point to static area,
|
2004-11-03 13:51:07 +00:00
|
|
|
and may be overwritten by subsequent calls to these functions.
|
|
|
|
.LP
|
|
|
|
The reentrant functions return zero on success.
|
2005-07-04 08:59:13 +00:00
|
|
|
In case of error, an error number is returned.
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH ERRORS
|
|
|
|
.TP
|
|
|
|
.B ERANGE
|
|
|
|
Supplied buffer is too small.
|
|
|
|
.SH FILES
|
|
|
|
.TP
|
|
|
|
.I /etc/shadow
|
2005-07-04 08:59:13 +00:00
|
|
|
local shadow password database file
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.I /etc/.pwd.lock
|
|
|
|
lock file
|
|
|
|
.LP
|
|
|
|
The include file
|
|
|
|
.I <paths.h>
|
2007-06-22 19:42:52 +00:00
|
|
|
defines the constant
|
|
|
|
.B _PATH_SHADOW
|
|
|
|
to the pathname of the shadow password file.
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH "CONFORMING TO"
|
2007-04-12 22:42:49 +00:00
|
|
|
The shadow password database and its associated API are
|
2005-07-04 08:59:13 +00:00
|
|
|
not specified in POSIX.1-2001.
|
|
|
|
However, many other systems provide a similar API.
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH "SEE ALSO"
|
|
|
|
.BR getgrnam (3),
|
|
|
|
.BR getpwnam (3),
|
|
|
|
.BR getpwnam_r (3),
|
2007-07-08 12:11:40 +00:00
|
|
|
.BR shadow (5)
|