1 .\" Copyright (c) 2003 Andries Brouwer (aeb@cwi.nl) and
2 .\" Walter Harms (walter.harms@informatik.uni-oldenburg.de)
4 .\" %%%LICENSE_START(GPL_NOVERSION_ONELINE)
5 .\" Distributed under GPL
8 .TH GETSPNAM 3 2015-12-05 "GNU" "Linux Programmer's Manual"
10 getspnam, getspnam_r, getspent, getspent_r, setspent, endspent,
11 fgetspent, fgetspent_r, sgetspent, sgetspent_r, putspent,
12 lckpwdf, ulckpwdf \- get shadow password file entry
15 /* General shadow password file API */
17 .B #include <shadow.h>
19 .BI "struct spwd *getspnam(const char *" name );
21 .B struct spwd *getspent(void);
23 .B void setspent(void);
25 .B void endspent(void);
27 .BI "struct spwd *fgetspent(FILE *" stream );
29 .BI "struct spwd *sgetspent(const char *" s );
31 .BI "int putspent(const struct spwd *" p ", FILE *" stream );
35 .B int ulckpwdf(void);
39 .B #include <shadow.h>
41 .BI "int getspent_r(struct spwd *" spbuf ,
43 .BI " char *" buf ", size_t " buflen ", struct spwd **" spbufp );
45 .BI "int getspnam_r(const char *" name ", struct spwd *" spbuf ,
47 .BI " char *" buf ", size_t " buflen ", struct spwd **" spbufp );
49 .BI "int fgetspent_r(FILE *" stream ", struct spwd *" spbuf ,
51 .BI " char *" buf ", size_t " buflen ", struct spwd **" spbufp );
53 .BI "int sgetspent_r(const char *" s ", struct spwd *" spbuf ,
55 .BI " char *" buf ", size_t " buflen ", struct spwd **" spbufp );
59 Feature Test Macro Requirements for glibc (see
60 .BR feature_test_macros (7)):
70 Glibc 2.19 and earlier:
71 _BSD_SOURCE || _SVID_SOURCE
74 Long ago it was considered safe to have encrypted passwords openly
75 visible in the password file.
76 When computers got faster and people
77 got more security-conscious, this was no longer acceptable.
78 Julianne Frances Haugh implemented the shadow password suite
79 that keeps the encrypted passwords in
80 the shadow password database
81 (e.g., the local shadow password file
84 readable only by root.
86 The functions described below resemble those for
87 the traditional password database
92 .\" FIXME . I've commented out the following for the
93 .\" moment. The relationship between PAM and nsswitch.conf needs
94 .\" to be clearly documented in one place, which is pointed to by
95 .\" the pages for the user, group, and shadow password functions.
98 .\" This shadow password setup has been superseded by PAM
99 .\" (pluggable authentication modules), and the file
100 .\" .I /etc/nsswitch.conf
101 .\" now describes the sources to be used.
105 function returns a pointer to a structure containing
106 the broken-out fields of the record in the shadow password database
107 that matches the username
112 function returns a pointer to the next entry in the shadow password
114 The position in the input stream is initialized by
116 When done reading, the program may call
118 so that resources can be deallocated.
119 .\" some systems require a call of setspent() before the first getspent()
124 function is similar to
126 but uses the supplied stream instead of the one implicitly opened by
131 function parses the supplied string
138 function writes the contents of the supplied struct
141 as a text line in the shadow password file format to
143 String entries with value NULL and numerical entries with value \-1
144 are written as an empty string.
148 function is intended to protect against multiple simultaneous accesses
149 of the shadow password database.
150 It tries to acquire a lock, and returns 0 on success,
151 or \-1 on failure (lock not obtained within 15 seconds).
154 function releases the lock again.
155 Note that there is no protection against direct access of the shadow
157 Only programs that use
159 will notice the lock.
161 These were the functions that formed the original shadow API.
162 They are widely available.
164 .\" SUN doesn't have sgetspent()
165 .SS Reentrant versions
166 Analogous to the reentrant functions for the password database, glibc
167 also has reentrant functions for the shadow password database.
172 but stores the retrieved shadow password structure in the space pointed to by
174 This shadow password structure contains pointers to strings, and these strings
175 are stored in the buffer
179 A pointer to the result (in case of success) or NULL (in case no entry
180 was found or an error occurred) is stored in
188 are similarly analogous to their nonreentrant counterparts.
190 Some non-glibc systems also have functions with these names,
191 often with different prototypes.
192 .\" SUN doesn't have sgetspent_r()
194 The shadow password structure is defined in \fI<shadow.h>\fP as follows:
199 char *sp_namp; /* Login name */
200 char *sp_pwdp; /* Encrypted password */
201 long sp_lstchg; /* Date of last change
202 (measured in days since
203 1970-01-01 00:00:00 +0000 (UTC)) */
204 long sp_min; /* Min # of days between changes */
205 long sp_max; /* Max # of days between changes */
206 long sp_warn; /* # of days before password expires
207 to warn user to change it */
208 long sp_inact; /* # of days after password expires
209 until account is disabled */
210 long sp_expire; /* Date when account expires
211 (measured in days since
212 1970-01-01 00:00:00 +0000 (UTC)) */
213 unsigned long sp_flag; /* Reserved */
218 The functions that return a pointer return NULL if no more entries
219 are available or if an error occurs during processing.
220 The functions which have \fIint\fP as the return value return 0 for
221 success and \-1 for failure, with
223 set to indicate the cause of the error.
225 For the nonreentrant functions, the return value may point to static area,
226 and may be overwritten by subsequent calls to these functions.
228 The reentrant functions return zero on success.
229 In case of error, an error number is returned.
233 The caller does not have permission to access the shadow password file.
236 Supplied buffer is too small.
240 local shadow password database file
249 to the pathname of the shadow password file.
251 For an explanation of the terms used in this section, see
257 Interface Attribute Value
261 MT-Unsafe race:getspnam locale
266 MT-Unsafe race:getspent
277 MT-Unsafe race:getspent locale
281 T} Thread safety MT-Unsafe race:fgetspent
284 T} Thread safety MT-Unsafe race:sgetspent
291 T} Thread safety MT-Safe locale
298 T} Thread safety MT-Safe
305 signifies that if any of the functions
311 are used in parallel in different threads of a program,
312 then data races could occur.
314 The shadow password database and its associated API are
315 not specified in POSIX.1.
316 However, many other systems provide a similar API.