1 .\" Copyright (c) 2003 Andries Brouwer (aeb@cwi.nl) and
2 .\" Walter Harms (walter.harms@informatik.uni-oldenburg.de)
4 .\" Distributed under GPL
6 .TH GETSPNAM 3 2010-02-25 "GNU" "Linux Programmer's Manual"
8 getspnam, getspnam_r, getspent, getspent_r, setspent, endspent,
9 fgetspent, fgetspent_r, sgetspent, sgetspent_r, putspent,
10 lckpwdf, ulckpwdf \- get shadow password file entry
13 /* General shadow password file API */
15 .B #include <shadow.h>
17 .BI "struct spwd *getspnam(const char *" name );
19 .B struct spwd *getspent(void);
21 .B void setspent(void);
23 .B void endspent(void);
25 .BI "struct spwd *fgetspent(FILE *" fp );
27 .BI "struct spwd *sgetspent(const char *" s );
29 .BI "int putspent(struct spwd *" p ", FILE *" fp );
33 .B int ulckpwdf(void);
37 .B #include <shadow.h>
39 .BI "int getspent_r(struct spwd *" spbuf ,
41 .BI " char *" buf ", size_t " buflen ", struct spwd **" spbufp );
43 .BI "int getspnam_r(const char *" name ", struct spwd *" spbuf ,
45 .BI " char *" buf ", size_t " buflen ", struct spwd **" spbufp );
47 .BI "int fgetspent_r(FILE *" fp ", struct spwd *" spbuf ,
49 .BI " char *" buf ", size_t " buflen ", struct spwd **" spbufp );
51 .BI "int sgetspent_r(const char *" s ", struct spwd *" spbuf ,
53 .BI " char *" buf ", size_t " buflen ", struct spwd **" spbufp );
57 Feature Test Macro Requirements for glibc (see
58 .BR feature_test_macros (7)):
67 _BSD_SOURCE || _SVID_SOURCE
71 Long ago it was considered safe to have encrypted passwords openly
72 visible in the password file.
73 When computers got faster and people
74 got more security-conscious, this was no longer acceptable.
75 Julianne Frances Haugh implemented the shadow password suite
76 that keeps the encrypted passwords in
77 the shadow password database
78 (e.g., the local shadow password file
81 readable only by root.
83 The functions described below resemble those for
84 the traditional password database
89 .\" FIXME I've commented out the following for the
90 .\" moment. The relationship between PAM and nsswitch.conf needs
91 .\" to be clearly documented in one place, which is pointed to by
92 .\" the pages for the user, group, and shadow password functions.
95 .\" This shadow password setup has been superseded by PAM
96 .\" (pluggable authentication modules), and the file
97 .\" .I /etc/nsswitch.conf
98 .\" now describes the sources to be used.
102 function returns a pointer to a structure containing
103 the broken-out fields of the record in the shadow password database
104 that matches the username
109 function returns a pointer to the next entry in the shadow password
111 The position in the input stream is initialized by
113 When done reading, the program may call
115 so that resources can be deallocated.
116 .\" some systems require a call of setspent() before the first getspent()
121 function is similar to
123 but uses the supplied stream instead of the one implicitly opened by
128 function parses the supplied string
135 function writes the contents of the supplied struct
138 as a text line in the shadow password file format to the stream
140 String entries with value NULL and numerical entries with value \-1
141 are written as an empty string.
145 function is intended to protect against multiple simultaneous accesses
146 of the shadow password database.
147 It tries to acquire a lock, and returns 0 on success,
148 or \-1 on failure (lock not obtained within 15 seconds).
151 function releases the lock again.
152 Note that there is no protection against direct access of the shadow
154 Only programs that use
156 will notice the lock.
158 These were the functions that formed the original shadow API.
159 They are widely available.
161 .\" SUN doesn't have sgetspent()
162 .SS "Reentrant versions"
163 Analogous to the reentrant functions for the password database, glibc
164 also has reentrant functions for the shadow password database.
169 but stores the retrieved shadow password structure in the space pointed to by
171 This shadow password structure contains pointers to strings, and these strings
172 are stored in the buffer
176 A pointer to the result (in case of success) or NULL (in case no entry
177 was found or an error occurred) is stored in
185 are similarly analogous to their nonreentrant counterparts.
187 Some non-glibc systems also have functions with these names,
188 often with different prototypes.
189 .\" SUN doesn't have sgetspent_r()
191 The shadow password structure is defined in \fI<shadow.h>\fP as follows:
196 char *sp_namp; /* Login name */
197 char *sp_pwdp; /* Encrypted password */
198 long sp_lstchg; /* Date of last change (measured
199 in days since 1970-01-01 00:00:00 +0000 (UTC)) */
200 long sp_min; /* Min # of days between changes */
201 long sp_max; /* Max # of days between changes */
202 long sp_warn; /* # of days before password expires
203 to warn user to change it */
204 long sp_inact; /* # of days after password expires
205 until account is disabled */
206 long sp_expire; /* Date when account expires (measured
207 in days since 1970-01-01 00:00:00 +0000 (UTC)) */
208 unsigned long sp_flag; /* Reserved */
213 The functions that return a pointer return NULL if no more entries
214 are available or if an error occurs during processing.
215 The functions which have \fIint\fP as the return value return 0 for
216 success and \-1 for failure.
218 For the nonreentrant functions, the return value may point to static area,
219 and may be overwritten by subsequent calls to these functions.
221 The reentrant functions return zero on success.
222 In case of error, an error number is returned.
226 Supplied buffer is too small.
230 local shadow password database file
239 to the pathname of the shadow password file.
241 The shadow password database and its associated API are
242 not specified in POSIX.1-2001.
243 However, many other systems provide a similar API.