Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

shadow(3) [redhat man page]

SHADOW(3)						     Library Functions Manual							 SHADOW(3)

NAME

       shadow - encrypted password file routines

SYNTAX

       #include <shadow.h>

       struct spwd *getspent();

       struct spwd *getspnam(char *name);

       void setspent();

       void endspent();

       struct spwd *fgetspent(FILE *fp);

       struct spwd *sgetspent(char *cp);

       int putspent(struct spwd *p, FILE *fp);

       int lckpwdf();

       int ulckpwdf();

DESCRIPTION

       shadow manipulates the contents of the shadow password file, /etc/shadow.  The structure in the #include file is

       struct spwd {
		 char *sp_namp; /* user login name */
		 char *sp_pwdp; /* encrypted password */
		 long sp_lstchg; /* last password change */
		 int  sp_min; /* days until change allowed. */
		 int  sp_max; /* days before change required */
		 int  sp_warn; /* days warning for expiration */
		 int  sp_inact; /* days before account inactive */
		 int  sp_expire; /* date when account expires */
		 int  sp_flag; /* reserved for future use */
       }

       The meanings of each field are

       sp_namp - pointer to null-terminated user name.
       sp_pwdp - pointer to null-terminated password.
       sp_lstchg - days since Jan 1, 1970 password was last changed.
       sp_min - days before which password may not be changed.
       sp_max - days after which password must be changed.
       sp_warn - days before password is to expire that user is warned of pending password expiration.
       sp_inact - days after password expires that account is considered inactive and disabled.
       sp_expire - days since Jan 1, 1970 when account will be disabled.
       sp_flag - reserved for future use.

DESCRIPTION

       getspent,  getspname,  fgetspent, and sgetspent each return a pointer to a struct spwd.	getspent returns the next entry from the file, and
       fgetspent returns the next entry from the given stream, which is assumed to be a file of the proper format.  sgetspent returns a pointer to
       a struct spwd using the provided string as input.  getspnam searches from the current position in the file for an entry matching name.

       setspent and endspent may be used to begin and end, respectively, access to the shadow password file.

       The  lckpwdf  and  ulckpwdf routines should be used to insure exclusive access to the /etc/shadow file.	lckpwdf attempts to acquire a lock
       using pw_lock for up to 15 seconds.  It continues by attempting to acquire a second lock using spw_lock for the remainder of the initial 15
       seconds.  Should either attempt fail after a total of 15 seconds, lckpwdf returns -1.  When both locks are acquired 0 is returned.

DIAGNOSTICS

       Routines return NULL if no more entries are available or if an error occurs during processing.  Routines which have int as the return value
       return 0 for success and -1 for failure.

CAVEATS

       These routines may only be used by the super user as access to the shadow password file is restricted.

FILES

       /etc/shadow - encrypted user passwords

SEE ALSO

       getpwent(3), shadow(5)

AUTHOR

       Julianne Frances Haugh (jockgrrl@ix.netcom.com)

																	 SHADOW(3)

Check Out this Related Man Page

GETSPNAM(3)						     Linux Programmer's Manual						       GETSPNAM(3)

NAME

       getspnam, getspnam_r, getspent, getspent_r, setspent, endspent, fgetspent, fgetspent_r, sgetspent, sgetspent_r, putspent, lckpwdf, ulckpwdf
       - get shadow password file entry

SYNOPSIS

       /* General shadow password file API */
       #include <shadow.h>

       struct spwd *getspnam(const char *name);

       struct spwd *getspent(void);

       void setspent(void);

       void endspent(void);

       struct spwd *fgetspent(FILE *fp);

       struct spwd *sgetspent(const char *s);

       int putspent(struct spwd *p, FILE *fp);

       int lckpwdf(void);

       int ulckpwdf(void);

       /* GNU extension */
       #include <shadow.h>

       int getspent_r(struct spwd *spbuf,
	       char *buf, size_t buflen, struct spwd **spbufp);

       int getspnam_r(const char *name, struct spwd *spbuf,
	       char *buf, size_t buflen, struct spwd **spbufp);

       int fgetspent_r(FILE *fp, struct spwd *spbuf,
	       char *buf, size_t buflen, struct spwd **spbufp);

       int sgetspent_r(const char *s, struct spwd *spbuf,
	       char *buf, size_t buflen, struct spwd **spbufp);

   Feature Test Macro Requirements for glibc (see feature_test_macros(7)):

       getspent_r(), getspnam_r(), fgetspent_r(), sgetspent_r():
	   _BSD_SOURCE || _SVID_SOURCE

DESCRIPTION

       Long ago it was considered safe to have encrypted passwords openly visible in the password file.  When computers got faster and people  got
       more  security-conscious,  this	was  no  longer  acceptable.   Julianne Frances Haugh implemented the shadow password suite that keeps the
       encrypted passwords in the shadow password database (e.g., the local shadow password file /etc/shadow, NIS, and	LDAP),	readable  only	by
       root.

       The functions described below resemble those for the traditional password database (e.g., see getpwnam(3) and getpwent(3)).

       The  getspnam()	function  returns  a pointer to a structure containing the broken-out fields of the record in the shadow password database
       that matches the username name.

       The getspent() function returns a pointer to the next entry in the shadow password database.  The position in the input stream is  initial-
       ized by setspent().  When done reading, the program may call endspent() so that resources can be deallocated.

       The fgetspent() function is similar to getspent() but uses the supplied stream instead of the one implicitly opened by setspent().

       The sgetspent() function parses the supplied string s into a struct spwd.

       The  putspent() function writes the contents of the supplied struct spwd *p as a text line in the shadow password file format to the stream
       fp.  String entries with value NULL and numerical entries with value -1 are written as an empty string.

       The lckpwdf() function is intended to protect against multiple simultaneous accesses of the shadow password database.  It tries to  acquire
       a lock, and returns 0 on success, or -1 on failure (lock not obtained within 15 seconds).  The ulckpwdf() function releases the lock again.
       Note that there is no protection against direct access of the shadow password file.  Only programs that use lckpwdf() will notice the lock.

       These were the functions that formed the original shadow API.  They are widely available.

   Reentrant versions
       Analogous to the reentrant functions for the password database, glibc also has reentrant functions for the shadow password  database.   The
       getspnam_r()  function is like getspnam() but stores the retrieved shadow password structure in the space pointed to by spbuf.  This shadow
       password structure contains pointers to strings, and these strings are stored in the buffer buf of size buflen.	A pointer  to  the  result
       (in case of success) or NULL (in case no entry was found or an error occurred) is stored in *spbufp.

       The functions getspent_r(), fgetspent_r(), and sgetspent_r() are similarly analogous to their nonreentrant counterparts.

       Some non-glibc systems also have functions with these names, often with different prototypes.

   Structure
       The shadow password structure is defined in <shadow.h> as follows:

	   struct spwd {
	       char *sp_namp;	  /* Login name */
	       char *sp_pwdp;	  /* Encrypted password */
	       long  sp_lstchg;   /* Date of last change (measured
				     in days since 1970-01-01 00:00:00 +0000 (UTC)) */
	       long  sp_min;	  /* Min # of days between changes */
	       long  sp_max;	  /* Max # of days between changes */
	       long  sp_warn;	  /* # of days before password expires
				     to warn user to change it */
	       long  sp_inact;	  /* # of days after password expires
				     until account is disabled */
	       long  sp_expire;   /* Date when account expires (measured
				     in days since 1970-01-01 00:00:00 +0000 (UTC)) */
	       unsigned long sp_flag;  /* Reserved */
	   };

RETURN VALUE

       The  functions  that  return a pointer return NULL if no more entries are available or if an error occurs during processing.  The functions
       which have int as the return value return 0 for success and -1 for failure.

       For the nonreentrant functions, the return value may point to static area, and may be overwritten by subsequent calls to these functions.

       The reentrant functions return zero on success.	In case of error, an error number is returned.

ERRORS

       ERANGE Supplied buffer is too small.

FILES

       /etc/shadow
	      local shadow password database file

       /etc/.pwd.lock
	      lock file

       The include file <paths.h> defines the constant _PATH_SHADOW to the pathname of the shadow password file.

CONFORMING TO

       The shadow password database and its associated API are not specified in POSIX.1-2001.  However, many other systems provide a similar API.

SEE ALSO

       getgrnam(3), getpwnam(3), getpwnam_r(3), shadow(5)

COLOPHON

       This page is part of release 3.27 of the Linux man-pages project.  A description of the project, and information about reporting bugs,  can
       be found at http://www.kernel.org/doc/man-pages/.

GNU
								    2010-02-25							       GETSPNAM(3)
Man Page