GETPWENT(3) BSD Library Functions Manual GETPWENT(3)
NAME
endpwent, getpwent, getpwnam, getpwnam_r, getpwuid, getpwuid_r, setpassent, setpwent -- password data-base database
base operations
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <pwd.h>
void
endpwent(void);
struct passwd *
getpwent(void);
struct passwd *
getpwnam(const char *login);
int
getpwnam_r(const char *login, struct passwd *pwd, char *buffer, size_t bufsize,
struct passwd **result);
struct passwd *
getpwuid(uid_t uid);
int
getuid_r(uid_t uid, struct passwd *pwd, char *buffer, size_t bufsize, struct passwd **result);
int
setpassent(int stayopen);
void
setpwent(void);
DESCRIPTION
These functions operate on the password database file, which is described in passwd(5). Each entry in
the database is defined by the structure passwd, found in the include file <pwd.h>:
struct passwd {
char *pw_name; /* user name */
char *pw_passwd; /* encrypted password */
uid_t pw_uid; /* user uid */
gid_t pw_gid; /* user gid */
time_t pw_change; /* password change time */
char *pw_class; /* user access class */
char *pw_gecos; /* Honeywell login info */
char *pw_dir; /* home directory */
char *pw_shell; /* default shell */
time_t pw_expire; /* account expiration */
int pw_fields; /* internal: fields filled in */
};
The functions getpwnam() and getpwuid() search the password database for the given login name or user
uid, respectively, always returning the first one encountered.
All of these routines are thread-safe. The getpwent(), getpwnam(), and getpwuid() routines return a
pointer to a result managed by the system library in a thread-specific data structure. Every thread
has space for a pointer to a struct passwd and allocates its own storage for the result. Neither pre-viously previously
viously returned values in memory nor a previously returned pointer value should be used by a thread
after calling any one of these three routines. Memory allocated by a thread is automatically released
on subsequent calls by the same thread to any of these three routines, and when the thread exits.
The functions getpwnam_r() and getpwuid_r() take additional arguments which supply storage space for
the returned result. The pwd parameter is a pointer to a struct passwd, which must be allocated by the
caller. The buffer parameter is a pointer to a block of memory with a size specified by bufsize. This
buffer is used to hold the values which are pointed to by values filled in the pwd structure. Zero is
returned on success. If insufficient memory is supplied, these routines return ERANGE.
The getpwent() function sequentially reads the password database and is intended for programs that wish
to process the complete list of users.
The setpassent() function accomplishes two purposes. First, it causes getpwent() to ``rewind'' to the
beginning of the database. Additionally, if stayopen is non-zero, file descriptors are left open, sig-nificantly significantly
nificantly speeding up subsequent accesses for all of the routines. (This latter functionality is
unnecessary for getpwent(), as it doesn't close its file descriptors by default.)
It is dangerous for long-running programs to keep the file descriptors open, as the database will
become out of date if it is updated while the program is running.
The setpwent() function is identical to setpassent() with an argument of zero, save that it does not
return a status value.
The endpwent() function closes any open files.
As of Mac OS X 10.3, there are now different per-user behaviours of this function, based on the Authen-ticationAuthority AuthenticationAuthority
ticationAuthority value stored for the queried user in DirectoryServices.
If the queried user is still a legacy crypt password user or now has an AuthenticationAuthority value
containing ``;basic;'', these routines will behave in their standard BSD fashion. These functions will
``shadow'' the password file, e.g. allow only certain programs to have access to the encrypted pass-word. password.
word. If the process which calls them has an effective uid of 0, the encrypted password will be
returned, otherwise, the password field of the returned structure will point to the string `*'.
By default in Mac OS X 10.3 and later all users will have an AuthenticationAuthority with the value
``;ShadowHash;''. These users will have a visible password value of ``********''. These functions
will have no access to the encrypted password whatsoever. Setting or changing an user password must be
done entirely through the DirectoryService APIs for this default user.
There also exists an ``Apple Password Server'' user whose password value is also ``********'' and with
an AuthenticationAuthority that contains the value ";ApplePasswordServer;" among other data. There is
no getpwnam access to the password for this user either and again set/change password can be done
through the DirectoryService API.
Finally in support of local user caching there is a local cached user whose password is also
``********'' and has an AuthenticationAuthority value containing ``;LocalCachedUser;'' among other
data. These functions also provide no access to the password for this user and set/change password
functionality is through the DirectoryService API.
RETURN VALUES
The functions getpwent(), getpwnam(), and getpwuid() return a valid pointer to a passwd structure on
success and a null pointer if end-of-file is reached or an error occurs. The setpassent() function
returns 0 on failure and 1 on success. The endpwent() and setpwent() functions have no return value.
FILES
/etc/pwd.db The insecure password database file
/etc/spwd.db The secure password database file
/etc/master.passwd The current password file
/etc/passwd A Version 7 format password file
LEGACY SYNOPSIS
#include <sys/types.h>
#include <pwd.h>
The include file <sys/types.h> is necessary for the getpwent, getpwnam, and getpwuid functions.
int
setpwent(void);
The setpwent() function returns 0 on failure and 1 on success.
SEE ALSO
getlogin(2), getgrent(3), yp(8), passwd(5), pwd_mkdb(8), vipw(8)
HISTORY
The getpwent(), getpwnam(), getpwuid(), setpwent(), and endpwent() functions appeared in Version 7 AT&T
UNIX. The setpassent() function appeared in 4.3BSD-Reno.
COMPATIBILITY
The historic function setpwfile(3), which allowed the specification of alternate password databases,
has been deprecated and is no longer available.
BUGS
The functions getpwent(), getpwnam(), and getpwuid() leave their results in internal thread-specific
memory and return a pointer to that object. Subsequent calls to any of these three routines by the
same thread will release the object and return a new pointer value.
BSD September 20, 1994 BSD
|