[apple/libc.git] / gen / getpwent.3

.\" Copyright (c) 1988, 1991, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"	This product includes software developed by the University of
.\"	California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     From: @(#)getpwent.3	8.2 (Berkeley) 12/11/93
.\" $FreeBSD: src/lib/libc/gen/getpwent.3,v 1.18 2001/10/01 16:08:51 ru Exp $
.\"
.Dd September 20, 1994
.Dt GETPWENT 3
.Os
.Sh NAME
.Nm getpwent ,
.Nm getpwnam ,
.Nm getpwuid ,
.Nm setpassent ,
.Nm setpwent ,
.Nm endpwent
.Nd password database operations
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/types.h
.In pwd.h
.Ft struct passwd *
.Fn getpwent void
.Ft struct passwd *
.Fn getpwnam "const char *login"
.Ft struct passwd *
.Fn getpwuid "uid_t uid"
.Ft int
.Fn setpassent "int  stayopen"
.Ft int
.Fn setpwent void
.Ft void
.Fn endpwent void
.Sh DESCRIPTION
These functions
operate on the password database file
which is described
in
.Xr passwd 5 .
Each entry in the database is defined by the structure
.Ar passwd
found in the include
file
.Aq Pa pwd.h :
.Bd -literal -offset indent
struct passwd {
	char	*pw_name;	/* user name */
	char	*pw_passwd;	/* encrypted password */
	uid_t	pw_uid;		/* user uid */
	gid_t	pw_gid;		/* user gid */
	time_t	pw_change;	/* password change time */
	char	*pw_class;	/* user access class */
	char	*pw_gecos;	/* Honeywell login info */
	char	*pw_dir;	/* home directory */
	char	*pw_shell;	/* default shell */
	time_t	pw_expire;	/* account expiration */
	int	pw_fields;	/* internal: fields filled in */
};
.Ed
.Pp
The functions
.Fn getpwnam
and
.Fn getpwuid
search the password database for the given login name or user uid,
respectively, always returning the first one encountered.
.Pp
The
.Fn getpwent
function
sequentially reads the password database and is intended for programs
that wish to process the complete list of users.
.Pp
The
.Fn setpassent
function
accomplishes two purposes.
First, it causes
.Fn getpwent
to ``rewind'' to the beginning of the database.
Additionally, if
.Fa stayopen
is non-zero, file descriptors are left open, significantly speeding
up subsequent accesses for all of the routines.
(This latter functionality is unnecessary for
.Fn getpwent
as it doesn't close its file descriptors by default.)
.Pp
It is dangerous for long-running programs to keep the file descriptors
open as the database will become out of date if it is updated while the
program is running.
.Pp
The
.Fn setpwent
function
is identical to
.Fn setpassent
with an argument of zero.
.Pp
The
.Fn endpwent
function
closes any open files.
.Pp
As of Mac OS X 10.3, there are now different per-user behaviours of 
this function, based on the AuthenticationAuthority value 
stored for the queried user in DirectoryServices.
.Pp
If the queried user is still a legacy crypt password user or now 
has an AuthenticationAuthority value containing ``;basic;'',
these routines will behave in their standard BSD fashion.
These functions will ``shadow'' the password file, e.g.\&
allow only certain programs to have access to the encrypted password.
If the process which calls them has an effective uid of 0, the encrypted
password will be returned, otherwise, the password field of the returned
structure will point to the string
.Ql * .
.Pp
By default in Mac OS X 10.3 and later all users will have an 
AuthenticationAuthority will contiain the value ``;ShadowHash;''.
These users will have a visible password value of ``********''.
These functions
will have no access to the encrypted password whatsoever.
Setting or changing 
an user password must be done entirely through the DirectoryService APIs 
for this default user.
.Pp
There also exists an ``Apple Password Server'' user whose password 
value is also ``********'' and with an AuthenticationAuthority that 
contains the value ";ApplePasswordServer;" among other data.
There is no getpwnam access to the password for this user either 
and again set/change password can be done through the DirectoryService API.
.Pp
Finally in support of local user caching there is a local cached user 
whose password is also ``********'' and has an AuthenticationAuthority 
value containing ``;LocalCachedUser;'' among other data.
These functions also provide no access to the password for this user 
and set/change password functionality is through the DirectoryService API.
.Pp
.Sh RETURN VALUES
The functions
.Fn getpwent ,
.Fn getpwnam ,
and
.Fn getpwuid ,
return a valid pointer to a passwd structure on success
and a null pointer if end-of-file is reached or an error occurs.
The
.Fn setpassent
and 
.Fn setpwent
functions return 0 on failure and 1 on success.
The
.Fn endpwent
function
has no return value.
.Sh FILES
.Bl -tag -width /etc/master.passwd -compact
.It Pa /etc/pwd.db
The insecure password database file
.It Pa /etc/spwd.db
The secure password database file
.It Pa /etc/master.passwd
The current password file
.It Pa /etc/passwd
A Version 7 format password file
.El
.Sh SEE ALSO
.Xr getlogin 2 ,
.Xr getgrent 3 ,
.Xr yp 4 ,
.Xr passwd 5 ,
.Xr pwd_mkdb 8 ,
.Xr vipw 8
.Sh HISTORY
The
.Fn getpwent ,
.Fn getpwnam ,
.Fn getpwuid ,
.Fn setpwent ,
and
.Fn endpwent
functions appeared in
.At v7 .
The
.Fn setpassent
function appeared in
.Bx 4.3 Reno .
.Sh COMPATIBILITY
The historic function
.Xr setpwfile 3 ,
which allowed the specification of alternate password databases,
has been deprecated and is no longer available.
.Sh BUGS
The functions
.Fn getpwent ,
.Fn getpwnam ,
and
.Fn getpwuid ,
leave their results in an internal static object and return
a pointer to that object.
Subsequent calls to
the same function
will modify the same object.
.Pp
The functions
.Fn getpwent ,
.Fn endpwent ,
.Fn setpassent ,
and
.Fn setpwent
are fairly useless in a networked environment and should be
avoided, if possible.
Commit	Line	Data
5b2abdfb A	1	.\" Copyright (c) 1988, 1991, 1993
	2	.\" The Regents of the University of California. All rights reserved.
	3	.\"
	4	.\" Redistribution and use in source and binary forms, with or without
	5	.\" modification, are permitted provided that the following conditions
	6	.\" are met:
	7	.\" 1. Redistributions of source code must retain the above copyright
	8	.\" notice, this list of conditions and the following disclaimer.
	9	.\" 2. Redistributions in binary form must reproduce the above copyright
	10	.\" notice, this list of conditions and the following disclaimer in the
	11	.\" documentation and/or other materials provided with the distribution.
	12	.\" 3. All advertising materials mentioning features or use of this software
	13	.\" must display the following acknowledgement:
	14	.\" This product includes software developed by the University of
	15	.\" California, Berkeley and its contributors.
	16	.\" 4. Neither the name of the University nor the names of its contributors
	17	.\" may be used to endorse or promote products derived from this software
	18	.\" without specific prior written permission.
	19	.\"
	20	.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
	21	.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	22	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	23	.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
	24	.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	25	.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	26	.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	27	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	28	.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	29	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	30	.\" SUCH DAMAGE.
	31	.\"
	32	.\" From: @(#)getpwent.3 8.2 (Berkeley) 12/11/93
	33	.\" $FreeBSD: src/lib/libc/gen/getpwent.3,v 1.18 2001/10/01 16:08:51 ru Exp $
	34	.\"
	35	.Dd September 20, 1994
	36	.Dt GETPWENT 3
	37	.Os
	38	.Sh NAME
	39	.Nm getpwent ,
	40	.Nm getpwnam ,
	41	.Nm getpwuid ,
	42	.Nm setpassent ,
	43	.Nm setpwent ,
	44	.Nm endpwent
	45	.Nd password database operations
	46	.Sh LIBRARY
	47	.Lb libc
	48	.Sh SYNOPSIS
	49	.In sys/types.h
	50	.In pwd.h
	51	.Ft struct passwd *
	52	.Fn getpwent void
	53	.Ft struct passwd *
	54	.Fn getpwnam "const char *login"
	55	.Ft struct passwd *
	56	.Fn getpwuid "uid_t uid"
	57	.Ft int
	58	.Fn setpassent "int stayopen"
9385eb3d	59	.Ft int
5b2abdfb A	60	.Fn setpwent void
	61	.Ft void
	62	.Fn endpwent void
	63	.Sh DESCRIPTION
	64	These functions
	65	operate on the password database file
	66	which is described
	67	in
	68	.Xr passwd 5 .
	69	Each entry in the database is defined by the structure
	70	.Ar passwd
	71	found in the include
	72	file
	73	.Aq Pa pwd.h :
	74	.Bd -literal -offset indent
	75	struct passwd {
	76	char pw_name; / user name */
	77	char pw_passwd; / encrypted password */
	78	uid_t pw_uid; /* user uid */
	79	gid_t pw_gid; /* user gid */
	80	time_t pw_change; /* password change time */
	81	char pw_class; / user access class */
	82	char pw_gecos; / Honeywell login info */
	83	char pw_dir; / home directory */
	84	char pw_shell; / default shell */
	85	time_t pw_expire; /* account expiration */
	86	int pw_fields; /* internal: fields filled in */
	87	};
	88	.Ed
	89	.Pp
	90	The functions
	91	.Fn getpwnam
	92	and
	93	.Fn getpwuid
	94	search the password database for the given login name or user uid,
	95	respectively, always returning the first one encountered.
	96	.Pp
	97	The
	98	.Fn getpwent
	99	function
	100	sequentially reads the password database and is intended for programs
	101	that wish to process the complete list of users.
	102	.Pp
	103	The
	104	.Fn setpassent
	105	function
	106	accomplishes two purposes.
	107	First, it causes
	108	.Fn getpwent
	109	to ``rewind'' to the beginning of the database.
	110	Additionally, if
	111	.Fa stayopen
	112	is non-zero, file descriptors are left open, significantly speeding
	113	up subsequent accesses for all of the routines.
	114	(This latter functionality is unnecessary for
	115	.Fn getpwent
	116	as it doesn't close its file descriptors by default.)
	117	.Pp
	118	It is dangerous for long-running programs to keep the file descriptors
	119	open as the database will become out of date if it is updated while the
	120	program is running.
	121	.Pp
	122	The
	123	.Fn setpwent
124	function
125	is identical to
126	.Fn setpassent
127	with an argument of zero.
128	.Pp
129	The
130	.Fn endpwent
131	function
132	closes any open files.
133	.Pp
9385eb3d A	134	As of Mac OS X 10.3, there are now different per-user behaviours of
	135	this function, based on the AuthenticationAuthority value
	136	stored for the queried user in DirectoryServices.
	137	.Pp
	138	If the queried user is still a legacy crypt password user or now
	139	has an AuthenticationAuthority value containing ``;basic;'',
	140	these routines will behave in their standard BSD fashion.
	141	These functions will ``shadow'' the password file, e.g.\&
5b2abdfb A	142	allow only certain programs to have access to the encrypted password.
	143	If the process which calls them has an effective uid of 0, the encrypted
	144	password will be returned, otherwise, the password field of the returned
	145	structure will point to the string
	146	.Ql * .
9385eb3d A	147	.Pp
	148	By default in Mac OS X 10.3 and later all users will have an
	149	AuthenticationAuthority will contiain the value ``;ShadowHash;''.
	150	These users will have a visible password value of ``********''.
	151	These functions
	152	will have no access to the encrypted password whatsoever.
	153	Setting or changing
	154	an user password must be done entirely through the DirectoryService APIs
	155	for this default user.
	156	.Pp
	157	There also exists an ``Apple Password Server'' user whose password
	158	value is also ``********'' and with an AuthenticationAuthority that
	159	contains the value ";ApplePasswordServer;" among other data.
	160	There is no getpwnam access to the password for this user either
	161	and again set/change password can be done through the DirectoryService API.
	162	.Pp
	163	Finally in support of local user caching there is a local cached user
	164	whose password is also ``********'' and has an AuthenticationAuthority
	165	value containing ``;LocalCachedUser;'' among other data.
	166	These functions also provide no access to the password for this user
	167	and set/change password functionality is through the DirectoryService API.
	168	.Pp
5b2abdfb A	169	.Sh RETURN VALUES
	170	The functions
	171	.Fn getpwent ,
	172	.Fn getpwnam ,
	173	and
	174	.Fn getpwuid ,
	175	return a valid pointer to a passwd structure on success
	176	and a null pointer if end-of-file is reached or an error occurs.
	177	The
	178	.Fn setpassent
9385eb3d A	179	and
	180	.Fn setpwent
	181	functions return 0 on failure and 1 on success.
5b2abdfb A	182	The
5b2abdfb A	183	.Fn endpwent
9385eb3d A	184	function
9385eb3d A	185	has no return value.
5b2abdfb A	186	.Sh FILES
	187	.Bl -tag -width /etc/master.passwd -compact
	188	.It Pa /etc/pwd.db
	189	The insecure password database file
	190	.It Pa /etc/spwd.db
	191	The secure password database file
	192	.It Pa /etc/master.passwd
	193	The current password file
	194	.It Pa /etc/passwd
	195	A Version 7 format password file
	196	.El
	197	.Sh SEE ALSO
	198	.Xr getlogin 2 ,
	199	.Xr getgrent 3 ,
	200	.Xr yp 4 ,
5b2abdfb A	201	.Xr passwd 5 ,
	202	.Xr pwd_mkdb 8 ,
	203	.Xr vipw 8
	204	.Sh HISTORY
	205	The
	206	.Fn getpwent ,
	207	.Fn getpwnam ,
	208	.Fn getpwuid ,
	209	.Fn setpwent ,
	210	and
	211	.Fn endpwent
	212	functions appeared in
	213	.At v7 .
	214	The
	215	.Fn setpassent
	216	function appeared in
	217	.Bx 4.3 Reno .
	218	.Sh COMPATIBILITY
	219	The historic function
	220	.Xr setpwfile 3 ,
	221	which allowed the specification of alternate password databases,
	222	has been deprecated and is no longer available.
	223	.Sh BUGS
	224	The functions
	225	.Fn getpwent ,
	226	.Fn getpwnam ,
	227	and
	228	.Fn getpwuid ,
	229	leave their results in an internal static object and return
	230	a pointer to that object.
	231	Subsequent calls to
	232	the same function
	233	will modify the same object.
	234	.Pp
	235	The functions
	236	.Fn getpwent ,
	237	.Fn endpwent ,
	238	.Fn setpassent ,
	239	and
	240	.Fn setpwent
	241	are fairly useless in a networked environment and should be
	242	avoided, if possible.