Libinfo-278.tar.gz

[apple/libinfo.git] / lookup.subproj / getpwent.3

.\" Copyright (c) 1988, 1991, 1993
.\"     The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"     This product includes software developed by the University of
.\"     California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     From: @(#)getpwent.3    8.2 (Berkeley) 12/11/93
.\" $FreeBSD: src/lib/libc/gen/getpwent.3,v 1.18 2001/10/01 16:08:51 ru Exp $
.\"
.Dd September 20, 1994
.Dt GETPWENT 3
.Os
.Sh NAME
.Nm endpwent ,
.Nm getpwent ,
.Nm getpwnam ,
.Nm getpwnam_r ,
.Nm getpwuid ,
.Nm getpwuid_r ,
.Nm setpassent ,
.Nm setpwent
.Nd password database operations
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In pwd.h
.Ft void
.Fo endpwent
.Fa void
.Fc
.Ft struct passwd *
.Fo getpwent
.Fa void
.Fc
.Ft struct passwd *
.Fo getpwnam
.Fa "const char *login"
.Fc
.Ft int
.Fo getpwnam_r
.Fa "const char *login"
.Fa "struct passwd *pwd"
.Fa "char *buffer"
.Fa "size_t bufsize"
.Fa "struct passwd **result"
.Fc
.Ft struct passwd *
.Fo getpwuid
.Fa "uid_t uid"
.Fc
.Ft int
.Fo getuid_r
.Fa "uid_t uid"
.Fa "struct passwd *pwd"
.Fa "char *buffer"
.Fa "size_t bufsize"
.Fa "struct passwd **result"
.Fc
.Ft int
.Fo setpassent
.Fa "int stayopen"
.Fc
.Ft void
.Fo setpwent
.Fa void
.Fc
.Sh DESCRIPTION
These functions
operate on the password database file,
which is described
in
.Xr passwd 5 .
Each entry in the database is defined by the structure
.Ar passwd ,
found in the include file
.Aq Pa pwd.h :
.Bd -literal -offset indent
struct passwd {
        char    *pw_name;       /* user name */
        char    *pw_passwd;     /* encrypted password */
        uid_t   pw_uid;         /* user uid */
        gid_t   pw_gid;         /* user gid */
        time_t  pw_change;      /* password change time */
        char    *pw_class;      /* user access class */
        char    *pw_gecos;      /* Honeywell login info */
        char    *pw_dir;        /* home directory */
        char    *pw_shell;      /* default shell */
        time_t  pw_expire;      /* account expiration */
        int     pw_fields;      /* internal: fields filled in */
};
.Ed
.Pp
The functions
.Fn getpwnam
and
.Fn getpwuid
search the password database for the given login name or user uid,
respectively, always returning the first one encountered.
.Pp
All of these routines are thread-safe.
The
.Fn getpwent ,
.Fn getpwnam ,
and
.Fn getpwuid
routines return a pointer to a result managed by the system library in a
thread-specific data structure.
Every thread has space for a pointer to a struct passwd and allocates its own storage for the result.
Neither previously returned values in memory nor a previously returned pointer value should be used
by a thread after calling any one of these three routines.
Memory allocated by a thread is automatically released on subsequent calls by the same thread to any of these
three routines, and when the thread exits.
.Pp
The functions
.Fn getpwnam_r
and
.Fn getpwuid_r
take additional arguments which supply storage space for the returned result.
The
.Fa pwd
parameter is a pointer to a struct passwd, which must be allocated by the caller.
The 
.Fa buffer
parameter is a pointer to a block of memory with a size specified by
.Pa bufsize .
This buffer is used to hold the values which are pointed to by values filled in
the
.Fa pwd
structure.
Zero is returned on success.
If insufficient memory is supplied, these routines return ERANGE.
.Pp
The
.Fn getpwent
function
sequentially reads the password database and is intended for programs
that wish to process the complete list of users.
.Pp
The
.Fn setpassent
function
accomplishes two purposes.
First, it causes
.Fn getpwent
to ``rewind'' to the beginning of the database.
Additionally, if
.Fa stayopen
is non-zero, file descriptors are left open, significantly speeding
up subsequent accesses for all of the routines.
(This latter functionality is unnecessary for
.Fn getpwent ,
as it doesn't close its file descriptors by default.)
.Pp
It is dangerous for long-running programs to keep the file descriptors
open, as the database will become out of date if it is updated while the
program is running.
.Pp
The
.Fn setpwent
function
is identical to
.Fn setpassent
with an argument of zero,
save that it does not return a status value.
.Pp
The
.Fn endpwent
function
closes any open files.
.Pp
As of Mac OS X 10.3, there are now different per-user behaviours of 
this function, based on the AuthenticationAuthority value 
stored for the queried user in DirectoryServices.
.Pp
If the queried user is still a legacy crypt password user or now 
has an AuthenticationAuthority value containing ``;basic;'',
these routines will behave in their standard BSD fashion.
These functions will ``shadow'' the password file, e.g.\&
allow only certain programs to have access to the encrypted password.
If the process which calls them has an effective uid of 0, the encrypted
password will be returned, otherwise, the password field of the returned
structure will point to the string
.Ql * .
.Pp
By default in Mac OS X 10.3 and later all users will have an 
AuthenticationAuthority with the value ``;ShadowHash;''.
These users will have a visible password value of ``********''.
These functions
will have no access to the encrypted password whatsoever.
Setting or changing 
an user password must be done entirely through the DirectoryService APIs 
for this default user.
.Pp
There also exists an ``Apple Password Server'' user whose password 
value is also ``********'' and with an AuthenticationAuthority that 
contains the value ";ApplePasswordServer;" among other data.
There is no getpwnam access to the password for this user either 
and again set/change password can be done through the DirectoryService API.
.Pp
Finally in support of local user caching there is a local cached user 
whose password is also ``********'' and has an AuthenticationAuthority 
value containing ``;LocalCachedUser;'' among other data.
These functions also provide no access to the password for this user 
and set/change password functionality is through the DirectoryService API.
.Pp
.Sh RETURN VALUES
The functions
.Fn getpwent ,
.Fn getpwnam ,
and
.Fn getpwuid
return a valid pointer to a passwd structure on success
and a null pointer if end-of-file is reached or an error occurs.
The
.Fn setpassent
function returns 0 on failure and 1 on success.
The
.Fn endpwent
and
.Fn setpwent
functions have no return value.
.Sh FILES
.Bl -tag -width /etc/master.passwd -compact
.It Pa /etc/pwd.db
The insecure password database file
.It Pa /etc/spwd.db
The secure password database file
.It Pa /etc/master.passwd
The current password file
.It Pa /etc/passwd
A Version 7 format password file
.El
.Sh LEGACY SYNOPSIS
.Fd #include <sys/types.h>
.Fd #include <pwd.h>
.Pp
The include file
.In sys/types.h
is necessary for the
.Fa getpwent ,
.Fa getpwnam ,
and
.Fa getpwuid
functions.
.Pp
.Ft int
.br
.Fo setpwent
.Fa void
.Fc ;
.Pp
The
.Fn setpwent
function returns 0 on failure and 1 on success.
.Sh SEE ALSO
.Xr getlogin 2 ,
.Xr getgrent 3 ,
.Xr yp 8 ,
.Xr passwd 5 ,
.Xr pwd_mkdb 8 ,
.Xr vipw 8
.Sh HISTORY
The
.Fn getpwent ,
.Fn getpwnam ,
.Fn getpwuid ,
.Fn setpwent ,
and
.Fn endpwent
functions appeared in
.At v7 .
The
.Fn setpassent
function appeared in
.Bx 4.3 Reno .
.Sh COMPATIBILITY
The historic function
.Xr setpwfile 3 ,
which allowed the specification of alternate password databases,
has been deprecated and is no longer available.
.Sh BUGS
The functions
.Fn getpwent ,
.Fn getpwnam ,
and
.Fn getpwuid
leave their results in internal thread-specific memory and return
a pointer to that object.
Subsequent calls to any of these three routines by the same thread will
release the object and return a new pointer value.