1 .\" Copyright (c) 1988, 1991, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" From: @(#)getpwent.3 8.2 (Berkeley) 12/11/93
33 .\" $FreeBSD: src/lib/libc/gen/getpwent.3,v 1.18 2001/10/01 16:08:51 ru Exp $
35 .Dd September 20, 1994
47 .Nd password database operations
62 .Fa "const char *login"
66 .Fa "const char *login"
67 .Fa "struct passwd *pwd"
70 .Fa "struct passwd **result"
79 .Fa "struct passwd *pwd"
82 .Fa "struct passwd **result"
94 operate on the password database file,
98 Each entry in the database is defined by the structure
100 found in the include file
102 .Bd -literal -offset indent
104 char *pw_name; /* user name */
105 char *pw_passwd; /* encrypted password */
106 uid_t pw_uid; /* user uid */
107 gid_t pw_gid; /* user gid */
108 time_t pw_change; /* password change time */
109 char *pw_class; /* user access class */
110 char *pw_gecos; /* Honeywell login info */
111 char *pw_dir; /* home directory */
112 char *pw_shell; /* default shell */
113 time_t pw_expire; /* account expiration */
114 int pw_fields; /* internal: fields filled in */
122 search the password database for the given login name or user uid,
123 respectively, always returning the first one encountered.
125 All of these routines are thread-safe.
131 routines return a pointer to a result managed by the system library in a
132 thread-specific data structure.
133 Every thread has space for a pointer to a struct passwd and allocates its own storage for the result.
134 Neither previously returned values in memory nor a previously returned pointer value should be used
135 by a thread after calling any one of these three routines.
136 Memory allocated by a thread is automatically released on subsequent calls by the same thread to any of these
137 three routines, and when the thread exits.
143 take additional arguments which supply storage space for the returned result.
146 parameter is a pointer to a struct passwd, which must be allocated by the caller.
149 parameter is a pointer to a block of memory with a size specified by
151 This buffer is used to hold the values which are pointed to by values filled in
155 Zero is returned on success.
156 If insufficient memory is supplied, these routines return ERANGE.
161 sequentially reads the password database and is intended for programs
162 that wish to process the complete list of users.
167 accomplishes two purposes.
170 to ``rewind'' to the beginning of the database.
173 is non-zero, file descriptors are left open, significantly speeding
174 up subsequent accesses for all of the routines.
175 (This latter functionality is unnecessary for
177 as it doesn't close its file descriptors by default.)
179 It is dangerous for long-running programs to keep the file descriptors
180 open, as the database will become out of date if it is updated while the
188 with an argument of zero,
189 save that it does not return a status value.
194 closes any open files.
196 As of Mac OS X 10.3, there are now different per-user behaviours of
197 this function, based on the AuthenticationAuthority value
198 stored for the queried user in DirectoryServices.
200 If the queried user is still a legacy crypt password user or now
201 has an AuthenticationAuthority value containing ``;basic;'',
202 these routines will behave in their standard BSD fashion.
203 These functions will ``shadow'' the password file, e.g.\&
204 allow only certain programs to have access to the encrypted password.
205 If the process which calls them has an effective uid of 0, the encrypted
206 password will be returned, otherwise, the password field of the returned
207 structure will point to the string
210 By default in Mac OS X 10.3 and later all users will have an
211 AuthenticationAuthority with the value ``;ShadowHash;''.
212 These users will have a visible password value of ``********''.
214 will have no access to the encrypted password whatsoever.
216 an user password must be done entirely through the DirectoryService APIs
217 for this default user.
219 There also exists an ``Apple Password Server'' user whose password
220 value is also ``********'' and with an AuthenticationAuthority that
221 contains the value ";ApplePasswordServer;" among other data.
222 There is no getpwnam access to the password for this user either
223 and again set/change password can be done through the DirectoryService API.
225 Finally in support of local user caching there is a local cached user
226 whose password is also ``********'' and has an AuthenticationAuthority
227 value containing ``;LocalCachedUser;'' among other data.
228 These functions also provide no access to the password for this user
229 and set/change password functionality is through the DirectoryService API.
237 return a valid pointer to a passwd structure on success
238 and a null pointer if end-of-file is reached or an error occurs.
241 function returns 0 on failure and 1 on success.
246 functions have no return value.
248 .Bl -tag -width /etc/master.passwd -compact
250 The insecure password database file
252 The secure password database file
253 .It Pa /etc/master.passwd
254 The current password file
256 A Version 7 format password file
259 .Fd #include <sys/types.h>
279 function returns 0 on failure and 1 on success.
295 functions appeared in
302 The historic function
304 which allowed the specification of alternate password databases,
305 has been deprecated and is no longer available.
312 leave their results in internal thread-specific memory and return
313 a pointer to that object.
314 Subsequent calls to any of these three routines by the same thread will
315 release the object and return a new pointer value.