lib/libutil/pw_init.3 at jcs · jcs.org/openbsd-src

jcs.org / openbsd-src
fork atom
jcs's openbsd hax
openbsd
fork atom
openbsd-src / lib / libutil / pw_init.3
at jcs 219 lines 6.0 kB view raw
wrap content
schwarze .Lb libutil ; OK tedu@ 10mo ago
a2f4fefd
  1.\"	$OpenBSD: pw_init.3,v 1.16 2025/06/06 22:01:40 schwarze Exp $
  2.\"
  3.\" Copyright (c) 1995
  4.\"	The Regents of the University of California.  All rights reserved.
  5.\"
  6.\" This code is derived from software developed by the Computer Systems
  7.\" Engineering group at Lawrence Berkeley Laboratory under DARPA contract
  8.\" BG 91-66 and contributed to Berkeley.
  9.\"
 10.\" Redistribution and use in source and binary forms, with or without
 11.\" modification, are permitted provided that the following conditions
 12.\" are met:
 13.\" 1. Redistributions of source code must retain the above copyright
 14.\"    notice, this list of conditions and the following disclaimer.
 15.\" 2. Redistributions in binary form must reproduce the above copyright
 16.\"    notice, this list of conditions and the following disclaimer in the
 17.\"    documentation and/or other materials provided with the distribution.
 18.\" 3. Neither the name of the University nor the names of its contributors
 19.\"    may be used to endorse or promote products derived from this software
 20.\"    without specific prior written permission.
 21.\"
 22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 25.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 32.\" SUCH DAMAGE.
 33.\"
 34.Dd $Mdocdate: June 6 2025 $
 35.Dt PW_INIT 3
 36.Os
 37.Sh NAME
 38.Nm pw_init ,
 39.Nm pw_setdir ,
 40.Nm pw_file ,
 41.Nm pw_edit ,
 42.Nm pw_prompt ,
 43.Nm pw_copy ,
 44.Nm pw_scan ,
 45.Nm pw_error
 46.Nd utility functions for interactive passwd file updates
 47.Sh SYNOPSIS
 48.Lb libutil
 49.In pwd.h
 50.In util.h
 51.Ft void
 52.Fn pw_init void
 53.Ft void
 54.Fn pw_setdir "const char *directory"
 55.Ft char *
 56.Fn pw_file "const char *filename"
 57.Ft void
 58.Fn pw_edit "int notsetuid" "const char *filename"
 59.Ft void
 60.Fn pw_prompt void
 61.Ft void
 62.Fn pw_copy "int ffd" "int tfd" "const struct passwd *pw" "const struct passwd *opw"
 63.Ft int
 64.Fn pw_scan "char *bp" "struct passwd *pw" "int *flags"
 65.Ft void
 66.Fn pw_error "const char *name" "int err" "int eval"
 67.Sh DESCRIPTION
 68These functions are designed as conveniences for interactive programs
 69which update the passwd file and do nothing else.
 70They generally
 71handle errors by printing out a message to the standard error stream
 72and possibly aborting the process.
 73.Pp
 74The
 75.Fn pw_init
 76function prepares for a passwd update by unlimiting all resource
 77constraints, disabling core dumps (thus preventing dumping the
 78contents of the passwd database into a world-readable file), and
 79disabling most signals.
 80.Pp
 81The
 82.Fn pw_setdir
 83function sets an alternative directory where the rest of the functions look
 84for password-related files.
 85Use this if you are writing utilities that should
 86be able to handle password files outside of
 87.Pa /etc .
 88.Pp
 89The
 90.Fn pw_file
 91function transforms filenames so that they end up in the directory specified
 92to the latest
 93.Fn pw_setdir
 94call.
 95The rule is that all directories are stripped of the given name and
 96only the filename is appended to the directory.
 97.Pp
 98The
 99.Fn pw_edit
100function runs an editor (named by the environment variable EDITOR, or
101.Pa /usr/bin/vi
102if EDITOR is not set) on the file
103.Fa filename
104(or
105.Pa /etc/ptmp
106if
107.Fa filename
108is NULL).
109If
110.Fa notsetuid
111is nonzero,
112.Fn pw_edit
113will set the effective user and group ID to the real user and group ID
114before running the editor.
115.Pp
116The
117.Fn pw_prompt
118function asks the user whether they want to re-edit the password
119file; if the answer is no,
120.Fn pw_prompt
121deletes the lock file and exits the process.
122.Pp
123The
124.Fn pw_copy
125function reads a passwd file from
126.Fa ffd
127and writes it to
128.Fa tfd ,
129updating the entry corresponding to pw-\*(Gtpw_name
130with the information in
131.Fa pw .
132If
133.Fa opw
134is not NULL, opw-\*(Gtpw_name will be used for matching instead.
135Additionally, if the existing entry does not match
136.Fa opw ,
137the operation is aborted.
138The use of
139.Fa opw
140allows the caller to change the user name in an entry as well as
141guarantee that the entry being replaced has not changed in the
142meantime.
143.Pp
144The
145.Fn pw_scan
146function accepts in
147.Fa bp
148a passwd entry as it would be represented in
149.Pa /etc/master.passwd
150and fills in
151.Fa pw
152with corresponding values; string fields in
153.Fa pw
154will be pointers into
155.Fa bp .
156Some characters in
157.Fa bp
158will be overwritten with 0s in order to terminate the strings pointed
159to by
160.Fa pw .
161If
162.Fa flags
163is non-null, it is filled in with the following flags:
164.Bl -tag -width _PASSWORD_NOGIDxxx
165.It Dv _PASSWORD_NOUID
166The uid field of
167.Fa bp
168is empty.
169.It Dv _PASSWORD_NOGID
170The gid field of
171.Fa bp
172is empty.
173.It Dv _PASSWD_NOCHG
174The change field of
175.Fa bp
176is empty.
177.It Dv _PASSWD_NOEXP
178The expire field of
179.Fa bp
180is empty.
181.El
182.Pp
183The
184.Fn pw_error
185function displays an error message, aborts the current passwd update,
186and exits the current process.
187If
188.Fa err
189is non-zero, a warning message beginning with
190.Fa name
191is printed for the current value of
192.Va errno .
193The process exits with status
194.Fa eval .
195.Sh RETURN VALUES
196The
197.Fn pw_scan
198function prints a warning message and returns 0 if the string in the
199.Fa bp
200argument is not a valid passwd string.
201Otherwise,
202.Fn pw_scan
203returns 1.
204.Sh FILES
205.Bl -tag -width "/etc/master.passwdXXX" -compact
206.It Pa /etc/master.passwd
207Current password file.
208.It Pa /etc/passwd
209Legacy password file.
210.It Pa /etc/ptmp
211Password lock file.
212.It Pa /etc/pwd.db
213Insecure password database file.
214.It Pa /etc/spwd.db
215Secure password database file.
216.El
217.Sh SEE ALSO
218.Xr pw_lock 3 ,
219.Xr passwd 5