Standard C Library (libc, -lc)
SYNOPSIS
#include <sys/types.h>
#include <pwd.h>
struct passwd *
getpwent(void);
struct passwd *
getpwnam(const char *login);
struct passwd *
getpwuid(uid_t uid);
int
setpassent(int stayopen);
int
setpwent(void);
void
endpwent(void);
DESCRIPTION
These functions operate on the password database file which is described
in passwd(5). Each entry in the database is defined by the structure
passwd found in the include file <pwd.h>:
struct passwd {
char *pw_name; /* user name */
char *pw_passwd; /* encrypted password */
uid_t pw_uid; /* user uid */
gid_t pw_gid; /* user gid */
time_t pw_change; /* password change time */
char *pw_class; /* user access class */
char *pw_gecos; /* Honeywell login info */
char *pw_dir; /* home directory */
char *pw_shell; /* default shell */
time_t pw_expire; /* account expiration */
int pw_fields; /* internal: fields filled in */
};
The functions getpwnam() and getpwuid() search the password database for
the given login name or user uid, respectively, always returning the
first one encountered.
The getpwent() function sequentially reads the password database and is
intended for programs that wish to process the complete list of users.
The setpassent() function accomplishes two purposes. First, it causes
getpwent() to ``rewind'' to the beginning of the database. Additionally,
As of Mac OS X 10.3, there are now different per-user behaviours of this
function, based on the AuthenticationAuthority value stored for the
queried user in DirectoryServices.
If the queried user is still a legacy crypt password user or now has an
AuthenticationAuthority value containing ``;basic;'', these routines will
behave in their standard BSD fashion. These functions will ``shadow''
the password file, e.g. allow only certain programs to have access to the
encrypted password. If the process which calls them has an effective uid
of 0, the encrypted password will be returned, otherwise, the password
field of the returned structure will point to the string `*'.
By default in Mac OS X 10.3 and later all users will have an Authentica-
tionAuthority with the value ``;ShadowHash;''. These users will have a
visible password value of ``********''. These functions will have no
access to the encrypted password whatsoever. Setting or changing an user
password must be done entirely through the DirectoryService APIs for this
default user.
There also exists an ``Apple Password Server'' user whose password value
is also ``********'' and with an AuthenticationAuthority that contains
the value ";ApplePasswordServer;" among other data. There is no getpwnam
access to the password for this user either and again set/change password
can be done through the DirectoryService API.
Finally in support of local user caching there is a local cached user
whose password is also ``********'' and has an AuthenticationAuthority
value containing ``;LocalCachedUser;'' among other data. These functions
also provide no access to the password for this user and set/change pass-
word functionality is through the DirectoryService API.
RETURN VALUES
The functions getpwent(), getpwnam(), and getpwuid(), return a valid
pointer to a passwd structure on success and a null pointer if end-of-
file is reached or an error occurs. The setpassent() and setpwent()
functions return 0 on failure and 1 on success. The endpwent() function
has no return value.
FILES
/etc/pwd.db The insecure password database file
/etc/spwd.db The secure password database file
/etc/master.passwd The current password file
/etc/passwd A Version 7 format password file
SEE ALSO
getlogin(2), getgrent(3), yp(4), passwd(5), pwd_mkdb(8), vipw(8)
HISTORY
The getpwent(), getpwnam(), getpwuid(), setpwent(), and endpwent() func-
tions appeared in Version 7 AT&T UNIX. The setpassent() function
appeared in 4.3BSD-Reno.
BSD September 20, 1994 BSD
Man(1) output converted with
man2html