smp_set_pw(S)

smp_set_pw -- verify password and update authentication databases

Syntax

cc . . . -lprot

#include <sys/types.h>
#include <prot.h>

int smp_set_pw(password, checkpw, usrp, pwtriesp, reasonp)
char *password;
char *checkpw;
struct smp_user_info *userp;
int *pwtriesp;
char **reasonp;

Description

smp_set_pw verifies a re-entered password and then updates the authentication databases. This is the last action of a successful password change, and an audit record is written to that effect.

This routine verifies that checkpw, entered by the user, matches the previously entered password specified by password. If the two match, it then encrypts the password, updates the authentication data, sets the last successful password change time, and writes it back into the password and protected password databases. An audit record is written for the password change.

If /bin/yppasswd exists, and is a link to /bin/passwd, /etc/yp/yppwd will be called to update the NIS databases, prior to updating the local databases.

usrp points to an smp_user_info structure which has been created by the previous call to smp_check_user.

If the clear text passwords do not match, the number of retries remaining, pointed to by pwtriesp, is decremented.

reasonp is used with certain return values to store a descriptive message.

Return values

Note that this routine also stores its return value for use in auditing of failures.

SMP_NOMATCH: The passwords specified in password and checkpw did not match.
SMP_EXTFAIL: The password change was not done because the NIS call failed, or another external failure occurred in fetching required authentication information. reasonp points to a character string explaining the cause of the error.
SMP_COMPLETE: The password was updated successfully.
SMP_NOTAUTH: The calling program does not have sufficient privileges to update the protected password database.

Diagnostics

All diagnostics are returned as strings pointed to by the argument reasonp. It is up to the calling program to display these for the user. In each case the return value is also noted.

NIS password change failed: The password could not be updated in the Network Information Service file. SMP_EXTFAIL is returned.
Cannot write protected password entry: The protected password database could not be updated. SMP_EXTFAIL is returned.

Files

/lib/libprot.a: security subsystem library routines
/usr/lib/libp/libprot.a: as above but used for profiling
/usr/include/prot.h: defines the smp_user_info structure
/etc/passwd: password file, see passwd(F)
/tcb/files/auth/?/: protected password database, see prpw(F)
/bin/yppasswd: NIS password command, see yppasswd(NC)
/etc/yp/yppwd: NIS password command

Examples

The following example illustrates the usage of smp_set_pw :

...
    switch (smp_check_user(SMP_LOGIN, gets(line), ttyname(0), 0, &userp,
                              &pwtries, &reason)) {
    ...
    case SMP_PWREQ:
        ...
        for (;;) {
            ...
            put("re-enter password: ");
            switch (smp_set_pw(gets(line), newpw, userp,
                                                  &pwtries, &reason)) {
            case SMP_NOTAUTH:
                echo();
                put("\nnot authorised\n");  /* can't write auth database */
                exit(1);
            case SMP_NOMATCH:
                put("\nno match\n");
                continue;                    /* go around again */
            case SMP_EXTFAIL:
                echo();
                put("\n");
                put(reason);
                put("\n");
                exit(1);
            case SMP_COMPLETE:
                put("\n");
                break;
            }
            break;
        }
loginok:
        put("\n");
        echo();
        break;
    }
...

Standards conformance

smp_set_pw is not part of any currently supported standard; it is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.