|
|
#include <sys/types.h> #include <sys/security.h> #include <sys/audit.h> #include <prot.h>char *getpasswd (prompt, max_size) char *prompt; int max_size;
char *fgetpasswd (prompt, max_size, file_in, file_out) char *prompt; int max_size; FILE *file_in; FILE *file_out;
char *bigcrypt (cleartext, salt) char *cleartext; char *salt;
char *bigcryptmax (cleartext, salt) char *cleartext; char *salt;
The getpasswd routine, when given a non-NULL and null-terminated prompt, reads up to a newline or an EOF from the file /dev/tty, after prompting on the standard error output with prompt and disabling echoing.
fgetpasswd gets or clears a password from a device file. Set max_size to AUTH_MAX_PASSWD_LENGTH, defined in <prot.h>. If file_in is null, information is taken from /dev/tty; if file_out is null, information is written to stderr. The value in prompt is written to file_out. A \n character is inserted at the end of the string written to file_out. A pointer is returned to the cleartext static area.
The bigcrypt routine is used in the same way as crypt(S) to encrypt passwords of any length, including passwords longer than eight characters. bigcrypt utilizes the setting of the u_pwseg in /etc/auth/system/default, truncating the cleartext password to the number of characters derived from u_pwseg. getprpwent(S) correspondingly truncates the encrypted password string (u_pwd) in the protected password entry, so that a comparison of the value returned by bigcrypt succeed if the password would have matched on the first (u_pwseg * 8) cleartext characters.
For the purposes of checking passwords, this is transparent to the application. To provide backward compatibility to applications and allow u_pwseg to be reduced and then increased again without losing information, it is important that the stored encrypted password (set using putprpwnam(S) when the password is changed) not be truncated.
So that the sequence of getprpwent, putprpwnam does not truncate the stored password when u_pwseg is smaller than the password in the entry, the operating system stores the original stored value of u_pwd. putprpwnam restores u_pwd to this saved value if the new value matches the truncated saved value.
bigcryptmax is the same as bigcrypt except that in bigcryptmax u_pwseg is ignored. This routine is used only when a new longer password is set in the protected password entry. Use bigcrypt for checking existing passwords.
The bigcrypt routine returns an encrypted password.
The return value for getpasswd and fgetpasswd points to static data whose content is overwritten by each call to getpasswd or fgetpasswd. Therefore, the information should be copied if it needs to be saved or used later. As soon as that password is no longer needed, getpasswd or fgetpasswd should again be invoked with a NULL prompt string. This clears the password in the static area so that there is no chance of ``dirty memory'' revealing passwords later on.