AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-16 01:50:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
5cd7dbdea1
glibc/shadow/shadow.h
Zack Weinberg 841785bad1 manual: Revise crypt.texi. 
This is a major rewrite of the description of 'crypt', 'getentropy',
and 'getrandom'.

A few highlights of the content changes:

 - Throughout the manual, public headers, and user-visible messages,
   I replaced the term "password" with "passphrase", the term
   "password database" with "user database", and the term
   "encrypt(ion)" with "(one-way) hashing" whenever it was applied to
   passphrases.  I didn't bother making this change in internal code
   or tests.  The use of the term "password" in ruserpass.c survives,
   because that refers to a keyword in netrc files, but it is adjusted
   to make this clearer.

   There is a note in crypt.texi explaining that they were
   traditionally called passwords but single words are not good enough
   anymore, and a note in users.texi explaining that actual passphrase
   hashes are found in a "shadow" database nowadays.

 - There is a new short introduction to the "Cryptographic Functions"
   section, explaining how we do not intend to be a general-purpose
   cryptography library, and cautioning that there _are_, or have
   been, legal restrictions on the use of cryptography in many
   countries, without getting into any kind of detail that we can't
   promise to keep up to date.

 - I added more detail about what a "one-way function" is, and why
   they are used to obscure passphrases for storage.  I removed the
   paragraph saying that systems not connected to a network need no
   user authentication, because that's a pretty rare situation
   nowadays.  (It still says "sometimes it is necessary" to
   authenticate the user, though.)

 - I added documentation for all of the hash functions that glibc
   actually supports, but not for the additional hash functions
   supported by libxcrypt.  If we're going to keep this manual section
   around after the transition is more advanced, it would probably
   make sense to add them then.

 - There is much more detailed discussion of how to generate a salt,
   and the failure behavior for crypt is documented.  (Returning an
   invalid hash on failure is what libxcrypt does; Solar Designer's
   notes say that this was done "for compatibility with old programs
   that assume crypt can never fail".)

 - As far as I can tell, the header 'crypt.h' is entirely a GNU
   invention, and never existed on any other Unix lineage.  The
   function 'crypt', however, was in Issue 1 of the SVID and is now
   in the XSI component of POSIX.  I tried to make all of the
   @standards annotations consistent with this, but I'm not sure I got
   them perfectly right.

 - The genpass.c example has been improved to use getentropy instead
   of the current time to generate the salt, and to use a SHA-256 hash
   instead of MD5. It uses more random bytes than is strictly
   necessary because I didn't want to complicate the code with proper
   base64 encoding.

 - The testpass.c example has three hardwired hashes now, to
   demonstrate that different one-way functions produce different
   hashes for the same input.  It also demonstrates how DES hashing
   only pays attention to the first eight characters of the input.

 - There is new text explaining in more detail how a CSPRNG differs
   from a regular random number generator, and how
   getentropy/getrandom are not exactly a CSPRNG.  I tried not to make
   specific falsifiable claims here.  I also tried to make the
   blocking/cancellation/error behavior of both getentropy and
   getrandom clearer.
2018-06-29 16:53:37 +02:00

153 lines
5.3 KiB
C
Raw Blame History

/* Copyright (C) 1996-2018 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
/* Declaration of types and functions for "shadow" storage of hashed
passphrases. The shadow database is like the user database, but is
only accessible with special privileges, so that malicious users
cannot retrieve everyone else's hashed passphrase to brute-force at
their convenience. */
#ifndef _SHADOW_H
#define _SHADOW_H 1
#include <features.h>
#include <paths.h>
#define __need_size_t
#include <stddef.h>
#include <bits/types/FILE.h>
/* Paths to the user database files. */
#define SHADOW _PATH_SHADOW
__BEGIN_DECLS
/* A record in the shadow database. */
struct spwd
{
char *sp_namp; /* Login name. */
char *sp_pwdp; /* Hashed passphrase. */
long int sp_lstchg; /* Date of last change. */
long int sp_min; /* Minimum number of days between changes. */
long int sp_max; /* Maximum number of days between changes. */
long int sp_warn; /* Number of days to warn user to change
the password. */
long int sp_inact; /* Number of days the account may be
inactive. */
long int sp_expire; /* Number of days since 1970-01-01 until
account expires. */
unsigned long int sp_flag; /* Reserved. */
};
/* Open database for reading.
This function is not part of POSIX and therefore no official
cancellation point. But due to similarity with an POSIX interface
or due to the implementation it is a cancellation point and
therefore not marked with __THROW. */
extern void setspent (void);
/* Close database.
This function is not part of POSIX and therefore no official
cancellation point. But due to similarity with an POSIX interface
or due to the implementation it is a cancellation point and
therefore not marked with __THROW. */
extern void endspent (void);
/* Get next entry from database, perhaps after opening the file.
This function is not part of POSIX and therefore no official
cancellation point. But due to similarity with an POSIX interface
or due to the implementation it is a cancellation point and
therefore not marked with __THROW. */
extern struct spwd *getspent (void);
/* Get shadow entry matching NAME.
This function is not part of POSIX and therefore no official
cancellation point. But due to similarity with an POSIX interface
or due to the implementation it is a cancellation point and
therefore not marked with __THROW. */
extern struct spwd *getspnam (const char *__name);
/* Read shadow entry from STRING.
This function is not part of POSIX and therefore no official
cancellation point. But due to similarity with an POSIX interface
or due to the implementation it is a cancellation point and
therefore not marked with __THROW. */
extern struct spwd *sgetspent (const char *__string);
/* Read next shadow entry from STREAM.
This function is not part of POSIX and therefore no official
cancellation point. But due to similarity with an POSIX interface
or due to the implementation it is a cancellation point and
therefore not marked with __THROW. */
extern struct spwd *fgetspent (FILE *__stream);
/* Write line containing shadow entry to stream.
This function is not part of POSIX and therefore no official
cancellation point. But due to similarity with an POSIX interface
or due to the implementation it is a cancellation point and
therefore not marked with __THROW. */
extern int putspent (const struct spwd *__p, FILE *__stream);
#ifdef __USE_MISC
/* Reentrant versions of some of the functions above.
These functions are not part of POSIX and therefore no official
cancellation point. But due to similarity with an POSIX interface
or due to the implementation they are cancellation points and
therefore not marked with __THROW. */
extern int getspent_r (struct spwd *__result_buf, char *__buffer,
size_t __buflen, struct spwd **__result);
extern int getspnam_r (const char *__name, struct spwd *__result_buf,
char *__buffer, size_t __buflen,
struct spwd **__result);
extern int sgetspent_r (const char *__string, struct spwd *__result_buf,
char *__buffer, size_t __buflen,
struct spwd **__result);
extern int fgetspent_r (FILE *__stream, struct spwd *__result_buf,
char *__buffer, size_t __buflen,
struct spwd **__result);
#endif /* misc */
/* The simple locking functionality provided here is not suitable for
multi-threaded applications. */
/* Request exclusive access to /etc/passwd and /etc/shadow. */
extern int lckpwdf (void) __THROW;
/* Release exclusive access to /etc/passwd and /etc/shadow. */
extern int ulckpwdf (void) __THROW;
__END_DECLS
#endif /* shadow.h */
Reference in New Issue View Git Blame Copy Permalink