Shadow Password module

Copyright © 1998-1999 Takaaki Tateishi <ttate@jaist.ac.jp> Modified at: <1999/8/19 06:47:14 by ttate> License: See LICENSE

1. What’s this

This module provides tools to read, and, on Linux, append, information related to password files.

Recent versions work on both Linux, Solaris, OS X, FreeBSD and OpenBSD. The functions found are translated to their equivalents in libshadow.

Note

1. install

ruby extconf.rb make # use gmake on FreeBSD (make install)

• Note:

Version 2 was developed to compile on Ruby 1.9.  1.8 compatibility should be
still present, but no promises about earlier versions of Ruby.

1. Shadow::Passwd module’s methods

__

Method                 | Linux | Solaris | OS X  | FreeBSD | OpenBSD

__

getspent               |   *   |    *    |   *   |    *    |    *
getspnam(name)         |   *   |    *    |   *   |    *    |    *
setspent               |   *   |    *    |   *   |    *    |    *
endspent               |   *   |    *    |   *   |    *    |    *
fgetspent(file)        |   *   |    *    |   N   |    N    |    N
sgetspent(str)         |   *   |    N    |   N   |    N    |    N
putspent(entry,file)   |   *   |    *    |   N   |    N    |    N
lckpwdf,lock           |   *   |    *    |   N   |    N    |    N
ulckpwdf,unlock        |   *   |    *    |   N   |    N    |    N
lock?                  |   *   |    *    |   N   |    N    |    N

1. Structure

Shadow::Passwd::Entry (Struct::PasswdEntry)

sp_namp - pointer to null-terminated user name.
sp_pwdp - pointer to null-terminated password.
sp_lstchg - days  since  Jan  1,  1970 password was last
            changed.
sp_min - days before which password may not be changed.
sp_max - days after which password must be changed.
sp_warn - days before password is to expire that  user  is
          warned of pending password expiration.
sp_inact  -  days  after  password expires that account is
             considered inactive and disabled.
sp_expire - days since Jan 1, 1970 when  account  will  be
            disabled

1. Description

getspent, getspname, fgetspent and sgetspent each return a structure Shadow::Passwd::Entry. getspent returns the next entry from the file, and fgetspent returns the next entry from the given stream. sgetspent returns a structure Shadow::Passwd::Entry using the provided string as input. getspnam searches from the current position in the file for an entry matching name. if you get EOF from each operation, you will get nil.

setspent and endspent may be used to begin and end, respe- ctively, access to the shadow password file.

lckpwdf(lock) and ulckpwdf(unlock) methods should be used to insure exclusive access to the /etc/shadow file. when either method fail, Exception Shadow::FileLock is raised. if you use lock as the iterator, unlock is automatically called when you exit the iterator block.

1. Reference

• man shadow

• /usr/include/shadow.h

• Code at github.com/shadow-maint/shadow

Original Author:

Takaaki Tateishi <ttate@jaist.ac.jp>

This GitHub repository is maintained by Adam Palmblad <adam.palmblad@teampages.com>. I’ll do my best to keep the repository reasonably up-to-date if you care to send pull requests.