DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH
 

smp_pw_change(S)


smp_pw_change -- check user authorization to change password

Syntax

cc . . . -lprot
#include <sys/types.h>
#include <prot.h>

int smp_pw_change(usrp, reasonp) struct smp_user_info *usrp; char **reasonp;

Description

smp_pw_change queries whether the invoking user is allowed to change the password of the account specified previously by a call to smp_check_user. For this routine to be meaningful, smp_check_user should have been called with the typ argument specified as SMP_PASSWD.

usrp points to a smp_user_info structure which has been created by the previous call to smp_check_user. If the invoker is not changing their own password, this is used by smp_pw_change to check whether the invoking user is authorized to change the password of the account.

Before checking whether the invoker is authorized to change the password, smp_pw_change ensures that the invoker has permission to either generate or pick a password (flags u_genpwd and u_pickpw respectively, see prpw(F) ).

Authorization to change the password is given if any one of the following four conditions exist:

smp_pw_change will return an error if it is unable to read the subsystem authorization file.

If the invoker is changing his or her own password and an old password exists, the calling program should prompt for the old password before allowing the change.

reasonp is used with certain return values to store a descriptive message.

Return values

Note that this routine also stores its return value for later use in auditing of failures.

SMP_NOTOWNER
Returned in two cases:

The operation should not continue.


SMP_HASPW
The account belongs to the invoking user and the account already has a passwd. The calling program should prompt the user for the old password and check it before allowing the password to be changed.

SMP_NULLPW
One of the above four authorization conditions is true. In all cases the account's password can be changed without providing the old password. If the invoker is changing his or her own password, no password currently exists.

SMP_EXTFAIL
External failure - returned in two cases:

reasonp points to a character string explaining the cause of the error. The operation should not continue.

Diagnostics

All diagnostics are returned as strings pointed to by the argument reasonp. It is up to the calling program to display these for the user. In each case the return value is also noted.

Can't parse /etc/auth/system/authorize
The subsystem authorization file cannot be found or cannot be read. SMP_EXTFAIL is returned.

Can't find auth in /etc/auth/system/authorize
The auth subsystem authorization is not present in the subsystem authorization file. SMP_EXTFAIL is returned.

Examples

The following example illustrates the usage of smp_pw_change:
...
switch (smp_check_user(SMP_PASSWD, username, NULL,
                            starting_ruid(), &userp, &pwtries, &reason)) {
...
}

switch (smp_pw_change(userp, &reason)) { case SMP_NOTOWNER: put("can't change that password\n"); smp_audit_fail(userp); exit(1); case SMP_EXTFAIL: put(reason); put("\n"); exit(1); case SMP_HASPW: noecho(); put("old password: "); switch (smp_check_pw(gets(line), userp, &reason)) { ... } put("\n"); echo(); case SMP_NULLPW: break; }

Files


/lib/libprot.a
security subsystem library routines

/usr/lib/libp/libprot.a
as above but used for profiling

/usr/include/prot.h
defines the smp_user_info structure

/etc/auth/system/authorize
subsystem authorizations, see authorize(F)

/etc/auth/subsystems/dflt_users
authorization default users, see authcap(F)

/etc/auth/system/default
system default database, see default(F)

See also

smp_check_user(S), smp_generate_pw(S), smp_get_messages(S), smp_pw_choice(S), smp_set_identity(S), smp_set_pw(S), smp_try_pw(S)

Standards conformance

smp_pw_change is not part of any currently supported standard; it is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003