DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

smp_check_pw(S-osr5)


smp_check_pw -- check user-supplied password

Syntax

cc . . . -lprot
#include <sys/types.h>
#include prot.h

int smp_check_pw(password, usrp, reasonp) char *password; struct smp_user_info *usrp; char **reasonp;

Description

smp_check_pw checks the password, supplied as the password argument, against the encrypted password for the previously specified account.

usrp points to an smp_user_info structure which has been created by a previous call to smp_check_user. If an encrypted password exists, password is compared using bigcrypt(S-osr5). It is possible that the previously saved account information may be null (resulting from SMP_BADUSER returned from a previous call to smp_check_user(S-osr5)). In both the case of a mismatched password or in the above case, smp_check_pw will return SMP_NOPWMATCH. This enables smp_check_pw to be called even if the user name is invalid.

In the case where the password is valid, smp_check_pw copies password into storage for later use and performs the following additional checks:

If all checks pass, smp_check_pw returns SMP_CANCHANGE indicating that the password can be changed.

reasonp is used with certain return values to store a descriptive message.

Return values

Note that this routine also stores its return value for later use in auditing of failures.

SMP_NOPWMATCH
password did not match with the encrypted password or the encrypted password for the account is missing from smp_user_info. The operation should not continue.

SMP_ACCTLOCK
The account is locked. The operation should not continue.

SMP_MUSTCHANGE
The password matched, and has expired so must be changed before login completes.

SMP_CANCHANGE
The password matched, and could be changed by the user if desired.

SMP_CANTCHANGE
The password matched, and cannot be changed by the user because the minimum period between password changes has not elapsed.

SMP_OVERRIDE
is returned in three cases:

However, in all of the above cases the ``root on console'' flag has been previously set by smp_check_user and login should be permitted to correct the problem. reasonp points to a character string explaining the type of failure.


SMP_RETIRED
The account has been retired. The operation should not continue.

Diagnostics

All diagnostics are returned as strings pointed to by the argument reasonp. It is up to the calling program to display these for the user. In each case the return value is also noted.

Account locked
The account has been locked. However, the ``root on console'' flag is set so login should be permitted to allow the problem to be fixed. SMP_OVERRIDE is returned.

Terminal locked
The terminal is locked. However, the ``root on console'' flag is set so login should be permitted to allow the problem to be fixed. SMP_OVERRIDE is returned.

Account retired
The account has been retired. However, the ``root on console'' flag is set so login should be permitted to allow the problem to be fixed. SMP_OVERRIDE is returned.

Examples

The following example illustrates the usage of smp_check_pw:
...
switch (smp_check_user(SMP_LOGIN, gets(line), ttyname(0), 0, &usrp,
                               &pwtry, &reason)) {
...
    case SMP_BADUSER:
    case SMP_HASPW:
        noecho();
        put("password: ");
        switch (smp_check_pw(gets(line), userp, &reason)) {
        case SMP_EXTFAIL:
            echo();
            put("\n");
            put(reason);
            put("\n");
            exit(1);
        case SMP_NOPWMATCH:
            echo();
            put("\nlogin incorrect\n");
            smp_audit_fail(userp);
            exit(1);
        case SMP_ACCTLOCK:
            echo();
            put("\naccount locked\n");
            smp_audit_fail(userp);
            exit(1);
        case SMP_RETIRED:
            echo();
            put("\naccount retired\n");
            smp_audit_fail(userp);
            exit(1);
        case SMP_OVERRIDE:
            put(reason);
            put("\nroot login on console is allowed\n");
        case SMP_CANCHANGE:
        case SMP_CANTCHANGE:
            goto loginok;
        case SMP_MUSTCHANGE:
            put("\npassword has expired");  /* fall through to set new pw */
        }
        echo();
   case SMP_PWREQ:
        put("\nmust set password now\n");
        if ((pwtype=smp_pw_choice(userp, &reason)) == SMP_CHOOSE) {
        ...
        }
   ...
   }
...
}
...
loginok:

Files


/lib/libprot.a
security subsystem library routines

/usr/lib/libp/libprot.a
as above but used for profiling

/usr/include/prot.h
defines the smp_user_info structure

See also

smp_check_user(S-osr5), smp_pw_choice(S-osr5), smp_generate_pw(S-osr5), smp_get_messages(S-osr5), smp_pw_change(S-osr5), smp_set_identity(S-osr5), smp_set_pw(S-osr5), smp_try_pw(S-osr5)

Standards conformance

smp_check_pw is not part of any currently supported standard; it is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 02 June 2005