smp_pw_change(S-osr5)

Syntax

#include <sys/types.h>
#include <prot.h>

int smp_pw_change(usrp, reasonp)
struct smp_user_info *usrp;
char **reasonp;

Description

usrp points to a smp_user_info structure which has been created by the previous call to smp_check_user. If the invoker is not changing their own password, this is used by smp_pw_change to check whether the invoking user is authorized to change the password of the account.

Before checking whether the invoker is authorized to change the password, smp_pw_change ensures that the invoker has permission to either generate or pick a password (flags u_genpwd and u_pickpw respectively, see prpw(F) ).

Authorization to change the password is given if any one of the following four conditions exist:

• The invoker has auth subsystem authorization, see auths(C) and authorize(F).

• The invoker has passwd secondary subsystem authorization and the account for which the password is to be changed does not have auth subsystem authorization.

• The UID of the invoker matches the UID permitted to change the password for the account (field u_pswduser, see prpw(F)).

• The invoker is changing his or her own password.

If the invoker is changing his or her own password and an old password exists, the calling program should prompt for the old password before allowing the change.

reasonp is used with certain return values to store a descriptive message.

Return values

SMP_NOTOWNER

Returned in two cases:

• the invoking user is not allowed to generate or pick a passwd

• the invoking user does not own the account and none of the above conditions which entitle the invoker to change the passwd have been met

The operation should not continue.

SMP_HASPW

The account belongs to the invoking user and the account already has a passwd. The calling program should prompt the user for the old password and check it before allowing the password to be changed.

SMP_NULLPW

One of the above four authorization conditions is true. In all cases the account's password can be changed without providing the old password. If the invoker is changing his or her own password, no password currently exists.

SMP_EXTFAIL

External failure - returned in two cases:

• the subsystem authorization file could not be read

• auth subsystem authorization is missing from the authorization file

reasonp points to a character string explaining the cause of the error. The operation should not continue.

Diagnostics

Can't parse /etc/auth/system/authorize

The subsystem authorization file cannot be found or cannot be read. SMP_EXTFAIL is returned.

Can't find auth in /etc/auth/system/authorize

The auth subsystem authorization is not present in the subsystem authorization file. SMP_EXTFAIL is returned.

Examples

...
switch (smp_check_user(SMP_PASSWD, username, NULL,
                            starting_ruid(), &userp, &pwtries, &reason)) {
...
}

switch (smp_pw_change(userp, &reason)) {
    case SMP_NOTOWNER:
        put("can't change that password\n");
        smp_audit_fail(userp);
        exit(1);
    case SMP_EXTFAIL:
        put(reason);
        put("\n");
        exit(1);
    case SMP_HASPW:
        noecho();
        put("old password: ");
        switch (smp_check_pw(gets(line), userp, &reason)) {
        ...
        }
        put("\n");
        echo();
    case SMP_NULLPW:
        break;
}

Files

/lib/libprot.a

security subsystem library routines

/usr/lib/libp/libprot.a

as above but used for profiling

/usr/include/prot.h

defines the smp_user_info structure

/etc/auth/system/authorize

subsystem authorizations, see authorize(F)

/etc/auth/subsystems/dflt_users

authorization default users, see authcap(F)

/etc/auth/system/default

system default database, see default(F)

See also

Standards conformance