Fwd: About *pwent() functions

Matthew Seaman m.seaman at infracaninophile.co.uk
Thu Jan 22 03:22:28 PST 2004 

On Wed, Jan 21, 2004 at 09:35:45PM -0800, Gabor Esperon wrote:
> 
> --- Matthew Seaman <m.seaman at infracaninophile.co.uk>
> wrote:

> > There aren't functions to add user accounts via a C
> > api in the
> > standard FreeBSD system libraries.  There are
> > various applications
> > that will do the job for you -- pw(8) is probably
> > the best choice --
> > and it shouldn't be too hard to fork(2) and
> > execve(2) it
> > with an appropriate set of command line arguments.
> 
> I am implementing a PAM module that authenticate and
> create a user on demand according to some parameters
> and PAM modules not allow file execution.

This sounds like an incredibly bad idea to me: user authentication
should be kept completely separate from user account creation.
Otherwise, the possibility exists that J. Random Hacker could trick
your system into creating an account for himself, and use it for
nefarious purposes.

Having said that, I'm also pretty sure that someone will have written
PAM modules that do that sort of thing.  I've seen discussion of
modules that create the account home directory on first use, given
that the UID exists in a network database.  Perhaps a bit of searching
the net is in order.
 
> > Or if you know that you're using the local password
> > file, then you can
> > write code that locks master.passwd, appends a line
> > with the correct
> > data, unlocks it and runs pwd_mkdb(8).
> 
> Yes I'm using the local password file. Which APIs
> should i use to implement pwd_mkdb(8)?

Ah.  If you can't run pw(8), then you can't run pwd_mkdb(8) either.
That's the program that processes the /etc/master.passwd file to
generate all of /etc/passwd, /etc/master.passwd.db and /etc/passwd.db.
The '.db' files are Berkely DB format hashed lookup tables: see
dbopen(3), but quite honestly reinventing pwd_mkdb(8) as a C api would
be a bit un-unixlike.  Better to work on spawning the necessary
programs from your module.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040122/f4a16afb/attachment.bin

More information about the freebsd-questions mailing list