diff options
Diffstat (limited to 'shadow/shadow.h')
-rw-r--r-- | shadow/shadow.h | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/shadow/shadow.h b/shadow/shadow.h index 6f3a570e4b..351882e448 100644 --- a/shadow/shadow.h +++ b/shadow/shadow.h @@ -15,7 +15,11 @@ License along with the GNU C Library; if not, see <http://www.gnu.org/licenses/>. */ -/* Declaration of types and functions for shadow password suite. */ +/* Declaration of types and functions for "shadow" storage of hashed + passphrases. The shadow database is like the user database, but is + only accessible with special privileges, so that malicious users + cannot retrieve everyone else's hashed passphrase to brute-force at + their convenience. */ #ifndef _SHADOW_H #define _SHADOW_H 1 @@ -35,11 +39,11 @@ __BEGIN_DECLS -/* Structure of the password file. */ +/* A record in the shadow database. */ struct spwd { char *sp_namp; /* Login name. */ - char *sp_pwdp; /* Encrypted password. */ + char *sp_pwdp; /* Hashed passphrase. */ long int sp_lstchg; /* Date of last change. */ long int sp_min; /* Minimum number of days between changes. */ long int sp_max; /* Maximum number of days between changes. */ @@ -101,7 +105,7 @@ extern struct spwd *sgetspent (const char *__string); therefore not marked with __THROW. */ extern struct spwd *fgetspent (FILE *__stream); -/* Write line containing shadow password entry to stream. +/* Write line containing shadow entry to stream. This function is not part of POSIX and therefore no official cancellation point. But due to similarity with an POSIX interface @@ -137,10 +141,10 @@ extern int fgetspent_r (FILE *__stream, struct spwd *__result_buf, /* The simple locking functionality provided here is not suitable for multi-threaded applications. */ -/* Protect password file against multi writers. */ +/* Request exclusive access to /etc/passwd and /etc/shadow. */ extern int lckpwdf (void) __THROW; -/* Unlock password file. */ +/* Release exclusive access to /etc/passwd and /etc/shadow. */ extern int ulckpwdf (void) __THROW; __END_DECLS |