From owner-freebsd-questions@FreeBSD.ORG Thu Jan 22 03:22:28 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 54C1816A4CE for ; Thu, 22 Jan 2004 03:22:28 -0800 (PST) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7801043D45 for ; Thu, 22 Jan 2004 03:22:25 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1])i0MBMKse042878 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 22 Jan 2004 11:22:20 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i0MBMKrM042877; Thu, 22 Jan 2004 11:22:20 GMT (envelope-from matthew) Date: Thu, 22 Jan 2004 11:22:20 +0000 From: Matthew Seaman To: Gabor Esperon Message-ID: <20040122112220.GC42056@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Gabor Esperon , freebsd-questions@freebsd.org References: <20040121224749.GB36113@happy-idiot-talk.infracaninophile.co.uk> <20040122053545.66503.qmail@web11508.mail.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VV4b6MQE+OnNyhkM" Content-Disposition: inline In-Reply-To: <20040122053545.66503.qmail@web11508.mail.yahoo.com> User-Agent: Mutt/1.5.5.1i X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.62 X-Spam-Checker-Version: SpamAssassin 2.62 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-questions@freebsd.org Subject: Re: Fwd: About *pwent() functions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jan 2004 11:22:28 -0000 --VV4b6MQE+OnNyhkM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jan 21, 2004 at 09:35:45PM -0800, Gabor Esperon wrote: >=20 > --- Matthew Seaman > wrote: > > There aren't functions to add user accounts via a C > > api in the > > standard FreeBSD system libraries. There are > > various applications > > that will do the job for you -- pw(8) is probably > > the best choice -- > > and it shouldn't be too hard to fork(2) and > > execve(2) it > > with an appropriate set of command line arguments. >=20 > I am implementing a PAM module that authenticate and > create a user on demand according to some parameters > and PAM modules not allow file execution. This sounds like an incredibly bad idea to me: user authentication should be kept completely separate from user account creation. Otherwise, the possibility exists that J. Random Hacker could trick your system into creating an account for himself, and use it for nefarious purposes. Having said that, I'm also pretty sure that someone will have written PAM modules that do that sort of thing. I've seen discussion of modules that create the account home directory on first use, given that the UID exists in a network database. Perhaps a bit of searching the net is in order. =20 > > Or if you know that you're using the local password > > file, then you can > > write code that locks master.passwd, appends a line > > with the correct > > data, unlocks it and runs pwd_mkdb(8). >=20 > Yes I'm using the local password file. Which APIs > should i use to implement pwd_mkdb(8)? Ah. If you can't run pw(8), then you can't run pwd_mkdb(8) either. That's the program that processes the /etc/master.passwd file to generate all of /etc/passwd, /etc/master.passwd.db and /etc/passwd.db. The '.db' files are Berkely DB format hashed lookup tables: see dbopen(3), but quite honestly reinventing pwd_mkdb(8) as a C api would be a bit un-unixlike. Better to work on spawning the necessary programs from your module. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --VV4b6MQE+OnNyhkM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAD7JsdtESqEQa7a0RAoBhAJ4+FSX/wrz1sMxW2qLqdwCVWxJ9ggCfZ61x 4l9NczAXCGIVNIPcXDo3YsQ= =UnTq -----END PGP SIGNATURE----- --VV4b6MQE+OnNyhkM--