v1.0.30.0

Name

libaccdb - The Unified Account Database

libaccdb API

libaccdb provides some essential functions for applications wishing to access a user database. It also contains some common used code, such as password generation routines. Applications that wish to use ACCDB must link against it, usually with gcc's -laccdb parameter.

#include <accdb.h>

struct accdb_module *accdb_load(const char *module);
void accdb_unload(struct accdb_module *mp);

accdb_load() opens a back-end module (module.so and/or module.dll), acquires all necessary symbols and returns them in a malloc()ed struct accdb_module, which is then to be freed with accdb_unload(). In most cases, module will be just be a zero-terminated string with an asterisk, which says to use the default ACCDB back-end, defined in ./vetc/libaccdb/accdb or /etc/libaccdb/accdb, variable DEFAULT_BACKEND. Since Vitalnix v1.0.28.0, a sub-module can be specified by adding a colon and the name (i.e. "perl:shadow.pl").

On failure, accdb_load() returns NULL and sets errno to the ones set by system calls, plus EFAULT if no q_open() function in the ACCDB module could be found. ENOENT is returned if no default module was defined.

struct accdb_module *res = accdb_load("*");
res->open(res->state);
res->useradd(...);
res->close(res->state);
accdb_unload(res);

The back-end interface is discussed in its own chapter.

Password generation

#include <accdb.h>

int accdb_genpw(char *plain, size_t len, unsigned long flags);
int accdb_cryptpw(const char *key, const char *salt, int meth, char **crypted);

accdb_genpw() generates a random password. It is configured to use libHX's independent random generator layer, to use /dev/urandom where possible (otherwise uses libc's rand()). The new password of length len is put into plain. A trailing '\0' character is appended, so plain must be 1 bigger than the value of len. If salt is NULL, a new salt will be generated. The salt parameter is usually only used for password authentication.

flags is a bitmask, which may consists of these options: GENPW_PHONEMIC uses a different algorithm, to choose passwords which can be spoken and (may be | is) easy to remember. GENPW_ONE_CASE specifies that there should be at least one upper-case character in the plain password; GENPW_ONE_DIGIT is the same for a digit, respectively.

accdb_cryptpw() takes a plain text key -- mostly this a plaintext password -- and encrypts it, being usable for /etc/shadow or similar. Space for the resulting crypted string is allocated within accdb_cryptpw(), and is put into *crypted. Be sure to free() it when you are done with it. meth specifies the encryption to use. Valid values are CRYPW_DES, CRYPW_MD5 and CRYPW_BLOWFISH. Blowfish is the preferred algorithm nowadays which provides maximum security of these three.

char pw[11], *cr;
accdb_genpw(pw, 10, GENPW_PHONEMIC | GENPW_ONE_DIGIT | GENPW_ONE_CASE);
accdb_cryptpw(pw, NULL, CRYPW_BLOWFISH, &cr);

DES and MD5 crypt is only available if your libc has them. Blowfish encryption routines are always available since I have included them in Vitalnix.


June 07 2004 http://vitalnix.sf.net/