Name
libaccdb - The Unified Account Database libaccdb API
libaccdb provides some essential functions for applications wishing to access a user database. It also contains some common used code, such as password generation routines. Applications that wish to use ACCDB must link against it, usually with gcc's -laccdb parameter.
accdb_load() opens a back-end module (module.so and/or module.dll), acquires all necessary symbols and returns them in a malloc()ed struct accdb_module, which is then to be freed with accdb_unload(). In most cases, module will be just be a zero-terminated string with an asterisk, which says to use the default ACCDB back-end, defined in ./vetc/libaccdb/accdb or /etc/libaccdb/accdb, variable DEFAULT_BACKEND. Since Vitalnix v1.0.28.0, a sub-module can be specified by adding a colon and the name (i.e. "perl:shadow.pl"). On failure, accdb_load() returns NULL and sets errno to the ones set by system calls, plus EFAULT if no q_open() function in the ACCDB module could be found. ENOENT is returned if no default module was defined.
The back-end interface is discussed in its own chapter. Password generation
accdb_genpw() generates a random password. It is configured to use libHX's independent random generator layer, to use /dev/urandom where possible (otherwise uses libc's rand()). The new password of length len is put into plain. A trailing '\0' character is appended, so plain must be 1 bigger than the value of len. If salt is NULL, a new salt will be generated. The salt parameter is usually only used for password authentication. flags is a bitmask, which may consists of these options: GENPW_PHONEMIC uses a different algorithm, to choose passwords which can be spoken and (may be | is) easy to remember. GENPW_ONE_CASE specifies that there should be at least one upper-case character in the plain password; GENPW_ONE_DIGIT is the same for a digit, respectively. accdb_cryptpw() takes a plain text key -- mostly this a plaintext password -- and encrypts it, being usable for /etc/shadow or similar. Space for the resulting crypted string is allocated within accdb_cryptpw(), and is put into *crypted. Be sure to free() it when you are done with it. meth specifies the encryption to use. Valid values are CRYPW_DES, CRYPW_MD5 and CRYPW_BLOWFISH. Blowfish is the preferred algorithm nowadays which provides maximum security of these three.
DES and MD5 crypt is only available if your libc has them. Blowfish encryption routines are always available since I have included them in Vitalnix.
|