1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
'\" te
.\" Copyright (c) 2002, Sun Microsystems, Inc. All Rights Reserved.
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH CRYPT_GENSALT 3C "Jun 10, 2002"
.SH NAME
crypt_gensalt \- generate salt string for string encoding
.SH SYNOPSIS
.LP
.nf
#include <crypt.h>
\fBchar *\fR\fBcrypt_gensalt\fR(\fBconst char *\fR\fIoldsalt\fR, \fBconst struct passwd *\fR\fIuserinfo\fR);
.fi
.SH DESCRIPTION
.sp
.LP
The \fBcrypt_gensalt()\fR function generates the salt string required by
\fBcrypt\fR(3C).
.sp
.LP
If \fIoldsalt\fR is \fINULL\fR, \fBcrypt_gensalt()\fR uses the algorithm
defined by \fBCRYPT_DEFAULT\fR in \fB/etc/security/policy.conf\fR. See
\fBpolicy.conf\fR(4).
.sp
.LP
If \fIoldsalt\fR is non-null, \fBcrypt_gensalt()\fR determines if the algorithm
specified by \fIoldsalt\fR is allowable by checking the
\fBCRYPT_ALGORITHMS_ALLOW\fR and \fBCRYPT_ALGORITHMS_DEPRECATE\fR variables in
\fB/etc/security/policy.conf\fR. If the algorithm is allowed,
\fBcrypt_gensalt()\fR loads the appropriate shared library and calls
\fBcrypt_gensalt_impl\fR(3C). If the algorithm is not allowed or there is no
entry for it in \fBcrypt.conf\fR, \fBcrypt_gensalt()\fR uses the default
algorithm.
.sp
.LP
The mechanism just described provides a means to migrate users to new password
hashing algorithms when the password is changed.
.SH RETURN VALUES
.sp
.LP
Upon successful completion, \fBcrypt_gensalt()\fR returns a pointer to the new
salt. Otherwise a null pointer is returned and \fBerrno\fR is set to indicate
the error.
.SH ERRORS
.sp
.LP
The \fBcrypt_gensalt()\fR function will fail if:
.sp
.ne 2
.na
\fB\fBEINVAL\fR\fR
.ad
.RS 11n
The configuration file \fBcrypt.conf\fR contains an invalid entry.
.RE
.sp
.ne 2
.na
\fB\fBELIBACC\fR\fR
.ad
.RS 11n
The required shared library was not found.
.RE
.sp
.ne 2
.na
\fB\fBENOMEM\fR\fR
.ad
.RS 11n
There is insufficient memory to perform hashing.
.RE
.SH USAGE
.sp
.LP
The value returned by \fBcrypt_gensalt()\fR points to a null-terminated string.
The caller of \fBcrypt_gensalt()\fR is responsible for calling \fBfree\fR(3C).
.sp
.LP
Applications dealing with user authentication and password changing should not
call \fBcrypt_gensalt()\fR directly but should instead call the appropriate
\fBpam\fR(3PAM) functions.
.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp
.sp
.TS
box;
c | c
l | l .
ATTRIBUTE TYPE ATTRIBUTE VALUE
_
Interface Stability Evolving
_
MT-Level MT-Safe
.TE
.SH SEE ALSO
.sp
.LP
\fBpasswd\fR(1), \fBcrypt\fR(3C), \fBcrypt_genhash_impl\fR(3C),
\fBcrypt_gensalt_impl\fR(3C), \fBgetpassphrase\fR(3C), \fBmalloc\fR(3C),
\fBpam\fR(3PAM), \fBcrypt.conf\fR(4), \fBpasswd\fR(4), \fBpolicy.conf\fR(4),
\fBattributes\fR(5)
|
