openpam_readwordread a word from a file, respecting shell quoting rules


Pluggable Authentication Module Library (libpam, -lpam)


#include < sys/types.h>
#include < stdio.h>
#include < security/pam_appl.h>
#include < security/openpam.h>

char *
openpam_readword( FILE *f, int *lineno, size_t *lenp);


The openpam_readword() function reads the next word from a file, and returns it in a NUL-terminated buffer allocated with malloc(3).

A word is a sequence of non-whitespace characters. However, whitespace characters can be included in a word if quoted or escaped according to the following rules:

  • An unescaped single or double quote introduces a quoted string, which ends when the same quote character is encountered a second time. The quotes themselves are stripped.
  • Within a single- or double-quoted string, all whitespace characters, including the newline character, are preserved as-is.
  • Outside a quoted string, a backslash escapes the next character, which is preserved as-is, unless that character is a newline, in which case it is discarded and reading continues at the beginning of the next line as if the backslash and newline had not been there. In all cases, the backslash itself is discarded.
  • Within a single-quoted string, double quotes and backslashes are preserved as-is.
  • Within a double-quoted string, a single quote is preserved as-is, and a backslash is preserved as-is unless used to escape a double quote.

In addition, if the first non-whitespace character on the line is a hash character (#), the rest of the line is discarded. If a hash character occurs within a word, however, it is preserved as-is. A backslash at the end of a comment does cause line continuation.

If lineno is not NULL, the integer variable it points to is incremented every time a quoted or escaped newline character is read.

If lenp is not NULL, the length of the word (after quotes and backslashes have been removed) is stored in the variable it points to.


If successful, the openpam_readword() function returns a pointer to a dynamically allocated NUL-terminated string containing the first word encountered on the line.

The caller is responsible for releasing the returned buffer by passing it to free(3).

If openpam_readword() reaches the end of the line or file before any characters are copied to the word, it returns NULL. In the former case, the newline is pushed back to the file.

If openpam_readword() reaches the end of the file while a quote or backslash escape is in effect, it sets errno to EINVAL and returns NULL.


The parsing rules are intended to be equivalent to the normal POSIX shell quoting rules. Any discrepancy is a bug and should be reported to the author along with sample input that can be used to reproduce the error.


The openpam_readword() function is an OpenPAM extension.


The openpam_readword() function and this manual page were developed by Dag-Erling Smørgrav <des@des.no>.
September 12, 2014 FreeBSD