openpam_restore_cred.c (302408) | openpam_restore_cred.c (94209) |
---|---|
1/*- | 1/*- |
2 * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 3 * Copyright (c) 2004-2011 Dag-Erling Sm��rgrav | 2 * Copyright (c) 2002 Networks Associates Technology, Inc. |
4 * All rights reserved. 5 * 6 * This software was developed for the FreeBSD Project by ThinkSec AS and | 3 * All rights reserved. 4 * 5 * This software was developed for the FreeBSD Project by ThinkSec AS and |
7 * Network Associates Laboratories, the Security Research Division of 8 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 9 * ("CBOSS"), as part of the DARPA CHATS research program. | 6 * NAI Labs, the Security Research Division of Network Associates, Inc. 7 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 8 * DARPA CHATS research program. |
10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the --- 9 unchanged lines hidden (view full) --- 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 * | 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the --- 9 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
35 * $Id: openpam_restore_cred.c 648 2013-03-05 17:54:27Z des $ | 34 * $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#1 $ |
36 */ 37 | 35 */ 36 |
38#ifdef HAVE_CONFIG_H 39# include "config.h" 40#endif 41 | |
42#include <sys/param.h> 43 | 37#include <sys/param.h> 38 |
44#include <grp.h> 45#include <limits.h> | |
46#include <pwd.h> 47#include <stdlib.h> 48#include <unistd.h> 49 50#include <security/pam_appl.h> 51 52#include "openpam_impl.h" | 39#include <pwd.h> 40#include <stdlib.h> 41#include <unistd.h> 42 43#include <security/pam_appl.h> 44 45#include "openpam_impl.h" |
53#include "openpam_cred.h" | |
54 55/* 56 * OpenPAM extension 57 * 58 * Restore credentials 59 */ 60 61int 62openpam_restore_cred(pam_handle_t *pamh) 63{ | 46 47/* 48 * OpenPAM extension 49 * 50 * Restore credentials 51 */ 52 53int 54openpam_restore_cred(pam_handle_t *pamh) 55{ |
64 const struct pam_saved_cred *scred; 65 const void *scredp; | 56 struct pam_saved_cred *scred; |
66 int r; 67 | 57 int r; 58 |
68 ENTER(); 69 r = pam_get_data(pamh, PAM_SAVED_CRED, &scredp); | 59 r = pam_get_data(pamh, PAM_SAVED_CRED, (const void **)&scred); |
70 if (r != PAM_SUCCESS) | 60 if (r != PAM_SUCCESS) |
71 RETURNC(r); 72 if (scredp == NULL) 73 RETURNC(PAM_SYSTEM_ERR); 74 scred = scredp; 75 if (scred->euid != geteuid()) { 76 if (seteuid(scred->euid) < 0 || 77 setgroups(scred->ngroups, scred->groups) < 0 || 78 setegid(scred->egid) < 0) 79 RETURNC(PAM_SYSTEM_ERR); 80 } | 61 return (r); 62 if (scred == NULL) 63 return (PAM_SYSTEM_ERR); 64 if (seteuid(scred->euid) == -1 || 65 setgroups(scred->ngroups, scred->groups) == -1 || 66 setegid(scred->egid) == -1) 67 return (PAM_SYSTEM_ERR); |
81 pam_set_data(pamh, PAM_SAVED_CRED, NULL, NULL); | 68 pam_set_data(pamh, PAM_SAVED_CRED, NULL, NULL); |
82 RETURNC(PAM_SUCCESS); | 69 return (PAM_SUCCESS); |
83} 84 85/* 86 * Error codes: 87 * 88 * =pam_get_data 89 * PAM_SYSTEM_ERR 90 */ 91 92/** 93 * The =openpam_restore_cred function restores the credentials saved by 94 * =openpam_borrow_cred. 95 * | 70} 71 72/* 73 * Error codes: 74 * 75 * =pam_get_data 76 * PAM_SYSTEM_ERR 77 */ 78 79/** 80 * The =openpam_restore_cred function restores the credentials saved by 81 * =openpam_borrow_cred. 82 * |
96 * >setegid 2 97 * >seteuid 2 98 * >setgroups 2 | 83 * >setegid 84 * >seteuid 85 * >setgroups |
99 */ | 86 */ |