194209Sdes/*- 2115619Sdes * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 3228690Sdes * Copyright (c) 2004-2011 Dag-Erling Sm��rgrav 494209Sdes * All rights reserved. 594209Sdes * 694209Sdes * This software was developed for the FreeBSD Project by ThinkSec AS and 799158Sdes * Network Associates Laboratories, the Security Research Division of 899158Sdes * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 999158Sdes * ("CBOSS"), as part of the DARPA CHATS research program. 1094209Sdes * 1194209Sdes * Redistribution and use in source and binary forms, with or without 1294209Sdes * modification, are permitted provided that the following conditions 1394209Sdes * are met: 1494209Sdes * 1. Redistributions of source code must retain the above copyright 1594209Sdes * notice, this list of conditions and the following disclaimer. 1694209Sdes * 2. Redistributions in binary form must reproduce the above copyright 1794209Sdes * notice, this list of conditions and the following disclaimer in the 1894209Sdes * documentation and/or other materials provided with the distribution. 1994209Sdes * 3. The name of the author may not be used to endorse or promote 2094209Sdes * products derived from this software without specific prior written 2194209Sdes * permission. 2294209Sdes * 2394209Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 2494209Sdes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2594209Sdes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2694209Sdes * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 2794209Sdes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2894209Sdes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2994209Sdes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 3094209Sdes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 3194209Sdes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3294209Sdes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3394209Sdes * SUCH DAMAGE. 3494209Sdes * 35348980Sdes * $OpenPAM: openpam_borrow_cred.c 938 2017-04-30 21:34:42Z des $ 3694209Sdes */ 3794209Sdes 38228690Sdes#ifdef HAVE_CONFIG_H 39228690Sdes# include "config.h" 40228690Sdes#endif 41228690Sdes 4294209Sdes#include <sys/param.h> 4394209Sdes 44115619Sdes#include <grp.h> 45117610Sdes#include <limits.h> 4694209Sdes#include <pwd.h> 4794209Sdes#include <stdlib.h> 4894209Sdes#include <unistd.h> 4994209Sdes 5094209Sdes#include <security/pam_appl.h> 5194209Sdes 5294209Sdes#include "openpam_impl.h" 53255376Sdes#include "openpam_cred.h" 5494209Sdes 5594209Sdes/* 5694209Sdes * OpenPAM extension 5794209Sdes * 5894209Sdes * Temporarily borrow user credentials 5994209Sdes */ 6094209Sdes 6194209Sdesint 6294209Sdesopenpam_borrow_cred(pam_handle_t *pamh, 6394209Sdes const struct passwd *pwd) 6494209Sdes{ 6594209Sdes struct pam_saved_cred *scred; 66174832Sdes const void *scredp; 6794209Sdes int r; 6894209Sdes 69110503Sdes ENTERI(pwd->pw_uid); 70125647Sdes r = pam_get_data(pamh, PAM_SAVED_CRED, &scredp); 71125647Sdes if (r == PAM_SUCCESS && scredp != NULL) { 72255376Sdes openpam_log(PAM_LOG_LIBDEBUG, 73110503Sdes "already operating under borrowed credentials"); 74110503Sdes RETURNC(PAM_SYSTEM_ERR); 75110503Sdes } 76110503Sdes if (geteuid() != 0 && geteuid() != pwd->pw_uid) { 77255376Sdes openpam_log(PAM_LOG_LIBDEBUG, "called with non-zero euid: %d", 78110503Sdes (int)geteuid()); 79107937Sdes RETURNC(PAM_PERM_DENIED); 80110503Sdes } 8194209Sdes scred = calloc(1, sizeof *scred); 8294209Sdes if (scred == NULL) 83107937Sdes RETURNC(PAM_BUF_ERR); 8494209Sdes scred->euid = geteuid(); 8594209Sdes scred->egid = getegid(); 8694209Sdes r = getgroups(NGROUPS_MAX, scred->groups); 87115619Sdes if (r < 0) { 88115619Sdes FREE(scred); 89107937Sdes RETURNC(PAM_SYSTEM_ERR); 9094209Sdes } 9194209Sdes scred->ngroups = r; 9294209Sdes r = pam_set_data(pamh, PAM_SAVED_CRED, scred, &openpam_free_data); 9394209Sdes if (r != PAM_SUCCESS) { 94115619Sdes FREE(scred); 95107937Sdes RETURNC(r); 9694209Sdes } 97110503Sdes if (geteuid() == pwd->pw_uid) 98110503Sdes RETURNC(PAM_SUCCESS); 99115619Sdes if (initgroups(pwd->pw_name, pwd->pw_gid) < 0 || 100115619Sdes setegid(pwd->pw_gid) < 0 || seteuid(pwd->pw_uid) < 0) { 10194209Sdes openpam_restore_cred(pamh); 102107937Sdes RETURNC(PAM_SYSTEM_ERR); 10394209Sdes } 104107937Sdes RETURNC(PAM_SUCCESS); 10594209Sdes} 10694209Sdes 10794209Sdes/* 10894209Sdes * Error codes: 10994209Sdes * 11094209Sdes * =pam_set_data 11194209Sdes * PAM_SYSTEM_ERR 11294209Sdes * PAM_BUF_ERR 11394209Sdes * PAM_PERM_DENIED 11494209Sdes */ 11594209Sdes 11694209Sdes/** 11794209Sdes * The =openpam_borrow_cred function saves the current credentials and 118141098Sdes * switches to those of the user specified by its =pwd argument. 119141098Sdes * The affected credentials are the effective UID, the effective GID, and 120141098Sdes * the group access list. 121141098Sdes * The original credentials can be restored using =openpam_restore_cred. 12294209Sdes * 123141098Sdes * >setegid 2 124141098Sdes * >seteuid 2 125141098Sdes * >setgroups 2 12694209Sdes */ 127