openpam_borrow_cred.c revision 141098
194209Sdes/*- 2115619Sdes * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 394209Sdes * All rights reserved. 494209Sdes * 594209Sdes * This software was developed for the FreeBSD Project by ThinkSec AS and 699158Sdes * Network Associates Laboratories, the Security Research Division of 799158Sdes * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 899158Sdes * ("CBOSS"), as part of the DARPA CHATS research program. 994209Sdes * 1094209Sdes * Redistribution and use in source and binary forms, with or without 1194209Sdes * modification, are permitted provided that the following conditions 1294209Sdes * are met: 1394209Sdes * 1. Redistributions of source code must retain the above copyright 1494209Sdes * notice, this list of conditions and the following disclaimer. 1594209Sdes * 2. Redistributions in binary form must reproduce the above copyright 1694209Sdes * notice, this list of conditions and the following disclaimer in the 1794209Sdes * documentation and/or other materials provided with the distribution. 1894209Sdes * 3. The name of the author may not be used to endorse or promote 1994209Sdes * products derived from this software without specific prior written 2094209Sdes * permission. 2194209Sdes * 2294209Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 2394209Sdes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2494209Sdes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2594209Sdes * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 2694209Sdes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2794209Sdes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2894209Sdes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2994209Sdes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 3094209Sdes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3194209Sdes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3294209Sdes * SUCH DAMAGE. 3394209Sdes * 34141098Sdes * $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#13 $ 3594209Sdes */ 3694209Sdes 3794209Sdes#include <sys/param.h> 3894209Sdes 39115619Sdes#include <grp.h> 40117610Sdes#include <limits.h> 4194209Sdes#include <pwd.h> 4294209Sdes#include <stdlib.h> 4394209Sdes#include <unistd.h> 4494209Sdes 4594209Sdes#include <security/pam_appl.h> 4694209Sdes 4794209Sdes#include "openpam_impl.h" 4894209Sdes 4994209Sdes/* 5094209Sdes * OpenPAM extension 5194209Sdes * 5294209Sdes * Temporarily borrow user credentials 5394209Sdes */ 5494209Sdes 5594209Sdesint 5694209Sdesopenpam_borrow_cred(pam_handle_t *pamh, 5794209Sdes const struct passwd *pwd) 5894209Sdes{ 5994209Sdes struct pam_saved_cred *scred; 60125647Sdes void *scredp; 6194209Sdes int r; 6294209Sdes 63110503Sdes ENTERI(pwd->pw_uid); 64125647Sdes r = pam_get_data(pamh, PAM_SAVED_CRED, &scredp); 65125647Sdes if (r == PAM_SUCCESS && scredp != NULL) { 66110503Sdes openpam_log(PAM_LOG_DEBUG, 67110503Sdes "already operating under borrowed credentials"); 68110503Sdes RETURNC(PAM_SYSTEM_ERR); 69110503Sdes } 70110503Sdes if (geteuid() != 0 && geteuid() != pwd->pw_uid) { 71110503Sdes openpam_log(PAM_LOG_DEBUG, "called with non-zero euid: %d", 72110503Sdes (int)geteuid()); 73107937Sdes RETURNC(PAM_PERM_DENIED); 74110503Sdes } 7594209Sdes scred = calloc(1, sizeof *scred); 7694209Sdes if (scred == NULL) 77107937Sdes RETURNC(PAM_BUF_ERR); 7894209Sdes scred->euid = geteuid(); 7994209Sdes scred->egid = getegid(); 8094209Sdes r = getgroups(NGROUPS_MAX, scred->groups); 81115619Sdes if (r < 0) { 82115619Sdes FREE(scred); 83107937Sdes RETURNC(PAM_SYSTEM_ERR); 8494209Sdes } 8594209Sdes scred->ngroups = r; 8694209Sdes r = pam_set_data(pamh, PAM_SAVED_CRED, scred, &openpam_free_data); 8794209Sdes if (r != PAM_SUCCESS) { 88115619Sdes FREE(scred); 89107937Sdes RETURNC(r); 9094209Sdes } 91110503Sdes if (geteuid() == pwd->pw_uid) 92110503Sdes RETURNC(PAM_SUCCESS); 93115619Sdes if (initgroups(pwd->pw_name, pwd->pw_gid) < 0 || 94115619Sdes setegid(pwd->pw_gid) < 0 || seteuid(pwd->pw_uid) < 0) { 9594209Sdes openpam_restore_cred(pamh); 96107937Sdes RETURNC(PAM_SYSTEM_ERR); 9794209Sdes } 98107937Sdes RETURNC(PAM_SUCCESS); 9994209Sdes} 10094209Sdes 10194209Sdes/* 10294209Sdes * Error codes: 10394209Sdes * 10494209Sdes * =pam_set_data 10594209Sdes * PAM_SYSTEM_ERR 10694209Sdes * PAM_BUF_ERR 10794209Sdes * PAM_PERM_DENIED 10894209Sdes */ 10994209Sdes 11094209Sdes/** 11194209Sdes * The =openpam_borrow_cred function saves the current credentials and 112141098Sdes * switches to those of the user specified by its =pwd argument. 113141098Sdes * The affected credentials are the effective UID, the effective GID, and 114141098Sdes * the group access list. 115141098Sdes * The original credentials can be restored using =openpam_restore_cred. 11694209Sdes * 117141098Sdes * >setegid 2 118141098Sdes * >seteuid 2 119141098Sdes * >setgroups 2 12094209Sdes */ 121