openpam_restore_cred.c revision 115619
175584Sru/*- 275584Sru * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 375584Sru * All rights reserved. 4104862Sru * 575584Sru * This software was developed for the FreeBSD Project by ThinkSec AS and 675584Sru * Network Associates Laboratories, the Security Research Division of 775584Sru * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 875584Sru * ("CBOSS"), as part of the DARPA CHATS research program. 975584Sru * 1075584Sru * Redistribution and use in source and binary forms, with or without 1175584Sru * modification, are permitted provided that the following conditions 1275584Sru * are met: 1375584Sru * 1. Redistributions of source code must retain the above copyright 1475584Sru * notice, this list of conditions and the following disclaimer. 15104862Sru * 2. Redistributions in binary form must reproduce the above copyright 1675584Sru * notice, this list of conditions and the following disclaimer in the 1775584Sru * documentation and/or other materials provided with the distribution. 1875584Sru * 3. The name of the author may not be used to endorse or promote 1975584Sru * products derived from this software without specific prior written 2075584Sru * permission. 2175584Sru * 22104862Sru * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 2375584Sru * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2475584Sru * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2575584Sru * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 2675584Sru * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2775584Sru * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2875584Sru * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2975584Sru * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 3075584Sru * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3175584Sru * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3275584Sru * SUCH DAMAGE. 3375584Sru * 3475584Sru * $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#8 $ 3575584Sru */ 3675584Sru 3775584Sru#include <sys/param.h> 3875584Sru 3975584Sru#include <grp.h> 4075584Sru#include <pwd.h> 4175584Sru#include <stdlib.h> 4275584Sru#include <unistd.h> 4375584Sru 4475584Sru#include <security/pam_appl.h> 4575584Sru 4675584Sru#include "openpam_impl.h" 4775584Sru 4875584Sru/* 4975584Sru * OpenPAM extension 5075584Sru * 5175584Sru * Restore credentials 5275584Sru */ 5375584Sru 5475584Sruint 5575584Sruopenpam_restore_cred(pam_handle_t *pamh) 5675584Sru{ 5775584Sru struct pam_saved_cred *scred; 5875584Sru int r; 5975584Sru 6075584Sru ENTER(); 6175584Sru r = pam_get_data(pamh, PAM_SAVED_CRED, (const void **)&scred); 6275584Sru if (r != PAM_SUCCESS) 6375584Sru RETURNC(r); 6475584Sru if (scred == NULL) 6575584Sru RETURNC(PAM_SYSTEM_ERR); 6675584Sru if (scred->euid != geteuid()) { 6775584Sru if (seteuid(scred->euid) < 0 || 6875584Sru setgroups(scred->ngroups, scred->groups) < 0 || 6975584Sru setegid(scred->egid) < 0) 7075584Sru RETURNC(PAM_SYSTEM_ERR); 7175584Sru } 7275584Sru pam_set_data(pamh, PAM_SAVED_CRED, NULL, NULL); 7375584Sru RETURNC(PAM_SUCCESS); 7475584Sru} 7575584Sru 7675584Sru/* 7775584Sru * Error codes: 7875584Sru * 7975584Sru * =pam_get_data 80104862Sru * PAM_SYSTEM_ERR 8175584Sru */ 8275584Sru 8375584Sru/** 8475584Sru * The =openpam_restore_cred function restores the credentials saved by 8575584Sru * =openpam_borrow_cred. 8675584Sru * 8775584Sru * >setegid 8875584Sru * >seteuid 8975584Sru * >setgroups 9075584Sru */ 9175584Sru