openpam_restore_cred.c revision 174832
194209Sdes/*- 2115619Sdes * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 3174832Sdes * Copyright (c) 2004-2007 Dag-Erling Sm��rgrav 494209Sdes * All rights reserved. 594209Sdes * 694209Sdes * This software was developed for the FreeBSD Project by ThinkSec AS and 799158Sdes * Network Associates Laboratories, the Security Research Division of 899158Sdes * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 999158Sdes * ("CBOSS"), as part of the DARPA CHATS research program. 1094209Sdes * 1194209Sdes * Redistribution and use in source and binary forms, with or without 1294209Sdes * modification, are permitted provided that the following conditions 1394209Sdes * are met: 1494209Sdes * 1. Redistributions of source code must retain the above copyright 1594209Sdes * notice, this list of conditions and the following disclaimer. 1694209Sdes * 2. Redistributions in binary form must reproduce the above copyright 1794209Sdes * notice, this list of conditions and the following disclaimer in the 1894209Sdes * documentation and/or other materials provided with the distribution. 1994209Sdes * 3. The name of the author may not be used to endorse or promote 2094209Sdes * products derived from this software without specific prior written 2194209Sdes * permission. 2294209Sdes * 2394209Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 2494209Sdes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2594209Sdes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2694209Sdes * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 2794209Sdes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2894209Sdes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2994209Sdes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 3094209Sdes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 3194209Sdes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3294209Sdes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3394209Sdes * SUCH DAMAGE. 3494209Sdes * 35174832Sdes * $Id: openpam_restore_cred.c 408 2007-12-21 11:36:24Z des $ 3694209Sdes */ 3794209Sdes 3894209Sdes#include <sys/param.h> 3994209Sdes 40115619Sdes#include <grp.h> 41117610Sdes#include <limits.h> 4294209Sdes#include <pwd.h> 4394209Sdes#include <stdlib.h> 4494209Sdes#include <unistd.h> 4594209Sdes 4694209Sdes#include <security/pam_appl.h> 4794209Sdes 4894209Sdes#include "openpam_impl.h" 4994209Sdes 5094209Sdes/* 5194209Sdes * OpenPAM extension 5294209Sdes * 5394209Sdes * Restore credentials 5494209Sdes */ 5594209Sdes 5694209Sdesint 5794209Sdesopenpam_restore_cred(pam_handle_t *pamh) 5894209Sdes{ 59174832Sdes const struct pam_saved_cred *scred; 60174832Sdes const void *scredp; 6194209Sdes int r; 6294209Sdes 63107937Sdes ENTER(); 64125647Sdes r = pam_get_data(pamh, PAM_SAVED_CRED, &scredp); 6594209Sdes if (r != PAM_SUCCESS) 66107937Sdes RETURNC(r); 67125647Sdes if (scredp == NULL) 68107937Sdes RETURNC(PAM_SYSTEM_ERR); 69125647Sdes scred = scredp; 70110503Sdes if (scred->euid != geteuid()) { 71115619Sdes if (seteuid(scred->euid) < 0 || 72115619Sdes setgroups(scred->ngroups, scred->groups) < 0 || 73115619Sdes setegid(scred->egid) < 0) 74110503Sdes RETURNC(PAM_SYSTEM_ERR); 75110503Sdes } 7694209Sdes pam_set_data(pamh, PAM_SAVED_CRED, NULL, NULL); 77107937Sdes RETURNC(PAM_SUCCESS); 7894209Sdes} 7994209Sdes 8094209Sdes/* 8194209Sdes * Error codes: 8294209Sdes * 8394209Sdes * =pam_get_data 8494209Sdes * PAM_SYSTEM_ERR 8594209Sdes */ 8694209Sdes 8794209Sdes/** 8894209Sdes * The =openpam_restore_cred function restores the credentials saved by 8994209Sdes * =openpam_borrow_cred. 9094209Sdes * 91141098Sdes * >setegid 2 92141098Sdes * >seteuid 2 93141098Sdes * >setgroups 2 9494209Sdes */ 95