openpam_restore_cred.c revision 174832 
194209Sdes/*-
2115619Sdes * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
3174832Sdes * Copyright (c) 2004-2007 Dag-Erling Sm��rgrav
494209Sdes * All rights reserved.
594209Sdes *
694209Sdes * This software was developed for the FreeBSD Project by ThinkSec AS and
799158Sdes * Network Associates Laboratories, the Security Research Division of
899158Sdes * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
999158Sdes * ("CBOSS"), as part of the DARPA CHATS research program.
1094209Sdes *
1194209Sdes * Redistribution and use in source and binary forms, with or without
1294209Sdes * modification, are permitted provided that the following conditions
1394209Sdes * are met:
1494209Sdes * 1. Redistributions of source code must retain the above copyright
1594209Sdes *    notice, this list of conditions and the following disclaimer.
1694209Sdes * 2. Redistributions in binary form must reproduce the above copyright
1794209Sdes *    notice, this list of conditions and the following disclaimer in the
1894209Sdes *    documentation and/or other materials provided with the distribution.
1994209Sdes * 3. The name of the author may not be used to endorse or promote
2094209Sdes *    products derived from this software without specific prior written
2194209Sdes *    permission.
2294209Sdes *
2394209Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
2494209Sdes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
2594209Sdes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
2694209Sdes * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
2794209Sdes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
2894209Sdes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2994209Sdes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
3094209Sdes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
3194209Sdes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
3294209Sdes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
3394209Sdes * SUCH DAMAGE.
3494209Sdes *
35174832Sdes * $Id: openpam_restore_cred.c 408 2007-12-21 11:36:24Z des $
3694209Sdes */
3794209Sdes
3894209Sdes#include <sys/param.h>
3994209Sdes
40115619Sdes#include <grp.h>
41117610Sdes#include <limits.h>
4294209Sdes#include <pwd.h>
4394209Sdes#include <stdlib.h>
4494209Sdes#include <unistd.h>
4594209Sdes
4694209Sdes#include <security/pam_appl.h>
4794209Sdes
4894209Sdes#include "openpam_impl.h"
4994209Sdes
5094209Sdes/*
5194209Sdes * OpenPAM extension
5294209Sdes *
5394209Sdes * Restore credentials
5494209Sdes */
5594209Sdes
5694209Sdesint
5794209Sdesopenpam_restore_cred(pam_handle_t *pamh)
5894209Sdes{
59174832Sdes	const struct pam_saved_cred *scred;
60174832Sdes	const void *scredp;
6194209Sdes	int r;
6294209Sdes
63107937Sdes	ENTER();
64125647Sdes	r = pam_get_data(pamh, PAM_SAVED_CRED, &scredp);
6594209Sdes	if (r != PAM_SUCCESS)
66107937Sdes		RETURNC(r);
67125647Sdes	if (scredp == NULL)
68107937Sdes		RETURNC(PAM_SYSTEM_ERR);
69125647Sdes	scred = scredp;
70110503Sdes	if (scred->euid != geteuid()) {
71115619Sdes		if (seteuid(scred->euid) < 0 ||
72115619Sdes		    setgroups(scred->ngroups, scred->groups) < 0 ||
73115619Sdes		    setegid(scred->egid) < 0)
74110503Sdes			RETURNC(PAM_SYSTEM_ERR);
75110503Sdes	}
7694209Sdes	pam_set_data(pamh, PAM_SAVED_CRED, NULL, NULL);
77107937Sdes	RETURNC(PAM_SUCCESS);
7894209Sdes}
7994209Sdes
8094209Sdes/*
8194209Sdes * Error codes:
8294209Sdes *
8394209Sdes *	=pam_get_data
8494209Sdes *	PAM_SYSTEM_ERR
8594209Sdes */
8694209Sdes
8794209Sdes/**
8894209Sdes * The =openpam_restore_cred function restores the credentials saved by
8994209Sdes * =openpam_borrow_cred.
9094209Sdes *
91141098Sdes * >setegid 2
92141098Sdes * >seteuid 2
93141098Sdes * >setgroups 2
9494209Sdes */
95