diff --git a/doc/man/Makefile b/doc/man/Makefile index dfaf03a..8192df2 100644 --- a/doc/man/Makefile +++ b/doc/man/Makefile @@ -31,12 +31,15 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/doc/man/Makefile#5 $ +# $P4: //depot/projects/openpam/doc/man/Makefile#6 $ # MAN = +MAN += openpam_borrow_cred.3 +MAN += openpam_free_data.3 MAN += openpam_get_option.3 MAN += openpam_log.3 +MAN += openpam_restore_cred.3 MAN += openpam_set_option.3 MAN += openpam_ttyconv.3 MAN += pam.3 diff --git a/include/security/openpam.h b/include/security/openpam.h index b001398..214401a 100644 --- a/include/security/openpam.h +++ b/include/security/openpam.h @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/include/security/openpam.h#14 $ + * $P4: //depot/projects/openpam/include/security/openpam.h#15 $ */ #ifndef _SECURITY_OPENPAM_H_INCLUDED @@ -46,13 +46,27 @@ extern "C" { #endif +struct passwd; + /* * API extensions */ +int +openpam_borrow_cred(pam_handle_t *_pamh, + const struct passwd *_pwd); + +void +openpam_free_data(pam_handle_t *_pamh, + void *_data, + int _status); + const char * openpam_get_option(pam_handle_t *_pamh, const char *_option); +int +openpam_restore_cred(pam_handle_t *_pamh); + int openpam_set_option(pam_handle_t *_pamh, const char *_option, diff --git a/lib/Makefile b/lib/Makefile index d9f38c3..f2fb006 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -31,7 +31,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/lib/Makefile#12 $ +# $P4: //depot/projects/openpam/lib/Makefile#13 $ # LIB = pam @@ -44,12 +44,15 @@ CFLAGS += -I${.CURDIR}/../include CFLAGS += -DLIB_MAJ=${SHLIB_MAJOR} SRCS = +SRCS += openpam_borrow_cred.c SRCS += openpam_dispatch.c SRCS += openpam_dynamic.c SRCS += openpam_findenv.c +SRCS += openpam_free_data.c SRCS += openpam_get_option.c SRCS += openpam_load.c SRCS += openpam_log.c +SRCS += openpam_restore_cred.c SRCS += openpam_set_option.c SRCS += openpam_static.c SRCS += openpam_ttyconv.c diff --git a/lib/openpam_borrow_cred.c b/lib/openpam_borrow_cred.c new file mode 100644 index 0000000..87aed86 --- /dev/null +++ b/lib/openpam_borrow_cred.c @@ -0,0 +1,105 @@ +/*- + * Copyright (c) 2002 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#1 $ + */ + +#include + +#include +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Temporarily borrow user credentials + */ + +int +openpam_borrow_cred(pam_handle_t *pamh, + const struct passwd *pwd) +{ + struct pam_saved_cred *scred; + int r; + + if (geteuid() != 0) + return (PAM_PERM_DENIED); + scred = calloc(1, sizeof *scred); + if (scred == NULL) + return (PAM_BUF_ERR); + scred->euid = geteuid(); + scred->egid = getegid(); + r = getgroups(NGROUPS_MAX, scred->groups); + if (r == -1) { + free(scred); + return (PAM_SYSTEM_ERR); + } + scred->ngroups = r; + r = pam_set_data(pamh, PAM_SAVED_CRED, scred, &openpam_free_data); + if (r != PAM_SUCCESS) { + free(scred); + return (r); + } + if (initgroups(pwd->pw_name, pwd->pw_gid) == -1 || + setegid(pwd->pw_gid) == -1 || seteuid(pwd->pw_uid) == -1) { + openpam_restore_cred(pamh); + return (PAM_SYSTEM_ERR); + } + return (PAM_SUCCESS); +} + +/* + * Error codes: + * + * =pam_set_data + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_PERM_DENIED + */ + +/** + * The =openpam_borrow_cred function saves the current credentials and + * switches to those of the user specified by its =pwd argument. The + * affected credentials are the effective UID, the effective GID, and the + * group access list. The original credentials can be restored using + * =openpam_restore_cred. + * + * >setegid + * >seteuid + * >setgroups + */ diff --git a/lib/openpam_free_data.c b/lib/openpam_free_data.c new file mode 100644 index 0000000..6c71266 --- /dev/null +++ b/lib/openpam_free_data.c @@ -0,0 +1,67 @@ +/*- + * Copyright (c) 2002 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_free_data.c#1 $ + */ + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Generic cleanup function + */ + +void +openpam_free_data(pam_handle_t *pamh, void *data, int status) +{ + /* silence compiler warnings */ + pamh = pamh; + status = status; + free(data); +} + +/* + * Error codes: + */ + +/** + * The =openpam_free_data is a cleanup function suitable for passing to + * =pam_set_data. It simply releases the data by passing its =data + * argument to =free. + */ diff --git a/lib/openpam_impl.h b/lib/openpam_impl.h index 8300b0f..a9b011e 100644 --- a/lib/openpam_impl.h +++ b/lib/openpam_impl.h @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_impl.h#11 $ + * $P4: //depot/projects/openpam/lib/openpam_impl.h#12 $ */ #ifndef _OPENPAM_IMPL_H_INCLUDED @@ -93,6 +93,16 @@ struct pam_handle { int env_size; }; +#ifdef NGROUPS_MAX +#define PAM_SAVED_CRED "pam_saved_cred" +struct pam_saved_cred { + uid_t euid; + gid_t egid; + gid_t groups[NGROUPS_MAX]; + int ngroups; +}; +#endif + #define PAM_OTHER "other" int openpam_dispatch(pam_handle_t *, int, int); diff --git a/lib/openpam_restore_cred.c b/lib/openpam_restore_cred.c new file mode 100644 index 0000000..05c3b10 --- /dev/null +++ b/lib/openpam_restore_cred.c @@ -0,0 +1,86 @@ +/*- + * Copyright (c) 2002 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#1 $ + */ + +#include + +#include +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Restore credentials + */ + +int +openpam_restore_cred(pam_handle_t *pamh) +{ + struct pam_saved_cred *scred; + int r; + + r = pam_get_data(pamh, PAM_SAVED_CRED, (const void **)&scred); + if (r != PAM_SUCCESS) + return (r); + if (scred == NULL) + return (PAM_SYSTEM_ERR); + if (seteuid(scred->euid) == -1 || + setgroups(scred->ngroups, scred->groups) == -1 || + setegid(scred->egid) == -1) + return (PAM_SYSTEM_ERR); + pam_set_data(pamh, PAM_SAVED_CRED, NULL, NULL); + return (PAM_SUCCESS); +} + +/* + * Error codes: + * + * =pam_get_data + * PAM_SYSTEM_ERR + */ + +/** + * The =openpam_restore_cred function restores the credentials saved by + * =openpam_borrow_cred. + * + * >setegid + * >seteuid + * >setgroups + */