unix_cred.c revision 2
2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. 2N/A * unix_cred - PAM auth modules must contain both pam_sm_authenticate 2N/A * and pam_sm_setcred. Some other auth module is responsible 2N/A * only implements pam_sm_setcred so that the authentication 2N/A * can be separated without knowledge of the Solaris Unix style 2N/A * credential setting. 2N/A * Solaris Unix style credential setting includes initializing 2N/A * the audit characteristics if not already initialized and 2N/A * setting the user's default and limit privileges. 2N/A * unix_cred - pam_sm_authenticate 2N/A * Returns PAM_IGNORE. 2N/A * Set the privilege set. The attributes are enumerated by _enum_attrs, 2N/A /* Now remove the bad privilege endp points to */ 2N/A /* Memset above guarantees NUL termination */ 2N/A /* excise bad privilege; strtok ignores 2x sep */ 2N/A "pam_setcred: can't parse privilege specification: %m\n");
2N/A "pam_setcred: unrecognized privilege(s): %s\n",
badp);
2N/A "pam_unix_cred: error allocating userdir buffer space.");
2N/A /* dir exists, but chmod 0700 to be safe */ 2N/A "pam_unix_cred: chmod error on %s: %m",
2N/A "pam_unix_cred: chown error on %s: %m",
2N/A * unix_cred - pam_sm_setcred 2N/A * Entry flags = PAM_ESTABLISH_CRED, set up Solaris Unix cred. 2N/A * PAM_DELETE_CRED, NOP, return PAM_SUCCESS. 2N/A * PAM_REINITIALIZE_CRED, set up Solaris Unix cred, 2N/A * or merge the current context with the new 2N/A * PAM_REFRESH_CRED, set up Solaris Unix cred. 2N/A * PAM_SILENT, print no messages to user. 2N/A * Returns PAM_SUCCESS, if all successful. 2N/A * PAM_CRED_ERR, if unable to set credentials. 2N/A * PAM_USER_UNKNOWN, if PAM_USER not set, or unable to find 2N/A * user in databases. 2N/A * PAM_SYSTEM_ERR, if no valid flag, or unable to get/set 2N/A * user's audit state. 2N/A "pam_unix_cred: pam_sm_setcred(flags = %x, argc= %d)",
2N/A "pam_unix_cred: USER NULL or empty!\n");
2N/A "pam_unix_cred: user = %s, auser = %s, rhost = %s, " 2N/A /* validate flags */ 2N/A /* set default flag */ 2N/A "pam_unix_cred: invalid flags %x",
flags);
2N/A * if auditing on and process audit state not set, 2N/A * setup audit context for process. 2N/A "pam_unix_cred: cannot create start audit session %m");
2N/A "pam_unix_cred: cannot get passwd entry for user = %s",
2N/A * tolerate not being able to 2N/A * translate local hostname 2N/A * to a termid -- it will be 2N/A "pam_unix_cred: cannot load " 2N/A "ttyname: %m, continuing.");
2N/A "pam_unix_cred: cannot load " 2N/A "pam_unix_cred: cannot load " 2N/A "pam_unix_cred: cannot load " 2N/A "pam_unix_cred: cannot load " 2N/A * set up the initial audit for user coming 2N/A "pam_unix_cred: cannot set auser audit " 2N/A "pam_unix_cred: cannot merge user audit " 2N/A "pam_unix_cred: new audit set for %d:%d",
2N/A * No authenticated user or authenticated user is 2N/A * not a local user, no remote attribution, set 2N/A * up the initial audit as for direct user login 2N/A "pam_unix_cred: cannot set user audit %m");
2N/A "pam_unix_cred: cannot set process audit %m");
2N/A "pam_unix_cred: new audit set for %d",
2N/A "pam_unix_cred: cannot set user audit %m");
2N/A "pam_unix_cred: cannot set process audit %m");
2N/A "pam_unix_cred: audit merged for %d:%d",
2N/A "pam_unix_cred: audit already set for %d",
auid);
2N/A "pam_unix_cred: unable to end audit session");
2N/A /* Initialize the user's project */ 2N/A /* projname points into kvs, so this is the first opportunity to free */ 2N/A "pam_unix_cred: no default project for user %s",
user);
2N/A "pam_unix_cred: project \"%s\" resource " 2N/A "control limit has been reached",
2N/A "Resource control limit has been " 2N/A "pam_unix_cred: user %s could not join " 2N/A "Could not join default project"));
2N/A "Could not bind to resource pool"));
2N/A "pam_unix_cred: project \"%s\" could not " 2N/A "bind to resource pool: No resource pool " 2N/A "accepting default bindings exists",
2N/A "No resource pool accepting " 2N/A "default bindings exists"));
2N/A "pam_unix_cred: project \"%s\" could not " 2N/A "bind to resource pool: The resource pool " 2N/A "The specified resource pool " 2N/A "Failure during pool binding"));
2N/A "pam_unix_cred: project \"%s\" could not " 2N/A * Resource control assignment failed. Unlike 2N/A * newtask(1m), we treat this as an error. 2N/A * This isn't supposed to happen, but in 2N/A * case it does, this error message 2N/A * doesn't use error as an index, like 2N/A "pam_unix_cred: unkwown error joining " 2N/A "unkwown error joining project \"%s\"" 2N/A "pam_unix_cred: %s resource control " 2N/A "assignment failed for project \"%s\"",
2N/A "%s resource control assignment failed for " 2N/A "pam_unix_cred: resource control " 2N/A "assignment failed for project \"%s\"" 2N/A "resource control assignment failed for " 2N/A "project \"%s\" attribute %d"),
2N/A /* Always continue for root */ 2N/A * Silently limit the privileges to those actually available 2N/A * in the current zone. 2N/A * We set privilege awareness here so that I gets copied to 2N/A * P & E when the final setuid(uid) happens. 2N/A "pam_setcred: setppriv(defaultpriv) failed: %m");
2N/A * Silently limit the privileges to the limit set available. 2N/A "pam_setcred: setppriv(limitpriv) failed: %m");
2N/A * In order not to surprise certain applications, we 2N/A * need to get rid of privilege awareness and thus we must 2N/A * set this flag which will cause a reset on set*uid(). 2N/A * This may fail but we do not care as this will be reset later 2N/A * when the uids are set to their final values. 2N/A * Remove PRIV_PFEXEC; stop running as if we are under a profile 2N/A * shell. A user with a profile shell will set PRIV_PFEXEC. 2N/A * Remove PRIV_XPOLICY; this removes the extended policy. 2N/A * Install the new extended policy, if required. 2N/A "pam_setcred: Extended Policy failed to install: %m");
2N/A * Create the /var/user/$USER area if it is not already 2N/A * present. pwd buffer refers to PAM_USER. 2N/A * PAM_REFRESH_CRED is usually a screen unlock like event 2N/A * so that isn't an appropriate time to create this.