NAME
openpam_borrow_cred —
temporarily
borrow user credentials
SYNOPSIS
#include <sys/types.h>
#include <security/pam_appl.h>
#include <security/openpam.h>
int
openpam_borrow_cred(
pam_handle_t
*pamh,
const struct passwd
*pwd);
DESCRIPTION
The
openpam_borrow_cred() function saves the current
credentials and switches to those of the user specified by its
pwd argument. The affected credentials are the effective
UID, the effective GID, and the group access list. The original credentials
can be restored using
openpam_restore_cred(3).
RETURN VALUES
The
openpam_borrow_cred() function returns one of the
following values:
-
-
- [
PAM_SUCCESS
]
- Success.
-
-
- [
PAM_BUF_ERR
]
- Memory buffer error.
-
-
- [
PAM_PERM_DENIED
]
- Permission denied.
-
-
- [
PAM_SYSTEM_ERR
]
- System error.
SEE ALSO
setegid(2),
seteuid(2),
setgroups(2),
openpam_restore_cred(3),
pam(3),
pam_strerror(3)
STANDARDS
The
openpam_borrow_cred() function is an OpenPAM extension.
AUTHORS
The
openpam_borrow_cred() function and this manual page were
developed for the
FreeBSD Project by ThinkSec AS and
Network Associates Laboratories, the Security Research Division of Network
Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
(“CBOSS”), as part of the DARPA CHATS research program.
The OpenPAM library is maintained by
Dag-Erling
Smørgrav
<
des@des.no>.