DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH
 

smp_set_identity(S)


smp_set_identity -- set user identity

Syntax

cc . . . -lprot
#include <sys/types.h>
#include <prot.h>

int smp_set_identity(userp, reasonp, environp, shellp) struct smp_user_info *userp; char **reasonp; char ***environp; char **shellp;

Description

smp_set_identity sets the user identity for programs performing a login service. The appropriate user and group IDs and privileges are set as specified in the user's authentication data. The last successful login time is updated and written back to the databases, and an audit record is written for a successful login.

Note that this routine also checks the account lock, for the benefit of applications which do not call smp_check_pw(S) (for example, cron(C)).

environp is set to point to an appropriate environment for use in a subsequent exece, and shellp is set to point to the full pathname of the user's shell.

reasonp is used with certain return values to store a descriptive message.

Return values

Note that this routine also stores its return value for use in auditing of failures.

SMP_NOTAUTH
The calling program does not have sufficient privileges to change the user id, or to set the account privileges.

SMP_ACCTLOCK
The account is locked, and the session should not continue.

SMP_COMPLETE
The new user's identity has been successfully assumed.

SMP_EXTFAIL
External failure; access to remote authentication information failed. reasonp points to a character string explaining the cause of the error.

SMP_FAIL
No memory was available in which to build the new environment.

SMP_OVERRIDE
Errors were encountered which would normally have resulted in the routine failing, but since the target account is root and the terminal is the console, the login process should continue. reasonp points to a character string giving the type of failure.

Diagnostics

All diagnostics are returned as strings pointed to by the argument reasonp. It is up to the calling program to display these for the user. In each case the return value is also noted.

Cannot reread protected password entry
An attempt to reread the protected password information for the account failed. SMP_EXTFAIL is returned.

Cannot reread terminal control entry
An attempt to find the terminal entry in the terminal control database failed. SMP_EXTFAIL is returned.

Cannot rewrite terminal control entry
An attempt to update the terminal control database failed. SMP_EXTFAIL is returned.

Cannot rewrite protected password entry
An attempt to update the protected password database failed. SMP_EXTFAIL is returned.

Cannot change to home directory
An attempt to change to the home directory of the account failed. SMP_EXTFAIL is returned.

Could not set default ULIMIT
The ulimit could not be set (see ulimit(S)). SMP_EXTFAIL is returned.

Bad supplemental group list
An attempt to set the supplemental group list failed. SMP_EXTFAIL is returned.

Bad login user id
The login user ID specified in userp could not be set. SMP_EXTFAIL is returned.

Bad group id
The group ID specified in userp could not be set. SMP_EXTFAIL is returned.

Bad user id
The user ID specified in userp could not be set. SMP_EXTFAIL is returned.

Unable to set kernel authorizations
An attempt to set the kernel authorizations failed (see setpriv(S)). SMP_EXTFAIL is returned.

Examples

The following example illustrates the usage of smp_set_identity:
...
    switch (smp_check_user(SMP_LOGIN, gets(line), ttyname(0), 0, &userp,
                                 &pwtries, &reason)) {
    ...
    }

switch (smp_set_identity(userp, &reason, &environ, &shell)) { case SMP_COMPLETE: break; case SMP_NOTAUTH: put("not authorised\n"); /* not running with root perms */ exit(1); case SMP_EXTFAIL: put(reason); put("\n"); exit(1); case SMP_OVERRIDE: put(reason); put("\nroot login on console is allowed\n"); }

/* display last login messages */

{ char *success, *unsuccess;; switch (smp_get_messages(userp, &success, &unsuccess, &reason)) { ... } }

/* execute the user's login shell */

{ static char minusnam[16] = "-"; register i;

strcpy(minusnam+1, basename(shell)); execle(shell, minusnam, (char*)0, environ);

/* shell not an executable binary: turn off the SHELL= env variable */ for (i = 0; environ[i]; i++) if (strncmp(environ[i], "SHELL=", 6) == 0) environ[i][6] = 0;

if (access(shell, 05) == 0) execle("/bin/sh", "sh", shell, minusnam, (char*)0, environ); } put("No shell\n"); exit(1);

Files


/lib/libprot.a
security subsystem library routines

/usr/lib/libp/libprot.a
as above but used for profiling

/usr/include/prot.h
defines the smp_user_info structure

/etc/passwd
password file, see passwd(F)

/etc/shadow
shadow password file, see shadow(F)

/tcb/files/auth/?/*
protected password database, see prpw(F)

/etc/auth/system/ttys
terminal control database, see ttys(F)

/etc/default/login
default values for login process, see login(M)

/etc/passwd
password file, see passwd(F)

~/.hushlogin
user's hushlogin file, see login(M)

/etc/ttytype
terminal type setup, see ttytype(F)

See also

smp_check_user(S), smp_check_pw(S), smp_generate_pw(S), smp_get_messages(S), smp_pw_change(S), smp_pw_choice(S), smp_set_pw(S), smp_try_pw(S)

Standards conformance

smp_set_identity is not part of any currently supported standard; it is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003