smp_set_identity(S)
smp_set_identity --
set user identity
Syntax
cc . . . -lprot
#include <sys/types.h>
#include <prot.h>
int smp_set_identity(userp, reasonp, environp, shellp)
struct smp_user_info *userp;
char **reasonp;
char ***environp;
char **shellp;
Description
smp_set_identity sets the user identity
for programs performing a login service.
The appropriate user and group IDs and privileges are set
as specified in the user's authentication data. The last successful
login time is updated and written back to the databases, and an
audit record is written for a successful login.
Note that this routine also checks the account lock, for the benefit
of applications which do not call
smp_check_pw(S)
(for example,
cron(C)).
environp is set to point to an appropriate environment for use
in a subsequent exece, and shellp is set to point to the
full pathname of the user's shell.
reasonp is used with certain return values to store a descriptive
message.
Return values
Note that this routine also stores its return value for use in auditing of
failures.
SMP_NOTAUTH-
The calling program does not have sufficient privileges to change the
user id, or to set the account privileges.
SMP_ACCTLOCK-
The account is locked, and the session should not continue.
SMP_COMPLETE-
The new user's identity has been successfully assumed.
SMP_EXTFAIL-
External failure; access to remote authentication information failed.
reasonp points to a character string explaining the cause of the
error.
SMP_FAIL-
No memory was available in which to build the new environment.
SMP_OVERRIDE-
Errors were encountered which would normally have resulted in the
routine failing, but since the target account is root and the terminal
is the console, the login process should continue.
reasonp points to a character string giving the type of failure.
Diagnostics
All diagnostics are returned as strings pointed to by the argument
reasonp. It is up to the calling program to display these
for the user. In each case the return value is also noted.
Cannot reread protected password entry
-
An attempt to reread the protected password information for the account failed.
SMP_EXTFAIL is returned.
Cannot reread terminal control entry
-
An attempt to find the terminal entry in the terminal control database failed.
SMP_EXTFAIL is returned.
Cannot rewrite terminal control entry
-
An attempt to update the terminal control database failed.
SMP_EXTFAIL is returned.
Cannot rewrite protected password entry
-
An attempt to update the protected password database failed.
SMP_EXTFAIL is returned.
Cannot change to home directory
-
An attempt to change to the home directory of the account failed.
SMP_EXTFAIL is returned.
Could not set default ULIMIT
-
The ulimit could not be set (see
ulimit(S)).
SMP_EXTFAIL is returned.
Bad supplemental group list
-
An attempt to set the supplemental group list failed.
SMP_EXTFAIL is returned.
Bad login user id
-
The login user ID specified in userp could not be set.
SMP_EXTFAIL is returned.
Bad group id
-
The group ID specified in userp could not be set.
SMP_EXTFAIL is returned.
Bad user id
-
The user ID specified in userp could not be set.
SMP_EXTFAIL is returned.
Unable to set kernel authorizations
-
An attempt to set the kernel authorizations failed (see
setpriv(S)).
SMP_EXTFAIL is returned.
Examples
The following example illustrates the usage of smp_set_identity:
...
switch (smp_check_user(SMP_LOGIN, gets(line), ttyname(0), 0, &userp,
&pwtries, &reason)) {
...
}
switch (smp_set_identity(userp, &reason, &environ, &shell)) {
case SMP_COMPLETE:
break;
case SMP_NOTAUTH:
put("not authorised\n"); /* not running with root perms */
exit(1);
case SMP_EXTFAIL:
put(reason);
put("\n");
exit(1);
case SMP_OVERRIDE:
put(reason);
put("\nroot login on console is allowed\n");
}
/* display last login messages */
{ char *success, *unsuccess;;
switch (smp_get_messages(userp, &success, &unsuccess, &reason)) {
...
}
}
/* execute the user's login shell */
{ static char minusnam[16] = "-";
register i;
strcpy(minusnam+1, basename(shell));
execle(shell, minusnam, (char*)0, environ);
/* shell not an executable binary: turn off the SHELL= env variable */
for (i = 0; environ[i]; i++)
if (strncmp(environ[i], "SHELL=", 6) == 0)
environ[i][6] = 0;
if (access(shell, 05) == 0)
execle("/bin/sh", "sh", shell, minusnam, (char*)0, environ);
}
put("No shell\n");
exit(1);
Files
/lib/libprot.a-
security subsystem library routines
/usr/lib/libp/libprot.a-
as above but used for profiling
/usr/include/prot.h-
defines the smp_user_info structure
/etc/passwd-
password file, see
passwd(F)
/etc/shadow-
shadow password file, see
shadow(F)
/tcb/files/auth/?/*-
protected password database, see
prpw(F)
/etc/auth/system/ttys-
terminal control database, see
ttys(F)
/etc/default/login-
default values for login process, see
login(M)
/etc/passwd-
password file, see
passwd(F)
~/.hushlogin-
user's hushlogin file, see
login(M)
/etc/ttytype-
terminal type setup, see
ttytype(F)
See also
smp_check_user(S),
smp_check_pw(S),
smp_generate_pw(S),
smp_get_messages(S),
smp_pw_change(S),
smp_pw_choice(S),
smp_set_pw(S),
smp_try_pw(S)
Standards conformance
smp_set_identity is not part of any currently
supported standard; it is an extension of AT&T System V
provided by The Santa Cruz Operation, Inc.
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003