sia_become_user - su routine for SIA (Security Integration Architecture)
Standard C library (libc.so and libc.a)
int sia_become_user( sia_collect_func_t *collect, int argc, char **argv, char *hostname, char *username, char *tty, int colinput, char *gssapi, char **envp, int style_flags)
The collect parameter is a pointer to an SIA collection routine. If this pointer is NULL, no collection is possible. If the pointer is not NULL and the can_collect_input parameter entered during the sia_ses_init() call was zero, then this collection routine cannot be used to prompt for input but can be used to display warnings or error messages. This parameter is read only. The argc and argv parameters are used by the underlying security mechanisms for things like generating audit records and initializing database accesses. There should always be at least one argument argv which contains the name of the command or utility issuing a session initialization. These parameters are read only. The hostname parameter is used to determine if the session is being requested by a remote system. If the request is from a remote system, the hostname parameter points to a string containing the remote host information. If information about the requesting remote user is available, the information is in the form "node::user" for DECnet or "[email protected]" for IP. If the remote user information is not available, the information is the remote "host". For local requests, this parameter is passed as a NULL pointer. The username parameter is be set to point to the name or string representing the requesting user if this information is available. Otherwise this parameter is set to NULL. This parameter is read only. The tty parameter is set to point to the name or string representing the requesting or active tty or X display if this information is available. Otherwise this parameter is set to NULL. This parameter is read only. The colinput parameter specifies whether the collection of input is allowed during this session. A "1" means yes and "0" means no. This parameter is read only. The gssapi pointer is for future expansion to utilize gss_api datatypes. It is not currently used and should be set to NULL. This parameter is currently read only. The envp parameter specifies the environment array to add to the environment established for the environment. Refer to exec(2) for a description of environment arrays. style_flags are specified as one or more of the following, or'ed together. Establish only a minimal environment for the user context. chdir() to user's home dir. chdir() to "/" is the user's home directory is not available. This flag is ignored unless SIA_BEU_DOCHDIR or SIA_BEU_REALLOGIN is also set. This is a full login, in the style of rlogind or rshd, rather than a 'su -user' equivalent.This flag implies SIA_BEU_DOCHDIR and SIA_BEU_SETLUID. Set or change the audit ID of the process and call setlogin().
This routine allows a privileged process to establish the full set of credentials for a specified user, for whichever system security mechanisms are in use. This is specifically intended for daemons like sendmail and cron which frequently have to perform unknown operations on behalf of a given user.
The order of operations for this routine are as follows: (Note that in all cases, operations that fail cause succeeding steps to be skipped and the function returns SIAFAIL.)
The sia_become_user() routine returns either SIASUCCESS or SIAFAIL.
The errno value is not (normally) set explicitly by sia_* routines. The errno values are those returned from the dynamic loader interface, from dependent (siad_*) routines, or from malloc. Possible errors include resource constraints (no memory) and various authentication failures.
sia_ses_init(3), siad_ses_init(3), siad_init(3), matrix.conf(4)
Security delim off