575 return (PAM_SYSTEM_ERR);
576 }
577
578 tset = def = lim = NULL;
579 deflim.def = deflim.lim = NULL;
580
581 (void) _enum_attrs(user, finddeflim, NULL, &deflim);
582
583 if (getset(deflim.lim, &lim) != 0 || getset(deflim.def, &def) != 0) {
584 ret = PAM_SYSTEM_ERR;
585 goto out;
586 }
587
588 if (def == NULL) {
589 def = priv_allocset();
590 if (def == NULL) {
591 ret = PAM_SYSTEM_ERR;
592 goto out;
593 }
594 priv_basicset(def);
595 errno = 0;
596 if ((pathconf("/", _PC_CHOWN_RESTRICTED) == -1) && (errno == 0))
597 (void) priv_addset(def, PRIV_FILE_CHOWN_SELF);
598 }
599 /*
600 * Silently limit the privileges to those actually available
601 * in the current zone.
602 */
603 tset = priv_allocset();
604 if (tset == NULL) {
605 ret = PAM_SYSTEM_ERR;
606 goto out;
607 }
608 if (getppriv(PRIV_PERMITTED, tset) != 0) {
609 ret = PAM_SYSTEM_ERR;
610 goto out;
611 }
612 if (!priv_issubset(def, tset))
613 priv_intersect(tset, def);
614 /*
|
575 return (PAM_SYSTEM_ERR);
576 }
577
578 tset = def = lim = NULL;
579 deflim.def = deflim.lim = NULL;
580
581 (void) _enum_attrs(user, finddeflim, NULL, &deflim);
582
583 if (getset(deflim.lim, &lim) != 0 || getset(deflim.def, &def) != 0) {
584 ret = PAM_SYSTEM_ERR;
585 goto out;
586 }
587
588 if (def == NULL) {
589 def = priv_allocset();
590 if (def == NULL) {
591 ret = PAM_SYSTEM_ERR;
592 goto out;
593 }
594 priv_basicset(def);
595 (void) priv_addset(def, PRIV_PROC_SECFLAGS);
596 errno = 0;
597 if ((pathconf("/", _PC_CHOWN_RESTRICTED) == -1) && (errno == 0))
598 (void) priv_addset(def, PRIV_FILE_CHOWN_SELF);
599 }
600 /*
601 * Silently limit the privileges to those actually available
602 * in the current zone.
603 */
604 tset = priv_allocset();
605 if (tset == NULL) {
606 ret = PAM_SYSTEM_ERR;
607 goto out;
608 }
609 if (getppriv(PRIV_PERMITTED, tset) != 0) {
610 ret = PAM_SYSTEM_ERR;
611 goto out;
612 }
613 if (!priv_issubset(def, tset))
614 priv_intersect(tset, def);
615 /*
|