1997-01-04 16:50:08 +00:00
|
|
|
/*-
|
|
|
|
* Copyright (c) 1996 by
|
|
|
|
* Sean Eric Fagan <sef@kithrup.com>
|
|
|
|
* David Nugent <davidn@blaze.net.au>
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, is permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice immediately at the beginning of the file, without modification,
|
|
|
|
* this list of conditions, and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. This work was done expressly for inclusion into FreeBSD. Other use
|
|
|
|
* is permitted provided this notation is included.
|
|
|
|
* 4. Absolutely no warranty of function or purpose is made by the authors.
|
|
|
|
* 5. Modifications may be freely made to this file providing the above
|
|
|
|
* conditions are met.
|
|
|
|
*
|
|
|
|
* High-level routines relating to use of the user capabilities database
|
|
|
|
*/
|
|
|
|
|
2001-09-30 22:35:07 +00:00
|
|
|
#include <sys/cdefs.h>
|
|
|
|
__FBSDID("$FreeBSD$");
|
|
|
|
|
2008-07-25 19:58:14 +00:00
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/cpuset.h>
|
2003-06-14 18:42:37 +00:00
|
|
|
#include <sys/mac.h>
|
2008-10-20 16:48:18 +00:00
|
|
|
#include <sys/resource.h>
|
2003-06-14 18:42:37 +00:00
|
|
|
#include <sys/rtprio.h>
|
2008-10-20 16:48:18 +00:00
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/time.h>
|
|
|
|
|
|
|
|
#include <ctype.h>
|
|
|
|
#include <err.h>
|
2003-06-14 18:42:37 +00:00
|
|
|
#include <errno.h>
|
1997-01-04 16:50:08 +00:00
|
|
|
#include <fcntl.h>
|
|
|
|
#include <login_cap.h>
|
|
|
|
#include <paths.h>
|
2003-06-14 18:42:37 +00:00
|
|
|
#include <pwd.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <syslog.h>
|
|
|
|
#include <unistd.h>
|
1997-01-04 16:50:08 +00:00
|
|
|
|
|
|
|
|
|
|
|
static struct login_res {
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
const char *what;
|
|
|
|
rlim_t (*who)(login_cap_t *, const char *, rlim_t, rlim_t);
|
|
|
|
int why;
|
1997-01-04 16:50:08 +00:00
|
|
|
} resources[] = {
|
Integrate the new MPSAFE TTY layer to the FreeBSD operating system.
The last half year I've been working on a replacement TTY layer for the
FreeBSD kernel. The new TTY layer was designed to improve the following:
- Improved driver model:
The old TTY layer has a driver model that is not abstract enough to
make it friendly to use. A good example is the output path, where the
device drivers directly access the output buffers. This means that an
in-kernel PPP implementation must always convert network buffers into
TTY buffers.
If a PPP implementation would be built on top of the new TTY layer
(still needs a hooks layer, though), it would allow the PPP
implementation to directly hand the data to the TTY driver.
- Improved hotplugging:
With the old TTY layer, it isn't entirely safe to destroy TTY's from
the system. This implementation has a two-step destructing design,
where the driver first abandons the TTY. After all threads have left
the TTY, the TTY layer calls a routine in the driver, which can be
used to free resources (unit numbers, etc).
The pts(4) driver also implements this feature, which means
posix_openpt() will now return PTY's that are created on the fly.
- Improved performance:
One of the major improvements is the per-TTY mutex, which is expected
to improve scalability when compared to the old Giant locking.
Another change is the unbuffered copying to userspace, which is both
used on TTY device nodes and PTY masters.
Upgrading should be quite straightforward. Unlike previous versions,
existing kernel configuration files do not need to be changed, except
when they reference device drivers that are listed in UPDATING.
Obtained from: //depot/projects/mpsafetty/...
Approved by: philip (ex-mentor)
Discussed: on the lists, at BSDCan, at the DevSummit
Sponsored by: Snow B.V., the Netherlands
dcons(4) fixed by: kan
2008-08-20 08:31:58 +00:00
|
|
|
{ "cputime", login_getcaptime, RLIMIT_CPU },
|
|
|
|
{ "filesize", login_getcapsize, RLIMIT_FSIZE },
|
|
|
|
{ "datasize", login_getcapsize, RLIMIT_DATA },
|
|
|
|
{ "stacksize", login_getcapsize, RLIMIT_STACK },
|
|
|
|
{ "memoryuse", login_getcapsize, RLIMIT_RSS },
|
|
|
|
{ "memorylocked", login_getcapsize, RLIMIT_MEMLOCK },
|
|
|
|
{ "maxproc", login_getcapnum, RLIMIT_NPROC },
|
|
|
|
{ "openfiles", login_getcapnum, RLIMIT_NOFILE },
|
|
|
|
{ "coredumpsize", login_getcapsize, RLIMIT_CORE },
|
|
|
|
{ "sbsize", login_getcapsize, RLIMIT_SBSIZE },
|
|
|
|
{ "vmemoryuse", login_getcapsize, RLIMIT_VMEM },
|
|
|
|
{ "pseudoterminals", login_getcapnum, RLIMIT_NPTS },
|
2009-06-23 20:57:27 +00:00
|
|
|
{ "swapuse", login_getcapsize, RLIMIT_SWAP },
|
Integrate the new MPSAFE TTY layer to the FreeBSD operating system.
The last half year I've been working on a replacement TTY layer for the
FreeBSD kernel. The new TTY layer was designed to improve the following:
- Improved driver model:
The old TTY layer has a driver model that is not abstract enough to
make it friendly to use. A good example is the output path, where the
device drivers directly access the output buffers. This means that an
in-kernel PPP implementation must always convert network buffers into
TTY buffers.
If a PPP implementation would be built on top of the new TTY layer
(still needs a hooks layer, though), it would allow the PPP
implementation to directly hand the data to the TTY driver.
- Improved hotplugging:
With the old TTY layer, it isn't entirely safe to destroy TTY's from
the system. This implementation has a two-step destructing design,
where the driver first abandons the TTY. After all threads have left
the TTY, the TTY layer calls a routine in the driver, which can be
used to free resources (unit numbers, etc).
The pts(4) driver also implements this feature, which means
posix_openpt() will now return PTY's that are created on the fly.
- Improved performance:
One of the major improvements is the per-TTY mutex, which is expected
to improve scalability when compared to the old Giant locking.
Another change is the unbuffered copying to userspace, which is both
used on TTY device nodes and PTY masters.
Upgrading should be quite straightforward. Unlike previous versions,
existing kernel configuration files do not need to be changed, except
when they reference device drivers that are listed in UPDATING.
Obtained from: //depot/projects/mpsafetty/...
Approved by: philip (ex-mentor)
Discussed: on the lists, at BSDCan, at the DevSummit
Sponsored by: Snow B.V., the Netherlands
dcons(4) fixed by: kan
2008-08-20 08:31:58 +00:00
|
|
|
{ NULL, 0, 0 }
|
1997-01-04 16:50:08 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
setclassresources(login_cap_t *lc)
|
|
|
|
{
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
struct login_res *lr;
|
1997-01-07 16:28:12 +00:00
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
if (lc == NULL)
|
|
|
|
return;
|
1997-01-04 16:50:08 +00:00
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
for (lr = resources; lr->what != NULL; ++lr) {
|
|
|
|
struct rlimit rlim;
|
1997-01-04 16:50:08 +00:00
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
/*
|
|
|
|
* The login.conf file can have <limit>, <limit>-max, and
|
|
|
|
* <limit>-cur entries.
|
|
|
|
* What we do is get the current current- and maximum- limits.
|
|
|
|
* Then, we try to get an entry for <limit> from the capability,
|
|
|
|
* using the current and max limits we just got as the
|
|
|
|
* default/error values.
|
|
|
|
* *Then*, we try looking for <limit>-cur and <limit>-max,
|
|
|
|
* again using the appropriate values as the default/error
|
|
|
|
* conditions.
|
|
|
|
*/
|
1997-01-04 16:50:08 +00:00
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
if (getrlimit(lr->why, &rlim) != 0)
|
|
|
|
syslog(LOG_ERR, "getting %s resource limit: %m", lr->what);
|
|
|
|
else {
|
2008-10-20 16:48:18 +00:00
|
|
|
char name_cur[40];
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
char name_max[40];
|
|
|
|
rlim_t rcur = rlim.rlim_cur;
|
|
|
|
rlim_t rmax = rlim.rlim_max;
|
|
|
|
|
|
|
|
sprintf(name_cur, "%s-cur", lr->what);
|
|
|
|
sprintf(name_max, "%s-max", lr->what);
|
|
|
|
|
|
|
|
rcur = (*lr->who)(lc, lr->what, rcur, rcur);
|
|
|
|
rmax = (*lr->who)(lc, lr->what, rmax, rmax);
|
|
|
|
rlim.rlim_cur = (*lr->who)(lc, name_cur, rcur, rcur);
|
|
|
|
rlim.rlim_max = (*lr->who)(lc, name_max, rmax, rmax);
|
2008-10-20 16:48:18 +00:00
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
if (setrlimit(lr->why, &rlim) == -1)
|
|
|
|
syslog(LOG_WARNING, "set class '%s' resource limit %s: %m", lc->lc_class, lr->what);
|
|
|
|
}
|
|
|
|
}
|
1997-01-04 16:50:08 +00:00
|
|
|
}
|
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
|
|
|
|
|
1997-01-04 16:50:08 +00:00
|
|
|
static struct login_vars {
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
const char *tag;
|
|
|
|
const char *var;
|
|
|
|
const char *def;
|
2002-06-28 14:45:30 +00:00
|
|
|
int overwrite;
|
1997-01-04 16:50:08 +00:00
|
|
|
} pathvars[] = {
|
2002-06-28 14:45:30 +00:00
|
|
|
{ "path", "PATH", NULL, 1},
|
|
|
|
{ "cdpath", "CDPATH", NULL, 1},
|
|
|
|
{ "manpath", "MANPATH", NULL, 1},
|
|
|
|
{ NULL, NULL, NULL, 0}
|
1997-01-04 16:50:08 +00:00
|
|
|
}, envars[] = {
|
2002-06-28 14:45:30 +00:00
|
|
|
{ "lang", "LANG", NULL, 1},
|
|
|
|
{ "charset", "MM_CHARSET", NULL, 1},
|
|
|
|
{ "timezone", "TZ", NULL, 1},
|
|
|
|
{ "term", "TERM", NULL, 0},
|
|
|
|
{ NULL, NULL, NULL, 0}
|
1997-01-04 16:50:08 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static char *
|
2002-04-08 11:04:56 +00:00
|
|
|
substvar(const char * var, const struct passwd * pwd, int hlen, int pch, int nlen)
|
1997-01-04 16:50:08 +00:00
|
|
|
{
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
char *np = NULL;
|
|
|
|
|
|
|
|
if (var != NULL) {
|
|
|
|
int tildes = 0;
|
|
|
|
int dollas = 0;
|
|
|
|
char *p;
|
2008-11-04 13:49:53 +00:00
|
|
|
const char *q;
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
|
|
|
|
if (pwd != NULL) {
|
2008-11-04 13:49:53 +00:00
|
|
|
for (q = var; *q != '\0'; ++q) {
|
|
|
|
tildes += (*q == '~');
|
|
|
|
dollas += (*q == '$');
|
|
|
|
}
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
}
|
1997-01-04 16:50:08 +00:00
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
np = malloc(strlen(var) + (dollas * nlen)
|
|
|
|
- dollas + (tildes * (pch+hlen))
|
|
|
|
- tildes + 1);
|
|
|
|
|
|
|
|
if (np != NULL) {
|
|
|
|
p = strcpy(np, var);
|
|
|
|
|
|
|
|
if (pwd != NULL) {
|
|
|
|
/*
|
|
|
|
* This loop does user username and homedir substitutions
|
|
|
|
* for unescaped $ (username) and ~ (homedir)
|
|
|
|
*/
|
|
|
|
while (*(p += strcspn(p, "~$")) != '\0') {
|
|
|
|
int l = strlen(p);
|
|
|
|
|
1999-05-13 16:16:46 +00:00
|
|
|
if (p > np && *(p-1) == '\\') /* Escaped: */
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
memmove(p - 1, p, l + 1); /* Slide-out the backslash */
|
|
|
|
else if (*p == '~') {
|
|
|
|
int v = pch && *(p+1) != '/'; /* Avoid double // */
|
|
|
|
memmove(p + hlen + v, p + 1, l); /* Subst homedir */
|
|
|
|
memmove(p, pwd->pw_dir, hlen);
|
|
|
|
if (v)
|
|
|
|
p[hlen] = '/';
|
|
|
|
p += hlen + v;
|
|
|
|
}
|
|
|
|
else /* if (*p == '$') */ {
|
|
|
|
memmove(p + nlen, p + 1, l); /* Subst username */
|
|
|
|
memmove(p, pwd->pw_name, nlen);
|
|
|
|
p += nlen;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
1997-01-04 16:50:08 +00:00
|
|
|
}
|
|
|
|
}
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
|
2008-10-20 16:51:43 +00:00
|
|
|
return (np);
|
1997-01-04 16:50:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
setclassenvironment(login_cap_t *lc, const struct passwd * pwd, int paths)
|
|
|
|
{
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
struct login_vars *vars = paths ? pathvars : envars;
|
|
|
|
int hlen = pwd ? strlen(pwd->pw_dir) : 0;
|
|
|
|
int nlen = pwd ? strlen(pwd->pw_name) : 0;
|
|
|
|
char pch = 0;
|
1997-01-04 16:50:08 +00:00
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
if (hlen && pwd->pw_dir[hlen-1] != '/')
|
|
|
|
++pch;
|
1997-01-04 16:50:08 +00:00
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
while (vars->tag != NULL) {
|
2002-04-08 11:04:56 +00:00
|
|
|
const char * var = paths ? login_getpath(lc, vars->tag, NULL)
|
|
|
|
: login_getcapstr(lc, vars->tag, NULL, NULL);
|
1997-01-04 16:50:08 +00:00
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
char * np = substvar(var, pwd, hlen, pch, nlen);
|
1997-01-04 16:50:08 +00:00
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
if (np != NULL) {
|
2002-06-28 14:45:30 +00:00
|
|
|
setenv(vars->var, np, vars->overwrite);
|
1997-01-04 16:50:08 +00:00
|
|
|
free(np);
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
} else if (vars->def != NULL) {
|
|
|
|
setenv(vars->var, vars->def, 0);
|
|
|
|
}
|
|
|
|
++vars;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If we're not processing paths, then see if there is a setenv list by
|
|
|
|
* which the admin and/or user may set an arbitrary set of env vars.
|
|
|
|
*/
|
|
|
|
if (!paths) {
|
2003-10-18 10:04:16 +00:00
|
|
|
const char **set_env = login_getcaplist(lc, "setenv", ",");
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
|
|
|
|
if (set_env != NULL) {
|
|
|
|
while (*set_env != NULL) {
|
|
|
|
char *p = strchr(*set_env, '=');
|
|
|
|
|
|
|
|
if (p != NULL) { /* Discard invalid entries */
|
|
|
|
char *np;
|
|
|
|
|
|
|
|
*p++ = '\0';
|
|
|
|
if ((np = substvar(p, pwd, hlen, pch, nlen)) != NULL) {
|
|
|
|
setenv(*set_env, np, 1);
|
|
|
|
free(np);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
++set_env;
|
|
|
|
}
|
1997-01-04 16:50:08 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-07-25 19:58:14 +00:00
|
|
|
static int
|
|
|
|
list2cpuset(const char *list, cpuset_t *mask)
|
|
|
|
{
|
|
|
|
enum { NONE, NUM, DASH } state;
|
|
|
|
int lastnum;
|
|
|
|
int curnum;
|
|
|
|
const char *l;
|
|
|
|
|
|
|
|
state = NONE;
|
|
|
|
curnum = lastnum = 0;
|
|
|
|
for (l = list; *l != '\0';) {
|
|
|
|
if (isdigit(*l)) {
|
|
|
|
curnum = atoi(l);
|
|
|
|
if (curnum > CPU_SETSIZE)
|
|
|
|
errx(EXIT_FAILURE,
|
|
|
|
"Only %d cpus supported", CPU_SETSIZE);
|
|
|
|
while (isdigit(*l))
|
|
|
|
l++;
|
|
|
|
switch (state) {
|
|
|
|
case NONE:
|
|
|
|
lastnum = curnum;
|
|
|
|
state = NUM;
|
|
|
|
break;
|
|
|
|
case DASH:
|
|
|
|
for (; lastnum <= curnum; lastnum++)
|
|
|
|
CPU_SET(lastnum, mask);
|
|
|
|
state = NONE;
|
|
|
|
break;
|
|
|
|
case NUM:
|
|
|
|
default:
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
switch (*l) {
|
|
|
|
case ',':
|
|
|
|
switch (state) {
|
|
|
|
case NONE:
|
|
|
|
break;
|
|
|
|
case NUM:
|
|
|
|
CPU_SET(curnum, mask);
|
|
|
|
state = NONE;
|
|
|
|
break;
|
|
|
|
case DASH:
|
|
|
|
return (0);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case '-':
|
|
|
|
if (state != NUM)
|
|
|
|
return (0);
|
|
|
|
state = DASH;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
l++;
|
|
|
|
}
|
|
|
|
switch (state) {
|
|
|
|
case NONE:
|
|
|
|
break;
|
|
|
|
case NUM:
|
|
|
|
CPU_SET(curnum, mask);
|
|
|
|
break;
|
|
|
|
case DASH:
|
|
|
|
return (0);
|
|
|
|
}
|
2008-10-20 16:51:43 +00:00
|
|
|
return (1);
|
2008-07-25 19:58:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
setclasscpumask(login_cap_t *lc)
|
|
|
|
{
|
|
|
|
const char *maskstr;
|
|
|
|
cpuset_t maskset;
|
|
|
|
cpusetid_t setid;
|
|
|
|
|
|
|
|
maskstr = login_getcapstr(lc, "cpumask", NULL, NULL);
|
|
|
|
CPU_ZERO(&maskset);
|
|
|
|
if (maskstr == NULL)
|
|
|
|
return;
|
|
|
|
if (strcasecmp("default", maskstr) == 0)
|
|
|
|
return;
|
|
|
|
if (!list2cpuset(maskstr, &maskset)) {
|
|
|
|
syslog(LOG_WARNING,
|
|
|
|
"list2cpuset(%s) invalid mask specification", maskstr);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (cpuset(&setid) != 0) {
|
|
|
|
syslog(LOG_ERR, "cpuset(): %s", strerror(errno));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (cpuset_setaffinity(CPU_LEVEL_CPUSET, CPU_WHICH_PID, -1,
|
|
|
|
sizeof(maskset), &maskset) != 0)
|
|
|
|
syslog(LOG_ERR, "cpuset_setaffinity(%s): %s", maskstr,
|
|
|
|
strerror(errno));
|
|
|
|
}
|
|
|
|
|
|
|
|
|
1997-01-04 16:50:08 +00:00
|
|
|
/*
|
|
|
|
* setclasscontext()
|
|
|
|
*
|
|
|
|
* For the login class <class>, set various class context values
|
|
|
|
* (limits, mainly) to the values for that class. Which values are
|
|
|
|
* set are controlled by <flags> -- see <login_class.h> for the
|
|
|
|
* possible values.
|
|
|
|
*
|
|
|
|
* setclasscontext() can only set resources, priority, and umask.
|
|
|
|
*/
|
|
|
|
|
|
|
|
int
|
|
|
|
setclasscontext(const char *classname, unsigned int flags)
|
|
|
|
{
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
int rc;
|
|
|
|
login_cap_t *lc;
|
|
|
|
|
|
|
|
lc = login_getclassbyname(classname, NULL);
|
|
|
|
|
|
|
|
flags &= LOGIN_SETRESOURCES | LOGIN_SETPRIORITY |
|
|
|
|
LOGIN_SETUMASK | LOGIN_SETPATH;
|
|
|
|
|
|
|
|
rc = lc ? setusercontext(lc, NULL, 0, flags) : -1;
|
|
|
|
login_close(lc);
|
2008-10-20 16:51:43 +00:00
|
|
|
return (rc);
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
2007-05-01 18:50:33 +00:00
|
|
|
* Private function which takes care of processing
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
static mode_t
|
|
|
|
setlogincontext(login_cap_t *lc, const struct passwd *pwd,
|
|
|
|
mode_t mymask, unsigned long flags)
|
|
|
|
{
|
|
|
|
if (lc) {
|
|
|
|
/* Set resources */
|
|
|
|
if (flags & LOGIN_SETRESOURCES)
|
|
|
|
setclassresources(lc);
|
|
|
|
/* See if there's a umask override */
|
|
|
|
if (flags & LOGIN_SETUMASK)
|
|
|
|
mymask = (mode_t)login_getcapnum(lc, "umask", mymask, mymask);
|
|
|
|
/* Set paths */
|
|
|
|
if (flags & LOGIN_SETPATH)
|
|
|
|
setclassenvironment(lc, pwd, 1);
|
|
|
|
/* Set environment */
|
|
|
|
if (flags & LOGIN_SETENV)
|
|
|
|
setclassenvironment(lc, pwd, 0);
|
2008-07-25 19:58:14 +00:00
|
|
|
/* Set cpu affinity */
|
|
|
|
if (flags & LOGIN_SETCPUMASK)
|
|
|
|
setclasscpumask(lc);
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
}
|
2008-10-20 16:51:43 +00:00
|
|
|
return (mymask);
|
1997-01-04 16:50:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
|
1997-01-04 16:50:08 +00:00
|
|
|
/*
|
|
|
|
* setusercontext()
|
|
|
|
*
|
|
|
|
* Given a login class <lc> and a user in <pwd>, with a uid <uid>,
|
|
|
|
* set the context as in setclasscontext(). <flags> controls which
|
|
|
|
* values are set.
|
|
|
|
*
|
|
|
|
* The difference between setclasscontext() and setusercontext() is
|
|
|
|
* that the former sets things up for an already-existing process,
|
|
|
|
* while the latter sets things up from a root context. Such as might
|
|
|
|
* be called from login(1).
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
int
|
|
|
|
setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned int flags)
|
|
|
|
{
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
quad_t p;
|
|
|
|
mode_t mymask;
|
|
|
|
login_cap_t *llc = NULL;
|
1998-05-25 03:55:23 +00:00
|
|
|
struct rtprio rtp;
|
2002-10-23 03:17:22 +00:00
|
|
|
int error;
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
|
|
|
|
if (lc == NULL) {
|
|
|
|
if (pwd != NULL && (lc = login_getpwclass(pwd)) != NULL)
|
|
|
|
llc = lc; /* free this when we're done */
|
1997-01-04 16:50:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (flags & LOGIN_SETPATH)
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
pathvars[0].def = uid ? _PATH_DEFPATH : _PATH_STDPATH;
|
1997-01-04 16:50:08 +00:00
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
/* we need a passwd entry to set these */
|
|
|
|
if (pwd == NULL)
|
2002-11-12 22:30:01 +00:00
|
|
|
flags &= ~(LOGIN_SETGROUP | LOGIN_SETLOGIN | LOGIN_SETMAC);
|
1997-01-04 16:50:08 +00:00
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
/* Set the process priority */
|
|
|
|
if (flags & LOGIN_SETPRIORITY) {
|
|
|
|
p = login_getcapnum(lc, "priority", LOGIN_DEFPRI, LOGIN_DEFPRI);
|
1997-01-04 16:50:08 +00:00
|
|
|
|
2007-05-01 18:50:33 +00:00
|
|
|
if (p > PRIO_MAX) {
|
1998-05-25 03:55:23 +00:00
|
|
|
rtp.type = RTP_PRIO_IDLE;
|
|
|
|
rtp.prio = p - PRIO_MAX - 1;
|
|
|
|
p = (rtp.prio > RTP_PRIO_MAX) ? 31 : p;
|
2007-05-01 18:50:33 +00:00
|
|
|
if (rtprio(RTP_SET, 0, &rtp))
|
1998-05-25 03:55:23 +00:00
|
|
|
syslog(LOG_WARNING, "rtprio '%s' (%s): %m",
|
|
|
|
pwd->pw_name, lc ? lc->lc_class : LOGIN_DEFCLASS);
|
2007-05-01 18:50:33 +00:00
|
|
|
} else if (p < PRIO_MIN) {
|
1998-05-25 03:55:23 +00:00
|
|
|
rtp.type = RTP_PRIO_REALTIME;
|
|
|
|
rtp.prio = abs(p - PRIO_MIN + RTP_PRIO_MAX);
|
|
|
|
p = (rtp.prio > RTP_PRIO_MAX) ? 1 : p;
|
2007-05-01 18:50:33 +00:00
|
|
|
if (rtprio(RTP_SET, 0, &rtp))
|
1998-05-25 03:55:23 +00:00
|
|
|
syslog(LOG_WARNING, "rtprio '%s' (%s): %m",
|
|
|
|
pwd->pw_name, lc ? lc->lc_class : LOGIN_DEFCLASS);
|
|
|
|
} else {
|
|
|
|
if (setpriority(PRIO_PROCESS, 0, (int)p) != 0)
|
|
|
|
syslog(LOG_WARNING, "setpriority '%s' (%s): %m",
|
|
|
|
pwd->pw_name, lc ? lc->lc_class : LOGIN_DEFCLASS);
|
|
|
|
}
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
}
|
1997-01-04 16:50:08 +00:00
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
/* Setup the user's group permissions */
|
|
|
|
if (flags & LOGIN_SETGROUP) {
|
|
|
|
if (setgid(pwd->pw_gid) != 0) {
|
1998-07-29 14:05:01 +00:00
|
|
|
syslog(LOG_ERR, "setgid(%lu): %m", (u_long)pwd->pw_gid);
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
login_close(llc);
|
2008-10-20 16:51:43 +00:00
|
|
|
return (-1);
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
}
|
|
|
|
if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) {
|
1998-07-29 14:05:01 +00:00
|
|
|
syslog(LOG_ERR, "initgroups(%s,%lu): %m", pwd->pw_name,
|
|
|
|
(u_long)pwd->pw_gid);
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
login_close(llc);
|
2008-10-20 16:51:43 +00:00
|
|
|
return (-1);
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2002-10-23 03:17:22 +00:00
|
|
|
/* Set up the user's MAC label. */
|
|
|
|
if ((flags & LOGIN_SETMAC) && mac_is_present(NULL) == 1) {
|
|
|
|
const char *label_string;
|
|
|
|
mac_t label;
|
|
|
|
|
|
|
|
label_string = login_getcapstr(lc, "label", NULL, NULL);
|
|
|
|
if (label_string != NULL) {
|
|
|
|
if (mac_from_text(&label, label_string) == -1) {
|
|
|
|
syslog(LOG_ERR, "mac_from_text('%s') for %s: %m",
|
|
|
|
pwd->pw_name, label_string);
|
2008-10-20 16:51:43 +00:00
|
|
|
return (-1);
|
2002-10-23 03:17:22 +00:00
|
|
|
}
|
|
|
|
if (mac_set_proc(label) == -1)
|
|
|
|
error = errno;
|
|
|
|
else
|
|
|
|
error = 0;
|
|
|
|
mac_free(label);
|
|
|
|
if (error != 0) {
|
|
|
|
syslog(LOG_ERR, "mac_set_proc('%s') for %s: %s",
|
|
|
|
label_string, pwd->pw_name, strerror(error));
|
2008-10-20 16:51:43 +00:00
|
|
|
return (-1);
|
2002-10-23 03:17:22 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
/* Set the sessions login */
|
|
|
|
if ((flags & LOGIN_SETLOGIN) && setlogin(pwd->pw_name) != 0) {
|
|
|
|
syslog(LOG_ERR, "setlogin(%s): %m", pwd->pw_name);
|
|
|
|
login_close(llc);
|
2008-10-20 16:51:43 +00:00
|
|
|
return (-1);
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
mymask = (flags & LOGIN_SETUMASK) ? umask(LOGIN_DEFUMASK) : 0;
|
|
|
|
mymask = setlogincontext(lc, pwd, mymask, flags);
|
1997-01-07 16:28:12 +00:00
|
|
|
login_close(llc);
|
|
|
|
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
/* This needs to be done after anything that needs root privs */
|
|
|
|
if ((flags & LOGIN_SETUSER) && setuid(uid) != 0) {
|
1998-07-29 14:05:01 +00:00
|
|
|
syslog(LOG_ERR, "setuid(%lu): %m", (u_long)uid);
|
2008-10-20 16:51:43 +00:00
|
|
|
return (-1); /* Paranoia again */
|
Summary of login.conf support changes:
o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.
o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.
o umask() only set once, and only if requested.
o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.
o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.
o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]
o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.
o We no longer pretend to support rlim_t as a long type.
o Revised code formatting to be more bsd-ish style.
1997-05-10 18:55:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Now, we repeat some of the above for the user's private entries
|
|
|
|
*/
|
|
|
|
if ((lc = login_getuserclass(pwd)) != NULL) {
|
|
|
|
mymask = setlogincontext(lc, pwd, mymask, flags);
|
|
|
|
login_close(lc);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Finally, set any umask we've found */
|
|
|
|
if (flags & LOGIN_SETUMASK)
|
|
|
|
umask(mymask);
|
|
|
|
|
2008-10-20 16:51:43 +00:00
|
|
|
return (0);
|
1997-01-04 16:50:08 +00:00
|
|
|
}
|