d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use a single setusercontext(3) instead of a bunch of basic syscalls.

Browse Source 
Besides aesthetic benefits, that makes at(1) jobs subject to such
login.conf(5) settings as resource limits.
This commit is contained in:
Yaroslav Tykhiy 2007-06-14 22:16:21 +00:00
parent b53756d2fe
commit 1add474291
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=170741
2 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libexec/atrun/Makefile
View File

@ -12,8 +12,12 @@ BINDIR= ${ATLIB_DIR}
CLEANFILES= ${MAN}
CFLAGS+=-I${MAINSRC} -I${.CURDIR}
CFLAGS+=-DLOGIN_CAP
WFORMAT=0
DPADD= ${LIBUTIL}
LDADD= -lutil
atrun.8: atrun.man
@${ECHO} Making ${.TARGET:T} from ${.ALLSRC:T}; \
sed -e \

25
libexec/atrun/atrun.c
View File

@ -54,6 +54,9 @@ static const char rcsid[] =
#else
#include <getopt.h>
#endif
#ifdef LOGIN_CAP
#include <login_cap.h>
#endif
#if (MAXLOGNAME-1) > UT_NAMESIZE
#define LOGNAMESIZE UT_NAMESIZE
@ -288,6 +291,19 @@ run_file(const char *filename, uid_t uid, gid_t gid)
nice(tolower(queue) - 'a');
#ifdef LOGIN_CAP
/*
* For simplicity and safety, set all aspects of the user context
* except for a selected subset: Don't set priority, which was
* set based on the queue file name according to the tradition.
* Don't bother to set environment, including path vars, either
* because it will be discarded anyway. Although the job file
* should set umask, preset it here just in case.
*/
if (setusercontext(NULL, pentry, uid, LOGIN_SETALL &
~(LOGIN_SETPRIORITY | LOGIN_SETPATH | LOGIN_SETENV)) != 0)
exit(EXIT_FAILURE); /* setusercontext() logged the error */
#else /* LOGIN_CAP */
if (initgroups(pentry->pw_name,pentry->pw_gid))
perr("cannot init group access list");
@ -299,6 +315,7 @@ run_file(const char *filename, uid_t uid, gid_t gid)
if (setuid(uid) < 0 || seteuid(uid) < 0)
perr("cannot set user id");
#endif /* LOGIN_CAP */
if (chdir(pentry->pw_dir))
chdir("/");
@ -326,6 +343,13 @@ run_file(const char *filename, uid_t uid, gid_t gid)
{
PRIV_START
#ifdef LOGIN_CAP
/*
* This time set full context to run the mailer.
*/
if (setusercontext(NULL, pentry, uid, LOGIN_SETALL) != 0)
exit(EXIT_FAILURE); /* setusercontext() logged the error */
#else /* LOGIN_CAP */
if (initgroups(pentry->pw_name,pentry->pw_gid))
perr("cannot init group access list");
@ -337,6 +361,7 @@ run_file(const char *filename, uid_t uid, gid_t gid)
if (setuid(uid) < 0 || seteuid(uid) < 0)
perr("cannot set user id");
#endif /* LOGIN_CAP */
if (chdir(pentry->pw_dir))
chdir("/");