From f4e00f119e525cafebeeb7ae9b0f6ff642f951e4 Mon Sep 17 00:00:00 2001 From: davidn Date: Mon, 20 Jan 1997 15:31:33 +0000 Subject: [PATCH] Make cron login class savvy. Use setusercontext() rather than setuid()/setgid()/setlogin()/initgroups() which is all handled. Login environment is NOT set by this call as crontab provides its own means of doing so. --- usr.sbin/cron/cron/Makefile | 2 ++ usr.sbin/cron/cron/do_command.c | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/usr.sbin/cron/cron/Makefile b/usr.sbin/cron/cron/Makefile index 27d2a3a807d5..a81be73d3a0c 100644 --- a/usr.sbin/cron/cron/Makefile +++ b/usr.sbin/cron/cron/Makefile @@ -4,6 +4,8 @@ PROG= cron SRCS= cron.c database.c do_command.c job.c user.c popen.c MAN8= cron.8 +CFLAGS+=-DLOGIN_CAP + .if exists(${.OBJDIR}/../lib) LDDESTDIR+= -L${.OBJDIR}/../lib DPADD+= ${.OBJDIR}/../lib/libcron.a diff --git a/usr.sbin/cron/cron/do_command.c b/usr.sbin/cron/cron/do_command.c index 736fe8930e6c..3898705da576 100644 --- a/usr.sbin/cron/cron/do_command.c +++ b/usr.sbin/cron/cron/do_command.c @@ -28,6 +28,9 @@ static char rcsid[] = "$FreeBSD$"; #if defined(SYSLOG) # include #endif +#if defined(LOGIN_CAP) +# include +#endif static void child_process __P((entry *, user *)), @@ -77,6 +80,10 @@ child_process(e, u) register char *input_data; char *usernm, *mailto; int children = 0; +# if defined(LOGIN_CAP) + struct passwd *pwd = getpwuid(e->uid); + login_cap_t *lc = login_getclass(pwd); +# endif Debug(DPROC, ("[%d] child_process('%s')\n", getpid(), e->cmd)) @@ -212,6 +219,13 @@ child_process(e, u) */ do_univ(u); +# if defined(LOGIN_CAP) + /* Set user's entire context, but skip the environment + * as cron provides a separate interface for this + */ + setusercontext(lc, pwd, e->uid, LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETENV)); + login_close(lc); +# else /* set our directory, uid and gid. Set gid first, since once * we set uid, we've lost root privledges. */ @@ -221,6 +235,7 @@ child_process(e, u) # endif setlogin(usernm); setuid(e->uid); /* we aren't root after this... */ +#endif chdir(env_get("HOME", e->envp)); /* exec the command.