mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-06 16:40:47 +00:00
setusercontext(): umask: Set it only once (in the common case)
Simplify the code and make it more coherent (umask was the only context setting not modified by setlogincontext() directly). Preserve the current behavior of not changing the umask if none is specified in the login class capabilities database, but without the superfluous umask() dance. (The only exception to this is that a special value no user is likely to input in the database now stands for no specification.) If some user has a 'umask' override in its '~/.login_conf', the umask will still be set twice as before (as is the case for all other context settings overriden in '~/.login_conf'). Log a warning in case of an invalid umask specification. This change makes it apparent that the value of LOGIN_DEFUMASK doesn't matter. It will be removed in a subsequent commit. PR: 271747 Reviewed by: emaste, kib (earlier version) Approved by: emaste MFC after: 3 days Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D40344
This commit is contained in:
parent
a570fe4d0d
commit
e99c28e93b
|
@ -37,6 +37,7 @@
|
|||
#include <login_cap.h>
|
||||
#include <paths.h>
|
||||
#include <pwd.h>
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
@ -384,17 +385,40 @@ setclasscontext(const char *classname, unsigned int flags)
|
|||
* Private function which takes care of processing
|
||||
*/
|
||||
|
||||
static mode_t
|
||||
setlogincontext(login_cap_t *lc, const struct passwd *pwd,
|
||||
mode_t mymask, unsigned long flags)
|
||||
static void
|
||||
setlogincontext(login_cap_t *lc, const struct passwd *pwd, unsigned long flags)
|
||||
{
|
||||
if (lc) {
|
||||
/* Set resources */
|
||||
if (flags & LOGIN_SETRESOURCES)
|
||||
setclassresources(lc);
|
||||
/* See if there's a umask override */
|
||||
if (flags & LOGIN_SETUMASK)
|
||||
mymask = (mode_t)login_getcapnum(lc, "umask", mymask, mymask);
|
||||
if (flags & LOGIN_SETUMASK) {
|
||||
/*
|
||||
* Make it unlikely that someone would input our default sentinel
|
||||
* indicating no specification.
|
||||
*/
|
||||
const rlim_t def_val = INT64_MIN + 1, err_val = INT64_MIN;
|
||||
const rlim_t val = login_getcapnum(lc, "umask", def_val, err_val);
|
||||
|
||||
if (val != def_val) {
|
||||
if (val < 0 || val > UINT16_MAX) {
|
||||
/* We get here also on 'err_val'. */
|
||||
syslog(LOG_WARNING,
|
||||
"%s%s%sLogin class '%s': "
|
||||
"Invalid umask specification: '%s'",
|
||||
pwd ? "Login '" : "",
|
||||
pwd ? pwd->pw_name : "",
|
||||
pwd ? "': " : "",
|
||||
lc->lc_class,
|
||||
login_getcapstr(lc, "umask", "", ""));
|
||||
} else {
|
||||
const mode_t mode = val;
|
||||
|
||||
umask(mode);
|
||||
}
|
||||
}
|
||||
}
|
||||
/* Set paths */
|
||||
if (flags & LOGIN_SETPATH)
|
||||
setclassenvironment(lc, pwd, 1);
|
||||
|
@ -405,7 +429,6 @@ setlogincontext(login_cap_t *lc, const struct passwd *pwd,
|
|||
if (flags & LOGIN_SETCPUMASK)
|
||||
setclasscpumask(lc);
|
||||
}
|
||||
return (mymask);
|
||||
}
|
||||
|
||||
|
||||
|
@ -428,7 +451,6 @@ int
|
|||
setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned int flags)
|
||||
{
|
||||
rlim_t p;
|
||||
mode_t mymask;
|
||||
login_cap_t *llc = NULL;
|
||||
struct rtprio rtp;
|
||||
int error;
|
||||
|
@ -532,8 +554,7 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in
|
|||
}
|
||||
}
|
||||
|
||||
mymask = (flags & LOGIN_SETUMASK) ? umask(LOGIN_DEFUMASK) : 0;
|
||||
mymask = setlogincontext(lc, pwd, mymask, flags);
|
||||
setlogincontext(lc, pwd, flags);
|
||||
login_close(llc);
|
||||
|
||||
/* This needs to be done after anything that needs root privs */
|
||||
|
@ -546,13 +567,9 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in
|
|||
* Now, we repeat some of the above for the user's private entries
|
||||
*/
|
||||
if (geteuid() == uid && (lc = login_getuserclass(pwd)) != NULL) {
|
||||
mymask = setlogincontext(lc, pwd, mymask, flags);
|
||||
setlogincontext(lc, pwd, flags);
|
||||
login_close(lc);
|
||||
}
|
||||
|
||||
/* Finally, set any umask we've found */
|
||||
if (flags & LOGIN_SETUMASK)
|
||||
umask(mymask);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue