D40344.id122651.diff
View Options

	diff --git a/lib/libutil/login_cap.h b/lib/libutil/login_cap.h
	--- a/lib/libutil/login_cap.h
	+++ b/lib/libutil/login_cap.h
	@@ -33,7 +33,6 @@
	#define LOGIN_MECLASS "me"
	#define LOGIN_DEFSTYLE "passwd"
	#define LOGIN_DEFSERVICE "login"
	-#define LOGIN_DEFUMASK 022
	#define LOGIN_DEFPRI 0
	#define _PATH_LOGIN_CONF "/etc/login.conf"
	#define _FILE_LOGIN_CONF ".login_conf"
	diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c
	--- a/lib/libutil/login_class.c
	+++ b/lib/libutil/login_class.c
	@@ -40,6 +40,7 @@
	#include <login_cap.h>
	#include <paths.h>
	#include <pwd.h>
	+#include <stdint.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	@@ -387,17 +388,38 @@
	* Private function which takes care of processing
	*/

	-static mode_t
	-setlogincontext(login_cap_t lc, const struct passwd pwd,
	- mode_t mymask, unsigned long flags)
	+static void
	+setlogincontext(login_cap_t lc, const struct passwd pwd, unsigned long flags)
	{
	if (lc) {
	/* Set resources */
	if (flags & LOGIN_SETRESOURCES)
	setclassresources(lc);
	/* See if there's a umask override */
	- if (flags & LOGIN_SETUMASK)
	- mymask = (mode_t)login_getcapnum(lc, "umask", mymask, mymask);
	+ if (flags & LOGIN_SETUMASK) {
	+ /*
	+ * Make it unlikely that someone would input our default sentinel
	+ * (which indicates no specification).
	+ */
	+ rlim_t const def_val = INT64_MIN + 1, err_val = INT64_MIN;
	+ rlim_t val = login_getcapnum(lc, "umask", def_val, err_val);
	+ if (val != def_val) {
	+ if (val < 0 \|\| val > UINT16_MAX)
	+ /* We get here also on 'err_val'. */
	+ syslog(LOG_WARNING,
	+ "%s%s%sLogin class '%s': "
	+ "Invalid umask specification: '%s'",
	+ pwd ? "Login '" : "",
	+ pwd ? pwd->pw_name : "",
	+ pwd ? "': " : "",
	+ lc->lc_class,
	+ login_getcapstr(lc, "umask", "", ""));
	+ else {
	+ mode_t mode = val;
	+ umask(mode);
	+ }
	+ }
	+ }
	/* Set paths */
	if (flags & LOGIN_SETPATH)
	setclassenvironment(lc, pwd, 1);
	@@ -408,7 +430,6 @@
	if (flags & LOGIN_SETCPUMASK)
	setclasscpumask(lc);
	}
	- return (mymask);
	}


	@@ -431,7 +452,6 @@
	setusercontext(login_cap_t lc, const struct passwd pwd, uid_t uid, unsigned int flags)
	{
	rlim_t p;
	- mode_t mymask;
	login_cap_t *llc = NULL;
	struct rtprio rtp;
	int error;
	@@ -535,8 +555,7 @@
	}
	}

	- mymask = (flags & LOGIN_SETUMASK) ? umask(LOGIN_DEFUMASK) : 0;
	- mymask = setlogincontext(lc, pwd, mymask, flags);
	+ setlogincontext(lc, pwd, flags);
	login_close(llc);

	/* This needs to be done after anything that needs root privs */
	@@ -549,13 +568,9 @@
	* Now, we repeat some of the above for the user's private entries
	*/
	if (getuid() == uid && (lc = login_getuserclass(pwd)) != NULL) {
	- mymask = setlogincontext(lc, pwd, mymask, flags);
	+ setlogincontext(lc, pwd, flags);
	login_close(lc);
	}

	- /* Finally, set any umask we've found */
	- if (flags & LOGIN_SETUMASK)
	- umask(mymask);
	-
	return (0);
	}

File Metadata

Mime Type: text/plain
Expires: Mon, Dec 22, 11:59 PM (11 h, 36 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 27166998
Default Alt Text: D40344.id122651.diff (2 KB)

D40344.id122651.diff
No OneTemporary
Actions

D40344.id122651.diff
View Options

File Metadata

Event Timeline

D40344.id122651.diffNo OneTemporaryActions

D40344.id122651.diffView Options

File Metadata

Event Timeline

D40344.id122651.diff
No OneTemporary
Actions

D40344.id122651.diff
View Options