Changeset View
Changeset View
Standalone View
Standalone View
lib/libutil/login_class.c
Show First 20 Lines • Show All 467 Lines • ▼ Show 20 Lines | |||||
* while the latter sets things up from a root context. Such as might | * while the latter sets things up from a root context. Such as might | ||||
* be called from login(1). | * be called from login(1). | ||||
* | * | ||||
*/ | */ | ||||
int | int | ||||
setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned int flags) | setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned int flags) | ||||
{ | { | ||||
rlim_t p; | |||||
login_cap_t *llc = NULL; | login_cap_t *llc = NULL; | ||||
struct rtprio rtp; | |||||
int error; | int error; | ||||
if (lc == NULL) { | if (lc == NULL) { | ||||
if (pwd != NULL && (lc = login_getpwclass(pwd)) != NULL) | if (pwd != NULL && (lc = login_getpwclass(pwd)) != NULL) | ||||
llc = lc; /* free this when we're done */ | llc = lc; /* free this when we're done */ | ||||
} | } | ||||
if (flags & LOGIN_SETPATH) | if (flags & LOGIN_SETPATH) | ||||
pathvars[0].def = uid ? _PATH_DEFPATH : _PATH_STDPATH; | pathvars[0].def = uid ? _PATH_DEFPATH : _PATH_STDPATH; | ||||
/* we need a passwd entry to set these */ | /* we need a passwd entry to set these */ | ||||
if (pwd == NULL) | if (pwd == NULL) | ||||
flags &= ~(LOGIN_SETGROUP | LOGIN_SETLOGIN | LOGIN_SETMAC); | flags &= ~(LOGIN_SETGROUP | LOGIN_SETLOGIN | LOGIN_SETMAC); | ||||
/* Set the process priority */ | /* Set the process priority */ | ||||
if (flags & LOGIN_SETPRIORITY) { | if (flags & LOGIN_SETPRIORITY) { | ||||
p = login_getcapnum(lc, "priority", LOGIN_DEFPRI, LOGIN_DEFPRI); | const rlim_t def_val = LOGIN_DEFPRI, err_val = INT64_MIN; | ||||
rlim_t p = login_getcapnum(lc, "priority", def_val, err_val); | |||||
int rc; | |||||
if (p == err_val) { | |||||
/* Invariant: 'lc' != NULL. */ | |||||
syslog(LOG_WARNING, | |||||
"%s%s%sLogin class '%s': " | |||||
"Invalid priority specification: '%s'", | |||||
pwd ? "Login '" : "", | |||||
pwd ? pwd->pw_name : "", | |||||
pwd ? "': " : "", | |||||
lc->lc_class, | |||||
login_getcapstr(lc, "priority", "", "")); | |||||
/* Reset the priority, as if the capability was not present. */ | |||||
p = def_val; | |||||
} | |||||
if (p > PRIO_MAX) { | if (p > PRIO_MAX) { | ||||
struct rtprio rtp; | |||||
rtp.type = RTP_PRIO_IDLE; | rtp.type = RTP_PRIO_IDLE; | ||||
p += RTP_PRIO_MIN - (PRIO_MAX + 1); | p += RTP_PRIO_MIN - (PRIO_MAX + 1); | ||||
rtp.prio = p > RTP_PRIO_MAX ? RTP_PRIO_MAX : p; | rtp.prio = p > RTP_PRIO_MAX ? RTP_PRIO_MAX : p; | ||||
if (rtprio(RTP_SET, 0, &rtp)) | rc = rtprio(RTP_SET, 0, &rtp); | ||||
syslog(LOG_WARNING, "rtprio '%s' (%s): %m", | |||||
pwd ? pwd->pw_name : "-", | |||||
lc ? lc->lc_class : LOGIN_DEFCLASS); | |||||
} else if (p < PRIO_MIN) { | } else if (p < PRIO_MIN) { | ||||
struct rtprio rtp; | |||||
rtp.type = RTP_PRIO_REALTIME; | rtp.type = RTP_PRIO_REALTIME; | ||||
p += RTP_PRIO_MAX - (PRIO_MIN - 1); | p += RTP_PRIO_MAX - (PRIO_MIN - 1); | ||||
rtp.prio = p < RTP_PRIO_MIN ? RTP_PRIO_MIN : p; | rtp.prio = p < RTP_PRIO_MIN ? RTP_PRIO_MIN : p; | ||||
if (rtprio(RTP_SET, 0, &rtp)) | rc = rtprio(RTP_SET, 0, &rtp); | ||||
syslog(LOG_WARNING, "rtprio '%s' (%s): %m", | } else | ||||
emaste: as with comment in some previous review, I prefer braces around all if-else blocks if any have… | |||||
Not Done Inline Actionsstyle(9) tries to make this point, but is a hopeless. on clearity in its striving for brevity: Space after keywords (if, while, for, return, switch). Two styles of braces (‘{’ and ‘}’) are allowed for single line statements. Either they are used for all single statements, or they are used only where needed for clarity. Usage within a function should be consistent. Forever which can be read many ways. Certainly within a single if statement, I prefer what you're advocating imp: style(9) tries to make this point, but is a hopeless. on clearity in its striving for brevity… | |||||
pwd ? pwd->pw_name : "-", | rc = setpriority(PRIO_PROCESS, 0, (int)p); | ||||
lc ? lc->lc_class : LOGIN_DEFCLASS); | |||||
Done Inline ActionsIndents are wrong. kib: Indents are wrong. | |||||
} else { | if (rc != 0) | ||||
if (setpriority(PRIO_PROCESS, 0, (int)p) != 0) | syslog(LOG_WARNING, | ||||
syslog(LOG_WARNING, "setpriority '%s' (%s): %m", | "%s%s%sLogin class '%s': " | ||||
pwd ? pwd->pw_name : "-", | "Setting priority failed: %m", | ||||
lc ? lc->lc_class : LOGIN_DEFCLASS); | pwd ? "Login '" : "", | ||||
} | pwd ? pwd->pw_name : "", | ||||
pwd ? "': " : "", | |||||
lc ? lc->lc_class : "<none>"); | |||||
} | } | ||||
/* Setup the user's group permissions */ | /* Setup the user's group permissions */ | ||||
if (flags & LOGIN_SETGROUP) { | if (flags & LOGIN_SETGROUP) { | ||||
if (setgid(pwd->pw_gid) != 0) { | if (setgid(pwd->pw_gid) != 0) { | ||||
syslog(LOG_ERR, "setgid(%lu): %m", (u_long)pwd->pw_gid); | syslog(LOG_ERR, "setgid(%lu): %m", (u_long)pwd->pw_gid); | ||||
login_close(llc); | login_close(llc); | ||||
return (-1); | return (-1); | ||||
▲ Show 20 Lines • Show All 72 Lines • Show Last 20 Lines |
as with comment in some previous review, I prefer braces around all if-else blocks if any have them