Changeset View
Changeset View
Standalone View
Standalone View
lib/libutil/login_class.c
| Show First 20 Lines • Show All 467 Lines • ▼ Show 20 Lines | |||||
| * while the latter sets things up from a root context. Such as might | * while the latter sets things up from a root context. Such as might | ||||
| * be called from login(1). | * be called from login(1). | ||||
| * | * | ||||
| */ | */ | ||||
| int | int | ||||
| setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned int flags) | setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned int flags) | ||||
| { | { | ||||
| rlim_t p; | |||||
| login_cap_t *llc = NULL; | login_cap_t *llc = NULL; | ||||
| struct rtprio rtp; | |||||
| int error; | int error; | ||||
| if (lc == NULL) { | if (lc == NULL) { | ||||
| if (pwd != NULL && (lc = login_getpwclass(pwd)) != NULL) | if (pwd != NULL && (lc = login_getpwclass(pwd)) != NULL) | ||||
| llc = lc; /* free this when we're done */ | llc = lc; /* free this when we're done */ | ||||
| } | } | ||||
| if (flags & LOGIN_SETPATH) | if (flags & LOGIN_SETPATH) | ||||
| pathvars[0].def = uid ? _PATH_DEFPATH : _PATH_STDPATH; | pathvars[0].def = uid ? _PATH_DEFPATH : _PATH_STDPATH; | ||||
| /* we need a passwd entry to set these */ | /* we need a passwd entry to set these */ | ||||
| if (pwd == NULL) | if (pwd == NULL) | ||||
| flags &= ~(LOGIN_SETGROUP | LOGIN_SETLOGIN | LOGIN_SETMAC); | flags &= ~(LOGIN_SETGROUP | LOGIN_SETLOGIN | LOGIN_SETMAC); | ||||
| /* Set the process priority */ | /* Set the process priority */ | ||||
| if (flags & LOGIN_SETPRIORITY) { | if (flags & LOGIN_SETPRIORITY) { | ||||
| p = login_getcapnum(lc, "priority", LOGIN_DEFPRI, LOGIN_DEFPRI); | const rlim_t def_val = LOGIN_DEFPRI, err_val = INT64_MIN; | ||||
| rlim_t p = login_getcapnum(lc, "priority", def_val, err_val); | |||||
| int rc; | |||||
| if (p == err_val) { | |||||
| /* Invariant: 'lc' != NULL. */ | |||||
| syslog(LOG_WARNING, | |||||
| "%s%s%sLogin class '%s': " | |||||
| "Invalid priority specification: '%s'", | |||||
| pwd ? "Login '" : "", | |||||
| pwd ? pwd->pw_name : "", | |||||
| pwd ? "': " : "", | |||||
| lc->lc_class, | |||||
| login_getcapstr(lc, "priority", "", "")); | |||||
| /* Reset the priority, as if the capability was not present. */ | |||||
| p = def_val; | |||||
| } | |||||
| if (p > PRIO_MAX) { | if (p > PRIO_MAX) { | ||||
| struct rtprio rtp; | |||||
| rtp.type = RTP_PRIO_IDLE; | rtp.type = RTP_PRIO_IDLE; | ||||
| p += RTP_PRIO_MIN - (PRIO_MAX + 1); | p += RTP_PRIO_MIN - (PRIO_MAX + 1); | ||||
| rtp.prio = p > RTP_PRIO_MAX ? RTP_PRIO_MAX : p; | rtp.prio = p > RTP_PRIO_MAX ? RTP_PRIO_MAX : p; | ||||
| if (rtprio(RTP_SET, 0, &rtp)) | rc = rtprio(RTP_SET, 0, &rtp); | ||||
| syslog(LOG_WARNING, "rtprio '%s' (%s): %m", | |||||
| pwd ? pwd->pw_name : "-", | |||||
| lc ? lc->lc_class : LOGIN_DEFCLASS); | |||||
| } else if (p < PRIO_MIN) { | } else if (p < PRIO_MIN) { | ||||
| struct rtprio rtp; | |||||
| rtp.type = RTP_PRIO_REALTIME; | rtp.type = RTP_PRIO_REALTIME; | ||||
| p += RTP_PRIO_MAX - (PRIO_MIN - 1); | p += RTP_PRIO_MAX - (PRIO_MIN - 1); | ||||
| rtp.prio = p < RTP_PRIO_MIN ? RTP_PRIO_MIN : p; | rtp.prio = p < RTP_PRIO_MIN ? RTP_PRIO_MIN : p; | ||||
| if (rtprio(RTP_SET, 0, &rtp)) | rc = rtprio(RTP_SET, 0, &rtp); | ||||
| syslog(LOG_WARNING, "rtprio '%s' (%s): %m", | } else | ||||
emaste: as with comment in some previous review, I prefer braces around all if-else blocks if any have… | |||||
Not Done Inline Actionsstyle(9) tries to make this point, but is a hopeless. on clearity in its striving for brevity: Space after keywords (if, while, for, return, switch). Two styles of
braces (‘{’ and ‘}’) are allowed for single line statements. Either they
are used for all single statements, or they are used only where needed
for clarity. Usage within a function should be consistent. Foreverwhich can be read many ways. Certainly within a single if statement, I prefer what you're advocating imp: style(9) tries to make this point, but is a hopeless. on clearity in its striving for brevity… | |||||
| pwd ? pwd->pw_name : "-", | rc = setpriority(PRIO_PROCESS, 0, (int)p); | ||||
| lc ? lc->lc_class : LOGIN_DEFCLASS); | |||||
Done Inline ActionsIndents are wrong. kib: Indents are wrong. | |||||
| } else { | if (rc != 0) | ||||
| if (setpriority(PRIO_PROCESS, 0, (int)p) != 0) | syslog(LOG_WARNING, | ||||
| syslog(LOG_WARNING, "setpriority '%s' (%s): %m", | "%s%s%sLogin class '%s': " | ||||
| pwd ? pwd->pw_name : "-", | "Setting priority failed: %m", | ||||
| lc ? lc->lc_class : LOGIN_DEFCLASS); | pwd ? "Login '" : "", | ||||
| } | pwd ? pwd->pw_name : "", | ||||
| pwd ? "': " : "", | |||||
| lc ? lc->lc_class : "<none>"); | |||||
| } | } | ||||
| /* Setup the user's group permissions */ | /* Setup the user's group permissions */ | ||||
| if (flags & LOGIN_SETGROUP) { | if (flags & LOGIN_SETGROUP) { | ||||
| if (setgid(pwd->pw_gid) != 0) { | if (setgid(pwd->pw_gid) != 0) { | ||||
| syslog(LOG_ERR, "setgid(%lu): %m", (u_long)pwd->pw_gid); | syslog(LOG_ERR, "setgid(%lu): %m", (u_long)pwd->pw_gid); | ||||
| login_close(llc); | login_close(llc); | ||||
| return (-1); | return (-1); | ||||
| ▲ Show 20 Lines • Show All 72 Lines • Show Last 20 Lines | |||||
as with comment in some previous review, I prefer braces around all if-else blocks if any have them