Page Menu
Home
FreeBSD
Search
Configure Global Search
Log In
Files
F95922164
D40344.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Flag For Later
Award Token
Size
2 KB
Referenced Files
None
Subscribers
None
D40344.diff
View Options
diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c
--- a/lib/libutil/login_class.c
+++ b/lib/libutil/login_class.c
@@ -37,6 +37,7 @@
#include <login_cap.h>
#include <paths.h>
#include <pwd.h>
+#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -384,17 +385,40 @@
* Private function which takes care of processing
*/
-static mode_t
-setlogincontext(login_cap_t *lc, const struct passwd *pwd,
- mode_t mymask, unsigned long flags)
+static void
+setlogincontext(login_cap_t *lc, const struct passwd *pwd, unsigned long flags)
{
if (lc) {
/* Set resources */
if (flags & LOGIN_SETRESOURCES)
setclassresources(lc);
/* See if there's a umask override */
- if (flags & LOGIN_SETUMASK)
- mymask = (mode_t)login_getcapnum(lc, "umask", mymask, mymask);
+ if (flags & LOGIN_SETUMASK) {
+ /*
+ * Make it unlikely that someone would input our default sentinel
+ * indicating no specification.
+ */
+ const rlim_t def_val = INT64_MIN + 1, err_val = INT64_MIN;
+ const rlim_t val = login_getcapnum(lc, "umask", def_val, err_val);
+
+ if (val != def_val) {
+ if (val < 0 || val > UINT16_MAX) {
+ /* We get here also on 'err_val'. */
+ syslog(LOG_WARNING,
+ "%s%s%sLogin class '%s': "
+ "Invalid umask specification: '%s'",
+ pwd ? "Login '" : "",
+ pwd ? pwd->pw_name : "",
+ pwd ? "': " : "",
+ lc->lc_class,
+ login_getcapstr(lc, "umask", "", ""));
+ } else {
+ const mode_t mode = val;
+
+ umask(mode);
+ }
+ }
+ }
/* Set paths */
if (flags & LOGIN_SETPATH)
setclassenvironment(lc, pwd, 1);
@@ -405,7 +429,6 @@
if (flags & LOGIN_SETCPUMASK)
setclasscpumask(lc);
}
- return (mymask);
}
@@ -428,7 +451,6 @@
setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned int flags)
{
rlim_t p;
- mode_t mymask;
login_cap_t *llc = NULL;
struct rtprio rtp;
int error;
@@ -532,8 +554,7 @@
}
}
- mymask = (flags & LOGIN_SETUMASK) ? umask(LOGIN_DEFUMASK) : 0;
- mymask = setlogincontext(lc, pwd, mymask, flags);
+ setlogincontext(lc, pwd, flags);
login_close(llc);
/* This needs to be done after anything that needs root privs */
@@ -546,13 +567,9 @@
* Now, we repeat some of the above for the user's private entries
*/
if (geteuid() == uid && (lc = login_getuserclass(pwd)) != NULL) {
- mymask = setlogincontext(lc, pwd, mymask, flags);
+ setlogincontext(lc, pwd, flags);
login_close(lc);
}
- /* Finally, set any umask we've found */
- if (flags & LOGIN_SETUMASK)
- umask(mymask);
-
return (0);
}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Tue, Sep 24, 1:13 AM (44 m, 16 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
12547487
Default Alt Text
D40344.diff (2 KB)
Attached To
Mode
D40344: setusercontext(): umask: Set it only once (in the common case)
Attached
Detach File
Event Timeline
Log In to Comment