diff options
| author | Edward Tomasz Napierala <trasz@FreeBSD.org> | 2011-03-05 12:40:35 +0000 |
|---|---|---|
| committer | Edward Tomasz Napierala <trasz@FreeBSD.org> | 2011-03-05 12:40:35 +0000 |
| commit | 2bfc50bc4fbc3ad7e8bdfeb6b55d72ea55c4f18b (patch) | |
| tree | 8810ff86b50f45ade154877395ba9bd0885b1dea /lib/libutil | |
| parent | 99bb3c5399fd19675d30c698a4ccd5ee138cb1e4 (diff) | |
Notes
Diffstat (limited to 'lib/libutil')
| -rw-r--r-- | lib/libutil/login_cap.h | 3 | ||||
| -rw-r--r-- | lib/libutil/login_class.c | 23 |
2 files changed, 25 insertions, 1 deletions
diff --git a/lib/libutil/login_cap.h b/lib/libutil/login_cap.h index 082e34bc11a5..ec1421b80661 100644 --- a/lib/libutil/login_cap.h +++ b/lib/libutil/login_cap.h @@ -49,7 +49,8 @@ #define LOGIN_SETENV 0x0080 /* set user environment */ #define LOGIN_SETMAC 0x0100 /* set user default MAC label */ #define LOGIN_SETCPUMASK 0x0200 /* set user cpumask */ -#define LOGIN_SETALL 0x03ff /* set everything */ +#define LOGIN_SETLOGINCLASS 0x0400 /* set login class in the kernel */ +#define LOGIN_SETALL 0x07ff /* set everything */ #define BI_AUTH "authorize" /* accepted authentication */ #define BI_REJECT "reject" /* rejected authentication */ diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c index d952940f6008..68fdf2b49ff7 100644 --- a/lib/libutil/login_class.c +++ b/lib/libutil/login_class.c @@ -40,6 +40,7 @@ __FBSDID("$FreeBSD$"); #include <login_cap.h> #include <paths.h> #include <pwd.h> +#include <signal.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -425,6 +426,7 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in quad_t p; mode_t mymask; login_cap_t *llc = NULL; + struct sigaction sa, prevsa; struct rtprio rtp; int error; @@ -512,6 +514,27 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in return (-1); } + /* Inform the kernel about current login class */ + if (lc != NULL && lc->lc_class != NULL && (flags & LOGIN_SETLOGINCLASS)) { + /* + * XXX: This is a workaround to fail gracefully in case the kernel + * does not support setloginclass(2). + */ + bzero(&sa, sizeof(sa)); + sa.sa_handler = SIG_IGN; + sigfillset(&sa.sa_mask); + sigaction(SIGSYS, &sa, &prevsa); + error = setloginclass(lc->lc_class); + sigaction(SIGSYS, &prevsa, NULL); + if (error != 0) { + syslog(LOG_ERR, "setloginclass(%s): %m", lc->lc_class); +#ifdef notyet + login_close(llc); + return (-1); +#endif + } + } + mymask = (flags & LOGIN_SETUMASK) ? umask(LOGIN_DEFUMASK) : 0; mymask = setlogincontext(lc, pwd, mymask, flags); login_close(llc); |