diff options
Diffstat (limited to 'lib/libutil')
| -rw-r--r-- | lib/libutil/Makefile | 3 | ||||
| -rw-r--r-- | lib/libutil/login_class.c | 55 | ||||
| -rw-r--r-- | lib/libutil/mntopts.c | 53 |
3 files changed, 69 insertions, 42 deletions
diff --git a/lib/libutil/Makefile b/lib/libutil/Makefile index f6251c093345..d54d9af38a34 100644 --- a/lib/libutil/Makefile +++ b/lib/libutil/Makefile @@ -147,7 +147,8 @@ MLINKS+=uucplock.3 uu_lock.3 MLINKS+=uucplock.3 uu_lock_txfr.3 MLINKS+=uucplock.3 uu_lockerr.3 MLINKS+=uucplock.3 uu_unlock.3 -MAN+= login.conf.5 + +MANNODEV= login.conf.5 HAS_TESTS= SUBDIR.${MK_TESTS}+= tests diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c index c3c1b0ddda27..9478b4dc98ca 100644 --- a/lib/libutil/login_class.c +++ b/lib/libutil/login_class.c @@ -543,7 +543,7 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in /* we need a passwd entry to set these */ if (pwd == NULL) - flags &= ~(LOGIN_SETGROUP | LOGIN_SETLOGIN | LOGIN_SETMAC); + flags &= ~(LOGIN_SETGROUP | LOGIN_SETLOGIN); /* Set the process priority */ if (flags & LOGIN_SETPRIORITY) @@ -564,6 +564,27 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in } } + /* Set the sessions login */ + if ((flags & LOGIN_SETLOGIN) && setlogin(pwd->pw_name) != 0) { + syslog(LOG_ERR, "setlogin(%s): %m", pwd->pw_name); + login_close(llc); + return (-1); + } + + /* Inform the kernel about current login class */ + if (lc != NULL && lc->lc_class != NULL && (flags & LOGIN_SETLOGINCLASS)) { + error = setloginclass(lc->lc_class); + if (error != 0) { + syslog(LOG_ERR, "setloginclass(%s): %m", lc->lc_class); +#ifdef notyet + login_close(llc); + return (-1); +#endif + } + } + + setlogincontext(lc, pwd, flags); + /* Set up the user's MAC label. */ if ((flags & LOGIN_SETMAC) && mac_is_present(NULL) == 1) { const char *label_string; @@ -572,8 +593,10 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in label_string = login_getcapstr(lc, "label", NULL, NULL); if (label_string != NULL) { if (mac_from_text(&label, label_string) == -1) { - syslog(LOG_ERR, "mac_from_text('%s') for %s: %m", - pwd->pw_name, label_string); + syslog(LOG_ERR, "mac_from_text('%s') for %s %s: %m", + label_string, pwd != NULL ? "user" : "class", + pwd != NULL ? pwd->pw_name : lc->lc_class); + login_close(llc); return (-1); } if (mac_set_proc(label) == -1) @@ -582,33 +605,15 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in error = 0; mac_free(label); if (error != 0) { - syslog(LOG_ERR, "mac_set_proc('%s') for %s: %s", - label_string, pwd->pw_name, strerror(error)); + syslog(LOG_ERR, "mac_set_proc('%s') for %s %s: %s", + label_string, pwd != NULL ? "user" : "class", + pwd != NULL ? pwd->pw_name : lc->lc_class, strerror(error)); + login_close(llc); return (-1); } } } - /* Set the sessions login */ - if ((flags & LOGIN_SETLOGIN) && setlogin(pwd->pw_name) != 0) { - syslog(LOG_ERR, "setlogin(%s): %m", pwd->pw_name); - login_close(llc); - return (-1); - } - - /* Inform the kernel about current login class */ - if (lc != NULL && lc->lc_class != NULL && (flags & LOGIN_SETLOGINCLASS)) { - error = setloginclass(lc->lc_class); - if (error != 0) { - syslog(LOG_ERR, "setloginclass(%s): %m", lc->lc_class); -#ifdef notyet - login_close(llc); - return (-1); -#endif - } - } - - setlogincontext(lc, pwd, flags); login_close(llc); /* This needs to be done after anything that needs root privs */ diff --git a/lib/libutil/mntopts.c b/lib/libutil/mntopts.c index 07d3dd6d98a3..4a064a086fd5 100644 --- a/lib/libutil/mntopts.c +++ b/lib/libutil/mntopts.c @@ -145,6 +145,18 @@ checkpath_allow_file(const char *path, char *resolved) return (0); } +static char * +prependdevtopath(const char *path, char *buf, u_long buflen) +{ + u_long len; + + if ((len = strlen(_PATH_DEV) + strlen(path) + 1) > buflen) + return NULL; + strncpy(buf, _PATH_DEV, len); + strncat(buf, path, len - sizeof(_PATH_DEV)); + return (buf); +} + /* * Get the mount point information for name. Name may be mount point name * or device name (with or without /dev/ preprended). @@ -153,19 +165,27 @@ struct statfs * getmntpoint(const char *name) { struct stat devstat, mntdevstat; - char device[sizeof(_PATH_DEV) - 1 + MNAMELEN]; - char *ddevname; + char *devname; struct statfs *mntbuf, *statfsp; - int i, mntsize, isdev; - u_long len; + int i, len, isdev, mntsize, mntfromnamesize; + char device[sizeof(_PATH_DEV) - 1 + MNAMELEN]; + u_long devlen; - if (stat(name, &devstat) != 0) + devlen = sizeof(device); + /* + * Note that stat(NULL, &statbuf) returns -1 (EBADF) which will + * cause us to return NULL if prependdevtopath() returns NULL. + */ + if (stat(name, &devstat) != 0 && + (name[0] != '/' && + stat(prependdevtopath(name, device, devlen), &devstat) != 0)) return (NULL); if (S_ISCHR(devstat.st_mode) || S_ISBLK(devstat.st_mode)) isdev = 1; else isdev = 0; mntsize = getmntinfo(&mntbuf, MNT_NOWAIT); + mntfromnamesize = sizeof(statfsp->f_mntfromname); for (i = 0; i < mntsize; i++) { statfsp = &mntbuf[i]; if (isdev == 0) { @@ -173,19 +193,20 @@ getmntpoint(const char *name) continue; return (statfsp); } - ddevname = statfsp->f_mntfromname; - if (*ddevname != '/') { - if ((len = strlen(_PATH_DEV) + strlen(ddevname) + 1) > - sizeof(statfsp->f_mntfromname) || - len > sizeof(device)) + devname = statfsp->f_mntfromname; + if (*devname == '/') { + if (stat(devname, &mntdevstat) != 0) + continue; + } else { + devname = prependdevtopath(devname, device, devlen); + if (devname == NULL || + (len = strlen(devname)) > mntfromnamesize) + continue; + if (stat(devname, &mntdevstat) != 0) continue; - strncpy(device, _PATH_DEV, len); - strncat(device, ddevname, len); - if (stat(device, &mntdevstat) == 0) - strncpy(statfsp->f_mntfromname, device, len); + strncpy(statfsp->f_mntfromname, devname, len); } - if (stat(ddevname, &mntdevstat) == 0 && - S_ISCHR(mntdevstat.st_mode) && + if (S_ISCHR(mntdevstat.st_mode) && mntdevstat.st_rdev == devstat.st_rdev) return (statfsp); } |