2 * Copyright (c) 1996 by
3 * Sean Eric Fagan <sef@kithrup.com>
4 * David Nugent <davidn@blaze.net.au>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, is permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice immediately at the beginning of the file, without modification,
12 * this list of conditions, and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. This work was done expressly for inclusion into FreeBSD. Other use
17 * is permitted provided this notation is included.
18 * 4. Absolutely no warranty of function or purpose is made by the authors.
19 * 5. Modifications may be freely made to this file providing the above
22 * High-level routines relating to use of the user capabilities database
24 * $FreeBSD: head/lib/libutil/login_class.c 256850 2013-10-21 16:46:12Z kib $
27 #include <sys/types.h>
28 #include <sys/resource.h>
29 #include <sys/rtprio.h>
37 #include <login_cap.h>
48 static struct login_res
{
50 rlim_t (*who
)(login_cap_t
*, const char *, rlim_t
, rlim_t
);
53 { "cputime", login_getcaptime
, RLIMIT_CPU
},
54 { "filesize", login_getcapsize
, RLIMIT_FSIZE
},
55 { "datasize", login_getcapsize
, RLIMIT_DATA
},
56 { "stacksize", login_getcapsize
, RLIMIT_STACK
},
57 { "memoryuse", login_getcapsize
, RLIMIT_RSS
},
58 { "memorylocked", login_getcapsize
, RLIMIT_MEMLOCK
},
59 { "maxproc", login_getcapnum
, RLIMIT_NPROC
},
60 { "openfiles", login_getcapnum
, RLIMIT_NOFILE
},
61 { "coredumpsize", login_getcapsize
, RLIMIT_CORE
},
62 { "sbsize", login_getcapsize
, RLIMIT_SBSIZE
},
63 { "vmemoryuse", login_getcapsize
, RLIMIT_VMEM
},
64 #ifdef RLIMIT_POSIXLOCKS
65 { "posixlocks", login_getcapnum
, RLIMIT_POSIXLOCKS
},
72 setclassresources(login_cap_t
*lc
)
79 for (lr
= resources
; lr
->what
!= NULL
; ++lr
) {
83 * The login.conf file can have <limit>, <limit>-max, and
84 * <limit>-cur entries.
85 * What we do is get the current current- and maximum- limits.
86 * Then, we try to get an entry for <limit> from the capability,
87 * using the current and max limits we just got as the
88 * default/error values.
89 * *Then*, we try looking for <limit>-cur and <limit>-max,
90 * again using the appropriate values as the default/error
94 if (getrlimit(lr
->why
, &rlim
) != 0)
95 syslog(LOG_ERR
, "getting %s resource limit: %m", lr
->what
);
99 rlim_t rcur
= rlim
.rlim_cur
;
100 rlim_t rmax
= rlim
.rlim_max
;
102 sprintf(name_cur
, "%s-cur", lr
->what
);
103 sprintf(name_max
, "%s-max", lr
->what
);
105 rcur
= (*lr
->who
)(lc
, lr
->what
, rcur
, rcur
);
106 rmax
= (*lr
->who
)(lc
, lr
->what
, rmax
, rmax
);
107 rlim
.rlim_cur
= (*lr
->who
)(lc
, name_cur
, rcur
, rcur
);
108 rlim
.rlim_max
= (*lr
->who
)(lc
, name_max
, rmax
, rmax
);
110 if (setrlimit(lr
->why
, &rlim
) == -1)
111 syslog(LOG_WARNING
, "set class '%s' resource limit %s: %m", lc
->lc_class
, lr
->what
);
118 static struct login_vars
{
124 { "path", "PATH", NULL
, 1},
125 { "cdpath", "CDPATH", NULL
, 1},
126 { "manpath", "MANPATH", NULL
, 1},
127 { NULL
, NULL
, NULL
, 0}
129 { "lang", "LANG", NULL
, 1},
130 { "charset", "MM_CHARSET", NULL
, 1},
131 { "timezone", "TZ", NULL
, 1},
132 { "term", "TERM", NULL
, 0},
133 { NULL
, NULL
, NULL
, 0}
137 substvar(const char * var
, const struct passwd
* pwd
, int hlen
, int pch
, int nlen
)
148 for (q
= var
; *q
!= '\0'; ++q
) {
149 tildes
+= (*q
== '~');
150 dollas
+= (*q
== '$');
154 np
= malloc(strlen(var
) + (dollas
* nlen
)
155 - dollas
+ (tildes
* (pch
+hlen
))
163 * This loop does user username and homedir substitutions
164 * for unescaped $ (username) and ~ (homedir)
166 while (*(p
+= strcspn(p
, "~$")) != '\0') {
169 if (p
> np
&& *(p
-1) == '\\') /* Escaped: */
170 memmove(p
- 1, p
, l
+ 1); /* Slide-out the backslash */
171 else if (*p
== '~') {
172 int v
= pch
&& *(p
+1) != '/'; /* Avoid double // */
173 memmove(p
+ hlen
+ v
, p
+ 1, l
); /* Subst homedir */
174 memmove(p
, pwd
->pw_dir
, hlen
);
179 else /* if (*p == '$') */ {
180 memmove(p
+ nlen
, p
+ 1, l
); /* Subst username */
181 memmove(p
, pwd
->pw_name
, nlen
);
194 setclassenvironment(login_cap_t
*lc
, const struct passwd
* pwd
, int paths
)
196 struct login_vars
*vars
= paths
? pathvars
: envars
;
197 int hlen
= pwd
? strlen(pwd
->pw_dir
) : 0;
198 int nlen
= pwd
? strlen(pwd
->pw_name
) : 0;
201 if (hlen
&& pwd
->pw_dir
[hlen
-1] != '/')
204 while (vars
->tag
!= NULL
) {
205 const char * var
= paths
? login_getpath(lc
, vars
->tag
, NULL
)
206 : login_getcapstr(lc
, vars
->tag
, NULL
, NULL
);
208 char * np
= substvar(var
, pwd
, hlen
, pch
, nlen
);
211 setenv(vars
->var
, np
, vars
->overwrite
);
213 } else if (vars
->def
!= NULL
) {
214 setenv(vars
->var
, vars
->def
, 0);
220 * If we're not processing paths, then see if there is a setenv list by
221 * which the admin and/or user may set an arbitrary set of env vars.
224 const char **set_env
= login_getcaplist(lc
, "setenv", ",");
226 if (set_env
!= NULL
) {
227 while (*set_env
!= NULL
) {
228 char *p
= strchr(*set_env
, '=');
230 if (p
!= NULL
) { /* Discard invalid entries */
234 if ((np
= substvar(p
, pwd
, hlen
, pch
, nlen
)) != NULL
) {
235 setenv(*set_env
, np
, 1);
250 * For the login class <class>, set various class context values
251 * (limits, mainly) to the values for that class. Which values are
252 * set are controlled by <flags> -- see <login_class.h> for the
255 * setclasscontext() can only set resources, priority, and umask.
259 setclasscontext(const char *classname
, unsigned int flags
)
264 lc
= login_getclassbyname(classname
, NULL
);
266 flags
&= LOGIN_SETRESOURCES
| LOGIN_SETPRIORITY
|
267 LOGIN_SETUMASK
| LOGIN_SETPATH
;
269 rc
= lc
? setusercontext(lc
, NULL
, 0, flags
) : -1;
277 * Private function which takes care of processing
281 setlogincontext(login_cap_t
*lc
, const struct passwd
*pwd
,
282 mode_t mymask
, unsigned long flags
)
286 if (flags
& LOGIN_SETRESOURCES
)
287 setclassresources(lc
);
288 /* See if there's a umask override */
289 if (flags
& LOGIN_SETUMASK
)
290 mymask
= (mode_t
)login_getcapnum(lc
, "umask", mymask
, mymask
);
292 if (flags
& LOGIN_SETPATH
)
293 setclassenvironment(lc
, pwd
, 1);
294 /* Set environment */
295 if (flags
& LOGIN_SETENV
)
296 setclassenvironment(lc
, pwd
, 0);
306 * Given a login class <lc> and a user in <pwd>, with a uid <uid>,
307 * set the context as in setclasscontext(). <flags> controls which
310 * The difference between setclasscontext() and setusercontext() is
311 * that the former sets things up for an already-existing process,
312 * while the latter sets things up from a root context. Such as might
313 * be called from login(1).
318 setusercontext(login_cap_t
*lc
, const struct passwd
*pwd
, uid_t uid
, unsigned int flags
)
322 login_cap_t
*llc
= NULL
;
326 if (pwd
!= NULL
&& (lc
= login_getpwclass(pwd
)) != NULL
)
327 llc
= lc
; /* free this when we're done */
330 if (flags
& LOGIN_SETPATH
)
331 pathvars
[0].def
= uid
? _PATH_DEFPATH
: _PATH_STDPATH
;
333 /* we need a passwd entry to set these */
335 flags
&= ~(LOGIN_SETGROUP
| LOGIN_SETLOGIN
);
337 /* Set the process priority */
338 if (flags
& LOGIN_SETPRIORITY
) {
339 p
= login_getcapnum(lc
, "priority", LOGIN_DEFPRI
, LOGIN_DEFPRI
);
342 rtp
.type
= RTP_PRIO_IDLE
;
343 rtp
.prio
= p
- PRIO_MAX
- 1;
344 p
= (rtp
.prio
> RTP_PRIO_MAX
) ? 31 : p
;
345 if (rtprio(RTP_SET
, 0, &rtp
))
346 syslog(LOG_WARNING
, "rtprio '%s' (%s): %m",
347 pwd
? pwd
->pw_name
: "-",
348 lc
? lc
->lc_class
: LOGIN_DEFCLASS
);
349 } else if (p
< PRIO_MIN
) {
350 rtp
.type
= RTP_PRIO_REALTIME
;
351 rtp
.prio
= abs(p
- PRIO_MIN
+ RTP_PRIO_MAX
);
352 p
= (rtp
.prio
> RTP_PRIO_MAX
) ? 1 : p
;
353 if (rtprio(RTP_SET
, 0, &rtp
))
354 syslog(LOG_WARNING
, "rtprio '%s' (%s): %m",
355 pwd
? pwd
->pw_name
: "-",
356 lc
? lc
->lc_class
: LOGIN_DEFCLASS
);
358 if (setpriority(PRIO_PROCESS
, 0, (int)p
) != 0)
359 syslog(LOG_WARNING
, "setpriority '%s' (%s): %m",
360 pwd
? pwd
->pw_name
: "-",
361 lc
? lc
->lc_class
: LOGIN_DEFCLASS
);
365 /* Setup the user's group permissions */
366 if (flags
& LOGIN_SETGROUP
) {
367 if (setgid(pwd
->pw_gid
) != 0) {
368 syslog(LOG_ERR
, "setgid(%lu): %m", (u_long
)pwd
->pw_gid
);
372 if (initgroups(pwd
->pw_name
, pwd
->pw_gid
) == -1) {
373 syslog(LOG_ERR
, "initgroups(%s,%lu): %m", pwd
->pw_name
,
374 (u_long
)pwd
->pw_gid
);
380 /* Set the sessions login */
381 if ((flags
& LOGIN_SETLOGIN
) && setlogin(pwd
->pw_name
) != 0) {
382 syslog(LOG_ERR
, "setlogin(%s): %m", pwd
->pw_name
);
387 mymask
= (flags
& LOGIN_SETUMASK
) ? umask(LOGIN_DEFUMASK
) : 0;
388 mymask
= setlogincontext(lc
, pwd
, mymask
, flags
);
391 /* This needs to be done after anything that needs root privs */
392 if ((flags
& LOGIN_SETUSER
) && setuid(uid
) != 0) {
393 syslog(LOG_ERR
, "setuid(%lu): %m", (u_long
)uid
);
394 return (-1); /* Paranoia again */
398 * Now, we repeat some of the above for the user's private entries
400 if (getuid() == uid
&& (lc
= login_getuserclass(pwd
)) != NULL
) {
401 mymask
= setlogincontext(lc
, pwd
, mymask
, flags
);
405 /* Finally, set any umask we've found */
406 if (flags
& LOGIN_SETUMASK
)