2 * Copyright (c) 1996 by
3 * Sean Eric Fagan <sef@kithrup.com>
4 * David Nugent <davidn@blaze.net.au>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, is permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice immediately at the beginning of the file, without modification,
12 * this list of conditions, and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. This work was done expressly for inclusion into FreeBSD. Other use
17 * is permitted provided this notation is included.
18 * 4. Absolutely no warranty of function or purpose is made by the authors.
19 * 5. Modifications may be freely made to this file providing the above
22 * High-level routines relating to use of the user capabilities database
24 * $FreeBSD: src/lib/libutil/login_class.c,v 1.14.2.3 2002/08/06 07:07:52 ache Exp $
25 * $DragonFly: src/lib/libutil/login_class.c,v 1.5 2006/01/12 14:43:10 corecode Exp $
28 #include <sys/types.h>
31 #include <sys/resource.h>
32 #include <sys/rtprio.h>
44 #include "login_cap.h"
47 static struct login_res
{
49 rlim_t (*who
)(login_cap_t
*, const char *, rlim_t
, rlim_t
);
52 { "cputime", login_getcaptime
, RLIMIT_CPU
},
53 { "filesize", login_getcapsize
, RLIMIT_FSIZE
},
54 { "datasize", login_getcapsize
, RLIMIT_DATA
},
55 { "stacksize", login_getcapsize
, RLIMIT_STACK
},
56 { "memoryuse", login_getcapsize
, RLIMIT_RSS
},
57 { "memorylocked", login_getcapsize
, RLIMIT_MEMLOCK
},
58 { "maxproc", login_getcapnum
, RLIMIT_NPROC
},
59 { "openfiles", login_getcapnum
, RLIMIT_NOFILE
},
60 { "coredumpsize", login_getcapsize
, RLIMIT_CORE
},
61 { "sbsize", login_getcapsize
, RLIMIT_SBSIZE
},
62 { "vmemoryuse", login_getcapsize
, RLIMIT_VMEM
},
63 #ifdef RLIMIT_POSIXLOCKS
64 { "posixlocks", login_getcapnum
, RLIMIT_POSIXLOCKS
},
71 setclassresources(login_cap_t
*lc
)
78 for (lr
= resources
; lr
->what
!= NULL
; ++lr
) {
82 * The login.conf file can have <limit>, <limit>-max, and
83 * <limit>-cur entries.
84 * What we do is get the current current- and maximum- limits.
85 * Then, we try to get an entry for <limit> from the capability,
86 * using the current and max limits we just got as the
87 * default/error values.
88 * *Then*, we try looking for <limit>-cur and <limit>-max,
89 * again using the appropriate values as the default/error
93 if (getrlimit(lr
->why
, &rlim
) != 0)
94 syslog(LOG_ERR
, "getting %s resource limit: %m", lr
->what
);
98 rlim_t rcur
= rlim
.rlim_cur
;
99 rlim_t rmax
= rlim
.rlim_max
;
101 sprintf(name_cur
, "%s-cur", lr
->what
);
102 sprintf(name_max
, "%s-max", lr
->what
);
104 rcur
= (*lr
->who
)(lc
, lr
->what
, rcur
, rcur
);
105 rmax
= (*lr
->who
)(lc
, lr
->what
, rmax
, rmax
);
106 rlim
.rlim_cur
= (*lr
->who
)(lc
, name_cur
, rcur
, rcur
);
107 rlim
.rlim_max
= (*lr
->who
)(lc
, name_max
, rmax
, rmax
);
109 if (setrlimit(lr
->why
, &rlim
) == -1)
110 syslog(LOG_WARNING
, "set class '%s' resource limit %s: %m", lc
->lc_class
, lr
->what
);
117 static struct login_vars
{
123 { "path", "PATH", NULL
, 1},
124 { "cdpath", "CDPATH", NULL
, 1},
125 { "manpath", "MANPATH", NULL
, 1},
126 { NULL
, NULL
, NULL
, 0}
128 { "lang", "LANG", NULL
, 1},
129 { "charset", "MM_CHARSET", NULL
, 1},
130 { "timezone", "TZ", NULL
, 1},
131 { "term", "TERM", NULL
, 0},
132 { NULL
, NULL
, NULL
, 0}
136 substvar(char * var
, const struct passwd
* pwd
, int hlen
, int pch
, int nlen
)
146 /* Count the number of ~'s in var to substitute */
148 for (p
= var
; (p
= strchr(p
, '~')) != NULL
; p
++)
150 /* Count the number of $'s in var to substitute */
152 for (p
= var
; (p
= strchr(p
, '$')) != NULL
; p
++)
156 np
= malloc(strlen(var
) + (dollas
* nlen
)
157 - dollas
+ (tildes
* (pch
+hlen
))
165 * This loop does user username and homedir substitutions
166 * for unescaped $ (username) and ~ (homedir)
168 while (*(p
+= strcspn(p
, "~$")) != '\0') {
171 if (p
> np
&& *(p
-1) == '\\') /* Escaped: */
172 memmove(p
- 1, p
, l
+ 1); /* Slide-out the backslash */
173 else if (*p
== '~') {
174 int v
= pch
&& *(p
+1) != '/'; /* Avoid double // */
175 memmove(p
+ hlen
+ v
, p
+ 1, l
); /* Subst homedir */
176 memmove(p
, pwd
->pw_dir
, hlen
);
181 else /* if (*p == '$') */ {
182 memmove(p
+ nlen
, p
+ 1, l
); /* Subst username */
183 memmove(p
, pwd
->pw_name
, nlen
);
196 setclassenvironment(login_cap_t
*lc
, const struct passwd
* pwd
, int paths
)
198 struct login_vars
*vars
= paths
? pathvars
: envars
;
199 int hlen
= pwd
? strlen(pwd
->pw_dir
) : 0;
200 int nlen
= pwd
? strlen(pwd
->pw_name
) : 0;
203 if (hlen
&& pwd
->pw_dir
[hlen
-1] != '/')
206 while (vars
->tag
!= NULL
) {
207 char * var
= paths
? login_getpath(lc
, vars
->tag
, NULL
)
208 : login_getcapstr(lc
, vars
->tag
, NULL
, NULL
);
210 char * np
= substvar(var
, pwd
, hlen
, pch
, nlen
);
213 if (setenv(vars
->var
, np
, vars
->overwrite
) == -1) {
214 syslog(LOG_ERR
, "setclassenvironment: %m");
219 } else if (vars
->def
!= NULL
) {
220 if (setenv(vars
->var
, vars
->def
, 0) == -1) {
221 syslog(LOG_ERR
, "setclassenvironment: %m");
229 * If we're not processing paths, then see if there is a setenv list by
230 * which the admin and/or user may set an arbitrary set of env vars.
233 char **set_env
= login_getcaplist(lc
, "setenv", ",");
235 if (set_env
!= NULL
) {
236 while (*set_env
!= NULL
) {
237 char *p
= strchr(*set_env
, '=');
239 if (p
!= NULL
) { /* Discard invalid entries */
243 if ((np
= substvar(p
, pwd
, hlen
, pch
, nlen
)) != NULL
) {
244 if (setenv(*set_env
, np
, 1) == -1) {
262 * For the login class <class>, set various class context values
263 * (limits, mainly) to the values for that class. Which values are
264 * set are controlled by <flags> -- see <login_class.h> for the
267 * setclasscontext() can only set resources, priority, and umask.
271 setclasscontext(const char *classname
, unsigned int flags
)
276 lc
= login_getclassbyname(classname
, NULL
);
278 flags
&= LOGIN_SETRESOURCES
| LOGIN_SETPRIORITY
|
279 LOGIN_SETUMASK
| LOGIN_SETPATH
;
281 rc
= lc
? setusercontext(lc
, NULL
, 0, flags
) : -1;
289 * Private functionw which takes care of processing
293 setlogincontext(login_cap_t
*lc
, const struct passwd
*pwd
,
294 mode_t mymask
, unsigned long flags
, int *errcode
)
299 if (flags
& LOGIN_SETRESOURCES
)
300 setclassresources(lc
);
301 /* See if there's a umask override */
302 if (flags
& LOGIN_SETUMASK
)
303 mymask
= (mode_t
)login_getcapnum(lc
, "umask", mymask
, mymask
);
305 if (flags
& LOGIN_SETPATH
) {
306 if (setclassenvironment(lc
, pwd
, 1) == -1)
309 /* Set environment */
310 if (flags
& LOGIN_SETENV
) {
311 if (setclassenvironment(lc
, pwd
, 0) == -1)
323 * Given a login class <lc> and a user in <pwd>, with a uid <uid>,
324 * set the context as in setclasscontext(). <flags> controls which
327 * The difference between setclasscontext() and setusercontext() is
328 * that the former sets things up for an already-existing process,
329 * while the latter sets things up from a root context. Such as might
330 * be called from login(1).
335 setusercontext(login_cap_t
*lc
, const struct passwd
*pwd
, uid_t uid
, unsigned int flags
)
339 login_cap_t
*llc
= NULL
;
340 #ifndef __NETBSD_SYSCALLS
346 if (pwd
!= NULL
&& (lc
= login_getpwclass(pwd
)) != NULL
)
347 llc
= lc
; /* free this when we're done */
350 if (flags
& LOGIN_SETPATH
)
351 pathvars
[0].def
= uid
? _PATH_DEFPATH
: _PATH_STDPATH
;
353 /* we need a passwd entry to set these */
355 flags
&= ~(LOGIN_SETGROUP
| LOGIN_SETLOGIN
);
357 /* Set the process priority */
358 if (flags
& LOGIN_SETPRIORITY
) {
359 p
= login_getcapnum(lc
, "priority", LOGIN_DEFPRI
, LOGIN_DEFPRI
);
362 #ifndef __NETBSD_SYSCALLS
363 rtp
.type
= RTP_PRIO_IDLE
;
364 rtp
.prio
= p
- PRIO_MAX
- 1;
365 p
= (rtp
.prio
> RTP_PRIO_MAX
) ? 31 : p
;
366 if(rtprio(RTP_SET
, 0, &rtp
))
367 syslog(LOG_WARNING
, "rtprio '%s' (%s): %m",
368 pwd
->pw_name
, lc
? lc
->lc_class
: LOGIN_DEFCLASS
);
370 } else if(p
< PRIO_MIN
) {
371 #ifndef __NETBSD_SYSCALLS
372 rtp
.type
= RTP_PRIO_REALTIME
;
373 rtp
.prio
= abs(p
- PRIO_MIN
+ RTP_PRIO_MAX
);
374 p
= (rtp
.prio
> RTP_PRIO_MAX
) ? 1 : p
;
375 if(rtprio(RTP_SET
, 0, &rtp
))
376 syslog(LOG_WARNING
, "rtprio '%s' (%s): %m",
377 pwd
->pw_name
, lc
? lc
->lc_class
: LOGIN_DEFCLASS
);
380 if (setpriority(PRIO_PROCESS
, 0, (int)p
) != 0)
381 syslog(LOG_WARNING
, "setpriority '%s' (%s): %m",
382 pwd
->pw_name
, lc
? lc
->lc_class
: LOGIN_DEFCLASS
);
386 /* Setup the user's group permissions */
387 if (flags
& LOGIN_SETGROUP
) {
388 if (setgid(pwd
->pw_gid
) != 0) {
389 syslog(LOG_ERR
, "setgid(%lu): %m", (u_long
)pwd
->pw_gid
);
393 if (initgroups(pwd
->pw_name
, pwd
->pw_gid
) == -1) {
394 syslog(LOG_ERR
, "initgroups(%s,%lu): %m", pwd
->pw_name
,
395 (u_long
)pwd
->pw_gid
);
401 /* Set the sessions login */
402 if ((flags
& LOGIN_SETLOGIN
) && setlogin(pwd
->pw_name
) != 0) {
403 syslog(LOG_ERR
, "setlogin(%s): %m", pwd
->pw_name
);
408 mymask
= (flags
& LOGIN_SETUMASK
) ? umask(LOGIN_DEFUMASK
) : 0;
409 mymask
= setlogincontext(lc
, pwd
, mymask
, flags
, &errcode
);
416 /* This needs to be done after anything that needs root privs */
417 if ((flags
& LOGIN_SETUSER
) && setuid(uid
) != 0) {
418 syslog(LOG_ERR
, "setuid(%lu): %m", (u_long
)uid
);
419 return -1; /* Paranoia again */
423 * Now, we repeat some of the above for the user's private entries
425 if ((lc
= login_getuserclass(pwd
)) != NULL
) {
426 mymask
= setlogincontext(lc
, pwd
, mymask
, flags
, &errcode
);
434 /* Finally, set any umask we've found */
435 if (flags
& LOGIN_SETUMASK
)