git: 0a366bb44e65 - stable/13 - setusercontext(): Better error messages when priority is not set correctly

From: Olivier Certner <olce_at_FreeBSD.org>
Date: Thu, 01 Feb 2024 21:26:09 UTC
The branch stable/13 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=0a366bb44e65efeed9568b47c673ddc648a4d7e2

commit 0a366bb44e65efeed9568b47c673ddc648a4d7e2
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2023-05-29 16:39:04 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2024-02-01 21:23:37 +0000

    setusercontext(): Better error messages when priority is not set correctly
    
    Polish the syslog messages to contain readily useful information.
    
    Behavior of capability 'priority' is inconsistent with what is done for
    all other contexts: 'umask', 'cpumask', resource limits, etc., where an
    absence of capability means to inherit the value.  It is currently
    preserved for compatibility, but is subject to change on a future major
    release.
    
    Reviewed by:            emaste, kib (older version)
    Approved by:            emaste (mentor)
    MFC after:              3 days
    Sponsored by:           Kumacom SAS
    Differential Revision:  https://reviews.freebsd.org/D40349
    
    (cherry picked from commit d988621b0c25209866ed5a98b1a8b20269935761)
    
    Approved by:            markj (mentor)
---
 lib/libutil/login_class.c | 51 +++++++++++++++++++++++++++++++----------------
 1 file changed, 34 insertions(+), 17 deletions(-)

diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c
index 33a2189277ca..9c3285736f3b 100644
--- a/lib/libutil/login_class.c
+++ b/lib/libutil/login_class.c
@@ -474,9 +474,7 @@ setlogincontext(login_cap_t *lc, const struct passwd *pwd, unsigned long flags)
 int
 setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned int flags)
 {
-    rlim_t	p;
     login_cap_t *llc = NULL;
-    struct rtprio rtp;
     int error;
 
     if (lc == NULL) {
@@ -493,30 +491,49 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in
 
     /* Set the process priority */
     if (flags & LOGIN_SETPRIORITY) {
-	p = login_getcapnum(lc, "priority", LOGIN_DEFPRI, LOGIN_DEFPRI);
+	const rlim_t def_val = LOGIN_DEFPRI, err_val = INT64_MIN;
+	rlim_t p = login_getcapnum(lc, "priority", def_val, err_val);
+	int rc;
+
+	if (p == err_val) {
+	    /* Invariant: 'lc' != NULL. */
+	    syslog(LOG_WARNING,
+		"%s%s%sLogin class '%s': "
+		"Invalid priority specification: '%s'",
+		pwd ? "Login '" : "",
+		pwd ? pwd->pw_name : "",
+		pwd ? "': " : "",
+		lc->lc_class,
+		login_getcapstr(lc, "priority", "", ""));
+	    /* Reset the priority, as if the capability was not present. */
+	    p = def_val;
+	}
 
 	if (p > PRIO_MAX) {
+	    struct rtprio rtp;
+
 	    rtp.type = RTP_PRIO_IDLE;
 	    p += RTP_PRIO_MIN - (PRIO_MAX + 1);
 	    rtp.prio = p > RTP_PRIO_MAX ? RTP_PRIO_MAX : p;
-	    if (rtprio(RTP_SET, 0, &rtp))
-		syslog(LOG_WARNING, "rtprio '%s' (%s): %m",
-		    pwd ? pwd->pw_name : "-",
-		    lc ? lc->lc_class : LOGIN_DEFCLASS);
+	    rc = rtprio(RTP_SET, 0, &rtp);
 	} else if (p < PRIO_MIN) {
+	    struct rtprio rtp;
+
 	    rtp.type = RTP_PRIO_REALTIME;
 	    p += RTP_PRIO_MAX - (PRIO_MIN - 1);
 	    rtp.prio = p < RTP_PRIO_MIN ? RTP_PRIO_MIN : p;
-	    if (rtprio(RTP_SET, 0, &rtp))
-		syslog(LOG_WARNING, "rtprio '%s' (%s): %m",
-		    pwd ? pwd->pw_name : "-",
-		    lc ? lc->lc_class : LOGIN_DEFCLASS);
-	} else {
-	    if (setpriority(PRIO_PROCESS, 0, (int)p) != 0)
-		syslog(LOG_WARNING, "setpriority '%s' (%s): %m",
-		    pwd ? pwd->pw_name : "-",
-		    lc ? lc->lc_class : LOGIN_DEFCLASS);
-	}
+	    rc = rtprio(RTP_SET, 0, &rtp);
+	} else
+	    rc = setpriority(PRIO_PROCESS, 0, (int)p);
+
+	if (rc != 0)
+	    syslog(LOG_WARNING,
+		"%s%s%sLogin class '%s': "
+		"Setting priority failed: %m",
+		pwd ? "Login '" : "",
+		pwd ? pwd->pw_name : "",
+		pwd ? "': " : "",
+		lc ? lc->lc_class : "<none>");
     }
 
     /* Setup the user's group permissions */