git: 787abe7d6eb6 - stable/14 - setusercontext(): Set umask in a separate function, setclassumask()

From: Olivier Certner <olce_at_FreeBSD.org>
Date: Thu, 01 Feb 2024 21:31:10 UTC
The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=787abe7d6eb64cefe0d92a6a9f00324f960bd55e

commit 787abe7d6eb64cefe0d92a6a9f00324f960bd55e
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2023-06-20 16:46:31 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2024-02-01 21:28:52 +0000

    setusercontext(): Set umask in a separate function, setclassumask()
    
    Reviewed by:            emaste
    Approved by:            emaste (mentor)
    MFC after:              3 days
    Sponsored by:           Kumacom SAS
    Differential Revision:  https://reviews.freebsd.org/D40686
    
    (cherry picked from commit 0dd1705f584947625892988afe59e4cedb5cdd09)
    
    Approved by:            markj (mentor)
---
 lib/libutil/login_class.c | 59 ++++++++++++++++++++++++++---------------------
 1 file changed, 33 insertions(+), 26 deletions(-)

diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c
index 2b85425d8d8e..69230db32961 100644
--- a/lib/libutil/login_class.c
+++ b/lib/libutil/login_class.c
@@ -381,6 +381,37 @@ setclasscontext(const char *classname, unsigned int flags)
 }
 
 
+/*
+ * Private function setting umask from the login class.
+ */
+static void
+setclassumask(login_cap_t *lc, const struct passwd *pwd)
+{
+	/*
+	 * Make it unlikely that someone would input our default sentinel
+	 * indicating no specification.
+	 */
+	const rlim_t def_val = INT64_MIN + 1, err_val = INT64_MIN;
+	const rlim_t val = login_getcapnum(lc, "umask", def_val, err_val);
+
+	if (val != def_val) {
+		if (val < 0 || val > UINT16_MAX) {
+			/* We get here also on 'err_val'. */
+			syslog(LOG_WARNING,
+			    "%s%s%sLogin class '%s': "
+			    "Invalid umask specification: '%s'",
+			    pwd ? "Login '" : "",
+			    pwd ? pwd->pw_name : "",
+			    pwd ? "': " : "",
+			    lc->lc_class,
+			    login_getcapstr(lc, "umask", "", ""));
+		} else {
+			const mode_t mode = val;
+
+			umask(mode);
+		}
+	}
+}
 
 /*
  * Private function which takes care of processing
@@ -394,32 +425,8 @@ setlogincontext(login_cap_t *lc, const struct passwd *pwd, unsigned long flags)
 	if (flags & LOGIN_SETRESOURCES)
 	    setclassresources(lc);
 	/* See if there's a umask override */
-	if (flags & LOGIN_SETUMASK) {
-	    /*
-	     * Make it unlikely that someone would input our default sentinel
-	     * indicating no specification.
-	     */
-	    const rlim_t def_val = INT64_MIN + 1, err_val = INT64_MIN;
-	    const rlim_t val = login_getcapnum(lc, "umask", def_val, err_val);
-
-	    if (val != def_val) {
-		if (val < 0 || val > UINT16_MAX) {
-		    /* We get here also on 'err_val'. */
-		    syslog(LOG_WARNING,
-			"%s%s%sLogin class '%s': "
-			"Invalid umask specification: '%s'",
-			pwd ? "Login '" : "",
-			pwd ? pwd->pw_name : "",
-			pwd ? "': " : "",
-			lc->lc_class,
-			login_getcapstr(lc, "umask", "", ""));
-		} else {
-		    const mode_t mode = val;
-
-		    umask(mode);
-		}
-	    }
-	}
+	if (flags & LOGIN_SETUMASK)
+	    setclassumask(lc, pwd);
 	/* Set paths */
 	if (flags & LOGIN_SETPATH)
 	    setclassenvironment(lc, pwd, 1);