git: 787abe7d6eb6 - stable/14 - setusercontext(): Set umask in a separate function, setclassumask()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 01 Feb 2024 21:31:10 UTC
The branch stable/14 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=787abe7d6eb64cefe0d92a6a9f00324f960bd55e commit 787abe7d6eb64cefe0d92a6a9f00324f960bd55e Author: Olivier Certner <olce@FreeBSD.org> AuthorDate: 2023-06-20 16:46:31 +0000 Commit: Olivier Certner <olce@FreeBSD.org> CommitDate: 2024-02-01 21:28:52 +0000 setusercontext(): Set umask in a separate function, setclassumask() Reviewed by: emaste Approved by: emaste (mentor) MFC after: 3 days Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D40686 (cherry picked from commit 0dd1705f584947625892988afe59e4cedb5cdd09) Approved by: markj (mentor) --- lib/libutil/login_class.c | 59 ++++++++++++++++++++++++++--------------------- 1 file changed, 33 insertions(+), 26 deletions(-) diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c index 2b85425d8d8e..69230db32961 100644 --- a/lib/libutil/login_class.c +++ b/lib/libutil/login_class.c @@ -381,6 +381,37 @@ setclasscontext(const char *classname, unsigned int flags) } +/* + * Private function setting umask from the login class. + */ +static void +setclassumask(login_cap_t *lc, const struct passwd *pwd) +{ + /* + * Make it unlikely that someone would input our default sentinel + * indicating no specification. + */ + const rlim_t def_val = INT64_MIN + 1, err_val = INT64_MIN; + const rlim_t val = login_getcapnum(lc, "umask", def_val, err_val); + + if (val != def_val) { + if (val < 0 || val > UINT16_MAX) { + /* We get here also on 'err_val'. */ + syslog(LOG_WARNING, + "%s%s%sLogin class '%s': " + "Invalid umask specification: '%s'", + pwd ? "Login '" : "", + pwd ? pwd->pw_name : "", + pwd ? "': " : "", + lc->lc_class, + login_getcapstr(lc, "umask", "", "")); + } else { + const mode_t mode = val; + + umask(mode); + } + } +} /* * Private function which takes care of processing @@ -394,32 +425,8 @@ setlogincontext(login_cap_t *lc, const struct passwd *pwd, unsigned long flags) if (flags & LOGIN_SETRESOURCES) setclassresources(lc); /* See if there's a umask override */ - if (flags & LOGIN_SETUMASK) { - /* - * Make it unlikely that someone would input our default sentinel - * indicating no specification. - */ - const rlim_t def_val = INT64_MIN + 1, err_val = INT64_MIN; - const rlim_t val = login_getcapnum(lc, "umask", def_val, err_val); - - if (val != def_val) { - if (val < 0 || val > UINT16_MAX) { - /* We get here also on 'err_val'. */ - syslog(LOG_WARNING, - "%s%s%sLogin class '%s': " - "Invalid umask specification: '%s'", - pwd ? "Login '" : "", - pwd ? pwd->pw_name : "", - pwd ? "': " : "", - lc->lc_class, - login_getcapstr(lc, "umask", "", "")); - } else { - const mode_t mode = val; - - umask(mode); - } - } - } + if (flags & LOGIN_SETUMASK) + setclassumask(lc, pwd); /* Set paths */ if (flags & LOGIN_SETPATH) setclassenvironment(lc, pwd, 1);