diff options
| author | Edward Tomasz Napierala <trasz@FreeBSD.org> | 2011-03-05 12:40:35 +0000 |
|---|---|---|
| committer | Edward Tomasz Napierala <trasz@FreeBSD.org> | 2011-03-05 12:40:35 +0000 |
| commit | 2bfc50bc4fbc3ad7e8bdfeb6b55d72ea55c4f18b (patch) | |
| tree | 8810ff86b50f45ade154877395ba9bd0885b1dea /lib/libutil | |
| parent | 99bb3c5399fd19675d30c698a4ccd5ee138cb1e4 (diff) | |
| download | src-2bfc50bc4fbc3ad7e8bdfeb6b55d72ea55c4f18b.tar.gz src-2bfc50bc4fbc3ad7e8bdfeb6b55d72ea55c4f18b.zip | |
Add two new system calls, setloginclass(2) and getloginclass(2). This makes
it possible for the kernel to track login class the process is assigned to,
which is required for RCTL. This change also make setusercontext(3) call
setloginclass(2) and makes it possible to retrieve current login class using
id(1).
Reviewed by: kib (as part of a larger patch)
Notes
Notes:
svn path=/head/; revision=219304
Diffstat (limited to 'lib/libutil')
| -rw-r--r-- | lib/libutil/login_cap.h | 3 | ||||
| -rw-r--r-- | lib/libutil/login_class.c | 23 |
2 files changed, 25 insertions, 1 deletions
diff --git a/lib/libutil/login_cap.h b/lib/libutil/login_cap.h index 082e34bc11a5..ec1421b80661 100644 --- a/lib/libutil/login_cap.h +++ b/lib/libutil/login_cap.h @@ -49,7 +49,8 @@ #define LOGIN_SETENV 0x0080 /* set user environment */ #define LOGIN_SETMAC 0x0100 /* set user default MAC label */ #define LOGIN_SETCPUMASK 0x0200 /* set user cpumask */ -#define LOGIN_SETALL 0x03ff /* set everything */ +#define LOGIN_SETLOGINCLASS 0x0400 /* set login class in the kernel */ +#define LOGIN_SETALL 0x07ff /* set everything */ #define BI_AUTH "authorize" /* accepted authentication */ #define BI_REJECT "reject" /* rejected authentication */ diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c index d952940f6008..68fdf2b49ff7 100644 --- a/lib/libutil/login_class.c +++ b/lib/libutil/login_class.c @@ -40,6 +40,7 @@ __FBSDID("$FreeBSD$"); #include <login_cap.h> #include <paths.h> #include <pwd.h> +#include <signal.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -425,6 +426,7 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in quad_t p; mode_t mymask; login_cap_t *llc = NULL; + struct sigaction sa, prevsa; struct rtprio rtp; int error; @@ -512,6 +514,27 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in return (-1); } + /* Inform the kernel about current login class */ + if (lc != NULL && lc->lc_class != NULL && (flags & LOGIN_SETLOGINCLASS)) { + /* + * XXX: This is a workaround to fail gracefully in case the kernel + * does not support setloginclass(2). + */ + bzero(&sa, sizeof(sa)); + sa.sa_handler = SIG_IGN; + sigfillset(&sa.sa_mask); + sigaction(SIGSYS, &sa, &prevsa); + error = setloginclass(lc->lc_class); + sigaction(SIGSYS, &prevsa, NULL); + if (error != 0) { + syslog(LOG_ERR, "setloginclass(%s): %m", lc->lc_class); +#ifdef notyet + login_close(llc); + return (-1); +#endif + } + } + mymask = (flags & LOGIN_SETUMASK) ? umask(LOGIN_DEFUMASK) : 0; mymask = setlogincontext(lc, pwd, mymask, flags); login_close(llc); |