upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

setusercontext(): Better error messages when priority is not set correctly

Browse source 
Polish the syslog messages to contain readily useful information.

Behavior of capability 'priority' is inconsistent with what is done for
all other contexts: 'umask', 'cpumask', resource limits, etc., where an
absence of capability means to inherit the value.  It is currently
preserved for compatibility, but is subject to change on a future major
release.

Reviewed by:            emaste, kib (older version)
Approved by:            emaste (mentor)
MFC after:              3 days
Sponsored by:           Kumacom SAS
Differential Revision:  https://reviews.freebsd.org/D40349

(cherry picked from commit d988621b0c25209866ed5a98b1a8b20269935761)

Approved by:            markj (mentor)
This commit is contained in:
Olivier Certner 2023-05-29 18:39:04 +02:00 committed by Olivier Certner
parent 63c3be3b4f
commit f17cc92d15
No known key found for this signature in database
GPG key ID: 8CA13040971E2627
1 changed files with 34 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
lib/libutil/login_class.c
View file

@ -474,9 +474,7 @@ setlogincontext(login_cap_t *lc, const struct passwd *pwd, unsigned long flags)
int
setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned int flags)
{
rlim_t p;
login_cap_t *llc = NULL;
struct rtprio rtp;
int error;
if (lc == NULL) {
@ -493,30 +491,49 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in
/* Set the process priority */
if (flags & LOGIN_SETPRIORITY) {
p = login_getcapnum(lc, "priority", LOGIN_DEFPRI, LOGIN_DEFPRI);
const rlim_t def_val = LOGIN_DEFPRI, err_val = INT64_MIN;
rlim_t p = login_getcapnum(lc, "priority", def_val, err_val);
int rc;
if (p == err_val) {
/* Invariant: 'lc' != NULL. */
syslog(LOG_WARNING,
"%s%s%sLogin class '%s': "
"Invalid priority specification: '%s'",
pwd ? "Login '" : "",
pwd ? pwd->pw_name : "",
pwd ? "': " : "",
lc->lc_class,
login_getcapstr(lc, "priority", "", ""));
/* Reset the priority, as if the capability was not present. */
p = def_val;
}
if (p > PRIO_MAX) {
struct rtprio rtp;
rtp.type = RTP_PRIO_IDLE;
p += RTP_PRIO_MIN - (PRIO_MAX + 1);
rtp.prio = p > RTP_PRIO_MAX ? RTP_PRIO_MAX : p;
if (rtprio(RTP_SET, 0, &rtp))
syslog(LOG_WARNING, "rtprio '%s' (%s): %m",
pwd ? pwd->pw_name : "-",
lc ? lc->lc_class : LOGIN_DEFCLASS);
rc = rtprio(RTP_SET, 0, &rtp);
} else if (p < PRIO_MIN) {
struct rtprio rtp;
rtp.type = RTP_PRIO_REALTIME;
p += RTP_PRIO_MAX - (PRIO_MIN - 1);
rtp.prio = p < RTP_PRIO_MIN ? RTP_PRIO_MIN : p;
if (rtprio(RTP_SET, 0, &rtp))
syslog(LOG_WARNING, "rtprio '%s' (%s): %m",
pwd ? pwd->pw_name : "-",
lc ? lc->lc_class : LOGIN_DEFCLASS);
} else {
if (setpriority(PRIO_PROCESS, 0, (int)p) != 0)
syslog(LOG_WARNING, "setpriority '%s' (%s): %m",
pwd ? pwd->pw_name : "-",
lc ? lc->lc_class : LOGIN_DEFCLASS);
}
rc = rtprio(RTP_SET, 0, &rtp);
} else
rc = setpriority(PRIO_PROCESS, 0, (int)p);
if (rc != 0)
syslog(LOG_WARNING,
"%s%s%sLogin class '%s': "
"Setting priority failed: %m",
pwd ? "Login '" : "",
pwd ? pwd->pw_name : "",
pwd ? "': " : "",
lc ? lc->lc_class : "<none>");
}
/* Setup the user's group permissions */