summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorache <ache@FreeBSD.org>2001-09-25 11:07:26 +0000
committerache <ache@FreeBSD.org>2001-09-25 11:07:26 +0000
commitc8a3d8ce02d7b30653752539a956a80365b2c892 (patch)
treec57e2887f687de4b4980b2f4937457f06c92ad3e
parent5db0075c3657e42be80e034626b54c3144aa71e4 (diff)
downloadFreeBSD-src-c8a3d8ce02d7b30653752539a956a80365b2c892.zip
FreeBSD-src-c8a3d8ce02d7b30653752539a956a80365b2c892.tar.gz
1) Back out ~/.login_conf disable
2) Pick only "me" class from ~/.login_conf as documented
-rw-r--r--lib/libutil/login.conf.52
-rw-r--r--lib/libutil/login_cap.c11
2 files changed, 5 insertions, 8 deletions
diff --git a/lib/libutil/login.conf.5 b/lib/libutil/login.conf.5
index f270630..37580b6 100644
--- a/lib/libutil/login.conf.5
+++ b/lib/libutil/login.conf.5
@@ -60,8 +60,6 @@ to set user-defined environment settings which override those specified
in the system login capabilities database.
Only a subset of login capabilities may be overridden, typically those
which do not involve authentication, resource limits and accounting.
-NOTE: this feature is compile-time disabled by default due to potential
-security risks.
.Pp
Records in a class capabilities database consist of a number of
colon-separated fields.
diff --git a/lib/libutil/login_cap.c b/lib/libutil/login_cap.c
index bb4c080..f841961 100644
--- a/lib/libutil/login_cap.c
+++ b/lib/libutil/login_cap.c
@@ -184,18 +184,17 @@ login_getclassbyname(char const *name, const struct passwd *pwd)
login_cap_t *lc;
if ((lc = malloc(sizeof(login_cap_t))) != NULL) {
- int r, i = 0;
+ int r, me, i = 0;
uid_t euid = 0;
gid_t egid = 0;
const char *msg = NULL;
- const char *dir = (pwd == NULL) ? NULL : pwd->pw_dir;
+ const char *dir;
char userpath[MAXPATHLEN];
static char *login_dbarray[] = { NULL, NULL, NULL };
-#ifndef _FILE_LOGIN_CONF_WORKS
- dir = NULL;
-#endif
+ me = (name != NULL && strcmp(name, LOGIN_MECLASS) == 0);
+ dir = (!me || pwd == NULL) ? NULL : pwd->pw_dir;
/*
* Switch to user mode before checking/reading its ~/.login_conf
* - some NFSes have root read access disabled.
@@ -227,7 +226,7 @@ login_getclassbyname(char const *name, const struct passwd *pwd)
switch (cgetent(&lc->lc_cap, login_dbarray, (char*)name)) {
case -1: /* Failed, entry does not exist */
- if (strcmp(name, LOGIN_MECLASS) == 0)
+ if (me)
break; /* Don't retry default on 'me' */
if (i == 0)
r = -1;
OpenPOWER on IntegriCloud