diff options
author | ache <ache@FreeBSD.org> | 2001-09-25 11:07:26 +0000 |
---|---|---|
committer | ache <ache@FreeBSD.org> | 2001-09-25 11:07:26 +0000 |
commit | c8a3d8ce02d7b30653752539a956a80365b2c892 (patch) | |
tree | c57e2887f687de4b4980b2f4937457f06c92ad3e | |
parent | 5db0075c3657e42be80e034626b54c3144aa71e4 (diff) | |
download | FreeBSD-src-c8a3d8ce02d7b30653752539a956a80365b2c892.zip FreeBSD-src-c8a3d8ce02d7b30653752539a956a80365b2c892.tar.gz |
1) Back out ~/.login_conf disable
2) Pick only "me" class from ~/.login_conf as documented
-rw-r--r-- | lib/libutil/login.conf.5 | 2 | ||||
-rw-r--r-- | lib/libutil/login_cap.c | 11 |
2 files changed, 5 insertions, 8 deletions
diff --git a/lib/libutil/login.conf.5 b/lib/libutil/login.conf.5 index f270630..37580b6 100644 --- a/lib/libutil/login.conf.5 +++ b/lib/libutil/login.conf.5 @@ -60,8 +60,6 @@ to set user-defined environment settings which override those specified in the system login capabilities database. Only a subset of login capabilities may be overridden, typically those which do not involve authentication, resource limits and accounting. -NOTE: this feature is compile-time disabled by default due to potential -security risks. .Pp Records in a class capabilities database consist of a number of colon-separated fields. diff --git a/lib/libutil/login_cap.c b/lib/libutil/login_cap.c index bb4c080..f841961 100644 --- a/lib/libutil/login_cap.c +++ b/lib/libutil/login_cap.c @@ -184,18 +184,17 @@ login_getclassbyname(char const *name, const struct passwd *pwd) login_cap_t *lc; if ((lc = malloc(sizeof(login_cap_t))) != NULL) { - int r, i = 0; + int r, me, i = 0; uid_t euid = 0; gid_t egid = 0; const char *msg = NULL; - const char *dir = (pwd == NULL) ? NULL : pwd->pw_dir; + const char *dir; char userpath[MAXPATHLEN]; static char *login_dbarray[] = { NULL, NULL, NULL }; -#ifndef _FILE_LOGIN_CONF_WORKS - dir = NULL; -#endif + me = (name != NULL && strcmp(name, LOGIN_MECLASS) == 0); + dir = (!me || pwd == NULL) ? NULL : pwd->pw_dir; /* * Switch to user mode before checking/reading its ~/.login_conf * - some NFSes have root read access disabled. @@ -227,7 +226,7 @@ login_getclassbyname(char const *name, const struct passwd *pwd) switch (cgetent(&lc->lc_cap, login_dbarray, (char*)name)) { case -1: /* Failed, entry does not exist */ - if (strcmp(name, LOGIN_MECLASS) == 0) + if (me) break; /* Don't retry default on 'me' */ if (i == 0) r = -1; |