summaryrefslogtreecommitdiffstats
path: root/lib/libutil/login_class.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix NULL ptr dereference in setusercontext if pwd is null,eadler2012-02-091-3/+6
| | | | | | | | | | | LOGIN_SETPRIORITY is set, and setting the priority (rtprio or setpriority) fails. PR: kern/164238 Submitted by: Alexander Wittig <alexander@wittig.name> Reviewed by: des Approved by: cperciva MFC after: 1 month
* Add two new system calls, setloginclass(2) and getloginclass(2). This makestrasz2011-03-051-0/+23
| | | | | | | | | it possible for the kernel to track login class the process is assigned to, which is required for RCTL. This change also make setusercontext(3) call setloginclass(2) and makes it possible to retrieve current login class using id(1). Reviewed by: kib (as part of a larger patch)
* In setusercontext(), do not apply user settings unless running as thedes2010-08-161-1/+1
| | | | | | | | user in question (usually but not necessarily because we were called with LOGIN_SETUSER). This plugs a hole where users could raise their resource limits and expand their CPU mask. MFC after: 3 weeks
* Usermode portion of the support for swap allocation accounting:kib2009-06-231-0/+1
| | | | | | | | | | | - update for getrlimit(2) manpage; - support for setting RLIMIT_SWAP in login class; - addition to the limits(1) and sh and csh limit-setting builtins; - tuning(7) documentation on the sysctls controlling overcommit. In collaboration with: pho Reviewed by: alc Approved by: re (kensmith)
* Avoid assigning a const char * to a char *.des2008-11-041-6/+5
| | | | MFC after: 3 weeks
* Parenthesize return values.des2008-10-201-11/+11
|
* include and whitespace cleanup.des2008-10-201-7/+8
|
* Integrate the new MPSAFE TTY layer to the FreeBSD operating system.ed2008-08-201-12/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The last half year I've been working on a replacement TTY layer for the FreeBSD kernel. The new TTY layer was designed to improve the following: - Improved driver model: The old TTY layer has a driver model that is not abstract enough to make it friendly to use. A good example is the output path, where the device drivers directly access the output buffers. This means that an in-kernel PPP implementation must always convert network buffers into TTY buffers. If a PPP implementation would be built on top of the new TTY layer (still needs a hooks layer, though), it would allow the PPP implementation to directly hand the data to the TTY driver. - Improved hotplugging: With the old TTY layer, it isn't entirely safe to destroy TTY's from the system. This implementation has a two-step destructing design, where the driver first abandons the TTY. After all threads have left the TTY, the TTY layer calls a routine in the driver, which can be used to free resources (unit numbers, etc). The pts(4) driver also implements this feature, which means posix_openpt() will now return PTY's that are created on the fly. - Improved performance: One of the major improvements is the per-TTY mutex, which is expected to improve scalability when compared to the old Giant locking. Another change is the unbuffered copying to userspace, which is both used on TTY device nodes and PTY masters. Upgrading should be quite straightforward. Unlike previous versions, existing kernel configuration files do not need to be changed, except when they reference device drivers that are listed in UPDATING. Obtained from: //depot/projects/mpsafetty/... Approved by: philip (ex-mentor) Discussed: on the lists, at BSDCan, at the DevSummit Sponsored by: Snow B.V., the Netherlands dcons(4) fixed by: kan
* Add support for a new login capability, cpumask which allows loginbrooks2008-07-251-0/+107
| | | | sessions to be pinned to cpus by login class.
* Fix one kind of style(9) bug and a typo in a comment.yar2007-05-011-5/+5
| | | | Tested with: md5(1)
* Remove __NETBSD_SYSCALLS.tjr2003-10-291-6/+0
|
* ANSIfy, WARNSify, CONSTify. Bit of style(9)-ify.markm2003-10-181-1/+1
|
* Tidy up. Sort headers.markm2003-06-141-9/+9
|
* Add LOGIN_SETMAC to the list of flags that can't be set without classrwatson2002-11-121-1/+1
| | | | | | | | information, since we rely on the pwd entry to know what MAC labels to set as part of the login process. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* If LOGIN_SETMAC is set and MAC is enabled in the kernel, then seerwatson2002-10-231-0/+27
| | | | | | | | | | | | if the user has a 'label' entry in their login class. If so, attempt to set that label on the process as part of the credential setup. If we're unable to parse the label, or unable to set the label, fail. In the future, we may also want to warn if a label is set but the kernel doesn't support MAC. Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* Add additional field 'overwrite' to login_vars. It mainly needed to handleache2002-06-281-10/+11
| | | | | "term" according to manpage, i.e. not overwrite it, if already present in environment.
* Make libutil aware of vmemoryuse in its login.conf cap processing (akadillon2002-06-261-0/+1
| | | | sshd, /usr/bin/login, etc)
* Const poisoning.ru2002-04-081-7/+5
|
* Add __FBSDID()s to libutildillon2001-09-301-2/+3
|
* Make sbsize a size instead of a number. This allows the usual suffixessheldonh2000-07-141-1/+1
| | | | | | | | | to be applied to the value given. This does not break installed /etc/login.conf files, since un-suffixed numbers are interpreted as they were before. PR: 19750 Submitted by: Paul Herman <pherman@frenchfries.net>
* Do not set the default terminal type to "su", leave it empty.ru2000-01-191-5/+1
| | | | | PR: bin/5084 Reviewed by: asmodai, davidn, sef
* This implements the RLIMIT_SBSIZE ("sbsize") administrative limits forgreen1999-10-091-0/+1
| | | | | userland. Currently, it can be enforced by login and csh. More shells supporting sbsize are welcome.
* $Id$ -> $FreeBSD$peter1999-08-281-1/+1
|
* fix potential memory overwrite in escape parsingache1999-05-131-2/+2
| | | | | PR: 11687 Submitted by: Don Lewis <Don.Lewis@tsc.tdk.com>
* Print uid/gid as u_long per bde suggestionache1998-07-291-5/+5
|
* cast arg to (long) to match formatache1998-07-281-3/+3
|
* If using NetBSD syscalls the rtprio syscall doesn't exist, so justjb1998-06-031-1/+7
| | | | don't try to use it to set special priorities.
* Allow setting of idle or realtime processing priorities persteve1998-05-251-5/+22
| | | | | | | login class. PR: 6636 Submitted by: Jason Young <doogie@forbidden-donut.anet-stl.com>
* Summary of login.conf support changes:davidn1997-05-101-244/+255
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | o Incorporated BSDI code and enhancements, better logging for error checking (which has been shown to be a problem, and is therefore justified, imho); also some minor things we were missing, including better quad_t math, which checks for under/overflows. o setusercontext() now allows user resource limit overrides, but does this AFTER dropping root privs, to restrict the user to droping hard limits and set soft limits within the kernel's allowed user limits. o umask() only set once, and only if requested. o add _secure_path(), and use in login.conf to guard against symlinks etc. and non-root owned or non-user owned files being used. Derived from BSDI contributed code. o revamped authentication code to BSDI's latest api, which includes deleting authenticate() and adding auth_check() and a few other functions. This is still marked as depecated in BSDI, but is included for completeness. No other source in the tree uses this anyway, so it is now bracketed with #ifdef LOGIN_CAP_AUTH which is by default not defined. Only auth_checknologin() and auth_cat() are actually used in module login_auth.c. o AUTH_NONE definition removed (collided with other includes in the tree). [bde] o BSDI's login_getclass() now accepts a char *classname parameter rather than struct passwd *pwd. We now do likewise, but added login_getpwclass() for (sort of) backwards compatiblity, namely because we handle root as a special case for the default class. This will require quite a few changes elsewhere in the source tree. o We no longer pretend to support rlim_t as a long type. o Revised code formatting to be more bsd-ish style.
* Revert $FreeBSD$ to $Id$peter1997-02-221-1/+1
|
* #include <sys/stat.h> for umask() prototype.davidn1997-01-291-0/+1
|
* Make the long-awaited change from $Id$ to $FreeBSD$jkh1997-01-141-1/+1
| | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
* Various bugfixes.davidn1997-01-071-27/+31
|
* Library functions relating to the login class capabilities database,davidn1997-01-041-0/+371
including manpages. See also login_cap.h.
OpenPOWER on IntegriCloud