From nobody Thu Feb 01 21:31:15 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TQsXh2TThz58hrC; Thu, 1 Feb 2024 21:31:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TQsXg6zB2z4c6N; Thu, 1 Feb 2024 21:31:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1706823076; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+1TqVgY0V70Kfa1jZcqKfaoj6XMsUONSH3WxYtUTWLY=; b=K+nHKKGQgGMwQFZsn/Kvn9oEwg0xI2xPWCe8dfGmFsTQCHxsbYAlJsUcIrIpeyI41+ESuh zALjM+M4026YcHtp1E3dgfR3fn9bQq/yM4BSBzyFyNAioSNXWWJuLChp0Ks2HPynXQPMdL Ha+atIfGtoUSMWtTk6BlbUn1ifidVszNCbqH0Zasj1P0zitrWP0CAX+hwiw3ZaO3IB+6iA LXNLB59wdRvBfAtsVck6i10xD79q7D4RitduKevJVz/JWMHheTWV6zwNK8YfbbXj+t3daw ghqFu4xrqMnK9VTMnbnqR4ajmezitL5ad2ZLVuPrVb5UcQDyUaxpe3ZNTeDUnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1706823076; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+1TqVgY0V70Kfa1jZcqKfaoj6XMsUONSH3WxYtUTWLY=; b=MGlSXPxUc2qMJKMwGJG9dAMe7d8vk4P4XGul2NvyM7qTPbJQobEpX85ISdNrjurRNYiXkJ yxLfvw8luszs8vxJ6gZzKcOXhzbZ+9+qU8mfzuydOwkZfFKp3uabJlDPuvpZXC38ytRQwP VMYndBqQPj4W+R3YMIqR/mJHVZyyUHrNjN6f4oONCrbU9TwbDcSc6NGFD1/PQcOvQbVLlW W+2dOZUAiChYgUcHv9ulgCN7XjEuSUBOGXDhJzzL3fChfyHRDOaSlxHhybpie4wMVmxbo3 FO7+zSSa8aBPkW2JoE7bG4axPNKsjFcJxW3xHbAD3eOxORiR2Wcxb2+b09ougg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1706823076; a=rsa-sha256; cv=none; b=AiXDdm2i1n+9Fx6SbW4HJszTaQP+5NQDcLFc2BkNdYGYGdpRe6b+cklDTrX1oQvyaGSGdI Mpyr07PlB3ivDgjtEsGjKuozdlmQiiVfwZ/YGPyz7EmejAsXC6SSa3gpdFcUaYnlZQ1B1G mjQKd8kr1kGXvzOuTDMxwEu8l0pa2OUhCB85NS8M29Sbibp0/Zgb3GSodAfY102l+AGPO9 1JwgiXpz92XBTHpr6h7NM+RVir3IBRtrFDsLXzalmnzDcTO/Plb0gGUNrFMxdpV5SIwgEr Fwr0sG5mpBU1LzDWNdjMHomlJCwha2oIXDJEpXDm1+rEzsiDfcNXTJ2afJQvrQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TQsXg64dPz1Hgl; Thu, 1 Feb 2024 21:31:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 411LVFLH080770; Thu, 1 Feb 2024 21:31:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 411LVFFi080767; Thu, 1 Feb 2024 21:31:15 GMT (envelope-from git) Date: Thu, 1 Feb 2024 21:31:15 GMT Message-Id: <202402012131.411LVFFi080767@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Olivier Certner Subject: git: f17cc92d15ff - stable/14 - setusercontext(): Better error messages when priority is not set correctly List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: f17cc92d15ffb4cfe59d3e268f324ffb22175424 Auto-Submitted: auto-generated The branch stable/14 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=f17cc92d15ffb4cfe59d3e268f324ffb22175424 commit f17cc92d15ffb4cfe59d3e268f324ffb22175424 Author: Olivier Certner AuthorDate: 2023-05-29 16:39:04 +0000 Commit: Olivier Certner CommitDate: 2024-02-01 21:29:35 +0000 setusercontext(): Better error messages when priority is not set correctly Polish the syslog messages to contain readily useful information. Behavior of capability 'priority' is inconsistent with what is done for all other contexts: 'umask', 'cpumask', resource limits, etc., where an absence of capability means to inherit the value. It is currently preserved for compatibility, but is subject to change on a future major release. Reviewed by: emaste, kib (older version) Approved by: emaste (mentor) MFC after: 3 days Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D40349 (cherry picked from commit d988621b0c25209866ed5a98b1a8b20269935761) Approved by: markj (mentor) --- lib/libutil/login_class.c | 51 +++++++++++++++++++++++++++++++---------------- 1 file changed, 34 insertions(+), 17 deletions(-) diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c index 33a2189277ca..9c3285736f3b 100644 --- a/lib/libutil/login_class.c +++ b/lib/libutil/login_class.c @@ -474,9 +474,7 @@ setlogincontext(login_cap_t *lc, const struct passwd *pwd, unsigned long flags) int setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned int flags) { - rlim_t p; login_cap_t *llc = NULL; - struct rtprio rtp; int error; if (lc == NULL) { @@ -493,30 +491,49 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in /* Set the process priority */ if (flags & LOGIN_SETPRIORITY) { - p = login_getcapnum(lc, "priority", LOGIN_DEFPRI, LOGIN_DEFPRI); + const rlim_t def_val = LOGIN_DEFPRI, err_val = INT64_MIN; + rlim_t p = login_getcapnum(lc, "priority", def_val, err_val); + int rc; + + if (p == err_val) { + /* Invariant: 'lc' != NULL. */ + syslog(LOG_WARNING, + "%s%s%sLogin class '%s': " + "Invalid priority specification: '%s'", + pwd ? "Login '" : "", + pwd ? pwd->pw_name : "", + pwd ? "': " : "", + lc->lc_class, + login_getcapstr(lc, "priority", "", "")); + /* Reset the priority, as if the capability was not present. */ + p = def_val; + } if (p > PRIO_MAX) { + struct rtprio rtp; + rtp.type = RTP_PRIO_IDLE; p += RTP_PRIO_MIN - (PRIO_MAX + 1); rtp.prio = p > RTP_PRIO_MAX ? RTP_PRIO_MAX : p; - if (rtprio(RTP_SET, 0, &rtp)) - syslog(LOG_WARNING, "rtprio '%s' (%s): %m", - pwd ? pwd->pw_name : "-", - lc ? lc->lc_class : LOGIN_DEFCLASS); + rc = rtprio(RTP_SET, 0, &rtp); } else if (p < PRIO_MIN) { + struct rtprio rtp; + rtp.type = RTP_PRIO_REALTIME; p += RTP_PRIO_MAX - (PRIO_MIN - 1); rtp.prio = p < RTP_PRIO_MIN ? RTP_PRIO_MIN : p; - if (rtprio(RTP_SET, 0, &rtp)) - syslog(LOG_WARNING, "rtprio '%s' (%s): %m", - pwd ? pwd->pw_name : "-", - lc ? lc->lc_class : LOGIN_DEFCLASS); - } else { - if (setpriority(PRIO_PROCESS, 0, (int)p) != 0) - syslog(LOG_WARNING, "setpriority '%s' (%s): %m", - pwd ? pwd->pw_name : "-", - lc ? lc->lc_class : LOGIN_DEFCLASS); - } + rc = rtprio(RTP_SET, 0, &rtp); + } else + rc = setpriority(PRIO_PROCESS, 0, (int)p); + + if (rc != 0) + syslog(LOG_WARNING, + "%s%s%sLogin class '%s': " + "Setting priority failed: %m", + pwd ? "Login '" : "", + pwd ? pwd->pw_name : "", + pwd ? "': " : "", + lc ? lc->lc_class : ""); } /* Setup the user's group permissions */