From nobody Mon Jan 29 22:32:04 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TP32D4R7Nz57ZGP;
	Mon, 29 Jan 2024 22:32:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4TP32D33K3z4fkF;
	Mon, 29 Jan 2024 22:32:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1706567524;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=iTilW516EuOUHBs4W3DM813TnE0iritEzIBPXEdn4KA=;
	b=InNggDf4R5ZrlshgRPuqHBia7ycFpDl0ik8ZlEdLgxN5bZAvzqediDc0O26PVGXCyS4d4I
	mIzTrHt7u/i1E1T/WBWDC4HHwT9wePGdbSdpFPi4QxIl4h7p7AMnY60MxSYSFGWq9KbsOT
	suSZzrPyXVHwlpqlvo/kNQ3h/z4u8WcBrf3sP/WqNhes2dT4dTqb9j51cDgflBPoQG7sYm
	qnpz/VQ8NHLHBDI/Ykb069E2N9YjZC87ElUrwyIUanzqDjgSTp5kTN3yGa0K5t6DKzsbGs
	UIXFvIVinmtTi0l1aBE5AV69kgPy3OJBuQ64T59BN8WjHL5gdpG7rsk90P+Z4Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1706567524;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=iTilW516EuOUHBs4W3DM813TnE0iritEzIBPXEdn4KA=;
	b=gZQbfzFPm38VEqUJvcdC9sfqGcU345n0BS7BZbgHKwWno/tJ22fHLpRIJ5kbZAjjS7ITrR
	rSq2DUqfXRk1IMB29ox4QXiZ0YDI3KWeQ0hsPBUQbPJBLkmc5AiPhTZhLNsNkd+E+Zd75k
	UontoFyjFWpn9AzLKt1r1Uod647bZ4FDkOWpo9U6+FOnBiKq6xm6Z/+YDMJSrGKpVpsB69
	eBVUs/Y+m1TDqfJoMQszyyYOdhOOeQ4ED3bNsB9a23qNNbuj0BP32ZtrWxwo4vBa/EMzXt
	Nn01jAx8oeARNESCHFtYZRXgoOl54fyj+o+tNpmcdhls02xZVTdelNsyTcCPMw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1706567524; a=rsa-sha256; cv=none;
	b=df6yauL17ZL6XnM9erG6pVP89546Jj0ntF4E59RFOWAoVdvNIRBqs6Bp5IRvKN3UOSKL1k
	4XK0gyXV6+WypSus6tP3k5v9O1udjwRKXm4Aow4xskH0ep/Ebk0Q27F0uERbgGVhAxoEy+
	TIewRdP8GDJDXVGtOpwZEQEujWG4RS4ufMb+oYACdhOItBZD+JXz5IBqbYS+Y22rPt8DaJ
	9E9MZcVRcjMV9xIQs/UDSw+ZAFo5v6vg+e6c5aTPOe/64K+4WT2vWeO7OmQGJKrh0xXkn2
	08peIyb/T38ierNr7BzDFkVgIlbtGWU1BgPdsD7MdtPOHFFqnVQ6RNQbKqXc1A==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TP32D27yTz18fw;
	Mon, 29 Jan 2024 22:32:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 40TMW4rp011806;
	Mon, 29 Jan 2024 22:32:04 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 40TMW490011790;
	Mon, 29 Jan 2024 22:32:04 GMT
	(envelope-from git)
Date: Mon, 29 Jan 2024 22:32:04 GMT
Message-Id: <202401292232.40TMW490011790@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: e99c28e93bd4 - main - setusercontext(): umask: Set
  it only once (in the common case)
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: e99c28e93bd4d04ff877459734e9ce06ad2335a7
Auto-Submitted: auto-generated

The branch main has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=e99c28e93bd4d04ff877459734e9ce06ad2335a7

commit e99c28e93bd4d04ff877459734e9ce06ad2335a7
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2023-05-25 12:18:45 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2024-01-29 21:57:58 +0000

    setusercontext(): umask: Set it only once (in the common case)
    
    Simplify the code and make it more coherent (umask was the only context
    setting not modified by setlogincontext() directly).
    
    Preserve the current behavior of not changing the umask if none is
    specified in the login class capabilities database, but without the
    superfluous umask() dance.  (The only exception to this is that
    a special value no user is likely to input in the database now stands
    for no specification.)
    
    If some user has a 'umask' override in its '~/.login_conf', the umask
    will still be set twice as before (as is the case for all other context
    settings overriden in '~/.login_conf').
    
    Log a warning in case of an invalid umask specification.
    
    This change makes it apparent that the value of LOGIN_DEFUMASK doesn't
    matter.  It will be removed in a subsequent commit.
    
    PR:                     271747
    Reviewed by:            emaste, kib (earlier version)
    Approved by:            emaste
    MFC after:              3 days
    Sponsored by:           Kumacom SAS
    Differential Revision:  https://reviews.freebsd.org/D40344
---
 lib/libutil/login_class.c | 45 +++++++++++++++++++++++++++++++--------------
 1 file changed, 31 insertions(+), 14 deletions(-)

diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c
index 4df6ac765595..e578925214bd 100644
--- a/lib/libutil/login_class.c
+++ b/lib/libutil/login_class.c
@@ -37,6 +37,7 @@
 #include <login_cap.h>
 #include <paths.h>
 #include <pwd.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -384,17 +385,40 @@ setclasscontext(const char *classname, unsigned int flags)
  * Private function which takes care of processing
  */
 
-static mode_t
-setlogincontext(login_cap_t *lc, const struct passwd *pwd,
-		mode_t mymask, unsigned long flags)
+static void
+setlogincontext(login_cap_t *lc, const struct passwd *pwd, unsigned long flags)
 {
     if (lc) {
 	/* Set resources */
 	if (flags & LOGIN_SETRESOURCES)
 	    setclassresources(lc);
 	/* See if there's a umask override */
-	if (flags & LOGIN_SETUMASK)
-	    mymask = (mode_t)login_getcapnum(lc, "umask", mymask, mymask);
+	if (flags & LOGIN_SETUMASK) {
+	    /*
+	     * Make it unlikely that someone would input our default sentinel
+	     * indicating no specification.
+	     */
+	    const rlim_t def_val = INT64_MIN + 1, err_val = INT64_MIN;
+	    const rlim_t val = login_getcapnum(lc, "umask", def_val, err_val);
+
+	    if (val != def_val) {
+		if (val < 0 || val > UINT16_MAX) {
+		    /* We get here also on 'err_val'. */
+		    syslog(LOG_WARNING,
+			"%s%s%sLogin class '%s': "
+			"Invalid umask specification: '%s'",
+			pwd ? "Login '" : "",
+			pwd ? pwd->pw_name : "",
+			pwd ? "': " : "",
+			lc->lc_class,
+			login_getcapstr(lc, "umask", "", ""));
+		} else {
+		    const mode_t mode = val;
+
+		    umask(mode);
+		}
+	    }
+	}
 	/* Set paths */
 	if (flags & LOGIN_SETPATH)
 	    setclassenvironment(lc, pwd, 1);
@@ -405,7 +429,6 @@ setlogincontext(login_cap_t *lc, const struct passwd *pwd,
 	if (flags & LOGIN_SETCPUMASK)
 	    setclasscpumask(lc);
     }
-    return (mymask);
 }
 
 
@@ -428,7 +451,6 @@ int
 setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned int flags)
 {
     rlim_t	p;
-    mode_t	mymask;
     login_cap_t *llc = NULL;
     struct rtprio rtp;
     int error;
@@ -532,8 +554,7 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in
 	}
     }
 
-    mymask = (flags & LOGIN_SETUMASK) ? umask(LOGIN_DEFUMASK) : 0;
-    mymask = setlogincontext(lc, pwd, mymask, flags);
+    setlogincontext(lc, pwd, flags);
     login_close(llc);
 
     /* This needs to be done after anything that needs root privs */
@@ -546,13 +567,9 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in
      * Now, we repeat some of the above for the user's private entries
      */
     if (geteuid() == uid && (lc = login_getuserclass(pwd)) != NULL) {
-	mymask = setlogincontext(lc, pwd, mymask, flags);
+	setlogincontext(lc, pwd, flags);
 	login_close(lc);
     }
 
-    /* Finally, set any umask we've found */
-    if (flags & LOGIN_SETUMASK)
-	umask(mymask);
-
     return (0);
 }