From nobody Mon Jan 29 22:32:14 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TP32Q5Z0dz57ZY7; Mon, 29 Jan 2024 22:32:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TP32Q3bWsz4g7f; Mon, 29 Jan 2024 22:32:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1706567534; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rixTfZl1k9GVNf0EHghs4U9PXgbr0yJKqBYtvsvDVeE=; b=wbQm8XfntVSXJR+EMlWyzzAJod6QQtq6Kq+1p9PMPyTfxJ3dWIFI7r0l9tkdVUKIo7Gcrx Vg7y1a2yhS+xiVvOMTlTLWjCk4UzWPefB0r2UjKQSFpe1RhSTGyeaUlpE9xUxWjvN1JkAu gg8qtVGv/xUX1d1wVCwHdrF5YKP/nhcDolz3h+lsMiU9mp17WbZbIylWcev2jmrX5rG0ca 2/fZKj8dw6R0Ne3Wy1/i20l1GIKURL66t6PLUEBBzjbFYwTDVwVyctJ7UBAciRMLzJAiZU 8wk5WgVDzxhjB4XaKtD+KAKl2f1GepswtawGXnk3Z31MOw0IkPsIIxoIIl3aEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1706567534; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rixTfZl1k9GVNf0EHghs4U9PXgbr0yJKqBYtvsvDVeE=; b=qP0DM0700/FVzwYsb9MkVBKF7oaLMExxIvg981iyqs50J0JPBGvSMcJ8Jp5PsHTvfdm8+o EsNVTu2FhiPpbSW37U010hKwEBJrY2lJNeHzOFPhwQpIKsgAgicsc8/o/0m0erthpPDB6b /3x8CDXYlbzM/w+YtYV5KUA4bOoyuVgG6pKU3h8lPCSsHdYg/yy2aPNe1V5L6xN/Oh+QMp uBNTWhp8notquciswSZeiZ1uj3SQQH3n5aCWFPd2DMbKyZ5aXL1MsgPgfXTCrEWkB9ZwUH oU66plI1eCfwuP5VFr3PKhExIFDvte2RWmHeG/f+dVFotEtSQpViXhTNdfhTkQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1706567534; a=rsa-sha256; cv=none; b=CH/fjEquMta0X9C1ty9awDjRBcgbhM1NB8vnLLCGg5LmjIkXzY+GQkQs1pl1B+Ok045BYv PRUBq51mbhXslY0M6cbGn/83qgiwyH0DKpoMpItaM4VpD9q6IDk4cz6N2pJUv7LJ4gsAaU lfk0O6lZkfpL6o5TanjDDqC3USpnG9kyZM3L8034XMSMjxPua9PGwGqOctXtX1Iup4EnCu rHxCLuvGvNoUL6VeDGf4awZTZfrtA+/B7IYZuXLJnG64OU49yd1Qr810SSMjE5YjGlmk9z 0JXNDNwC9OnswzOw57UIoR1st+kr+6IXrMAdH2GUC7eEAKrS8VmQx3K3LfFALg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TP32Q2hyhz18TD; Mon, 29 Jan 2024 22:32:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 40TMWEJ7013627; Mon, 29 Jan 2024 22:32:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 40TMWEZY013624; Mon, 29 Jan 2024 22:32:14 GMT (envelope-from git) Date: Mon, 29 Jan 2024 22:32:14 GMT Message-Id: <202401292232.40TMWEZY013624@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: d988621b0c25 - main - setusercontext(): Better error messages when priority is not set correctly List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d988621b0c25209866ed5a98b1a8b20269935761 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=d988621b0c25209866ed5a98b1a8b20269935761 commit d988621b0c25209866ed5a98b1a8b20269935761 Author: Olivier Certner AuthorDate: 2023-05-29 16:39:04 +0000 Commit: Olivier Certner CommitDate: 2024-01-29 21:58:07 +0000 setusercontext(): Better error messages when priority is not set correctly Polish the syslog messages to contain readily useful information. Behavior of capability 'priority' is inconsistent with what is done for all other contexts: 'umask', 'cpumask', resource limits, etc., where an absence of capability means to inherit the value. It is currently preserved for compatibility, but is subject to change on a future major release. Reviewed by: emaste, kib (older version) Approved by: emaste (mentor) MFC after: 3 days Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D40349 --- lib/libutil/login_class.c | 51 +++++++++++++++++++++++++++++++---------------- 1 file changed, 34 insertions(+), 17 deletions(-) diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c index ee0cec3423f5..269349a49dad 100644 --- a/lib/libutil/login_class.c +++ b/lib/libutil/login_class.c @@ -473,9 +473,7 @@ setlogincontext(login_cap_t *lc, const struct passwd *pwd, unsigned long flags) int setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned int flags) { - rlim_t p; login_cap_t *llc = NULL; - struct rtprio rtp; int error; if (lc == NULL) { @@ -492,30 +490,49 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in /* Set the process priority */ if (flags & LOGIN_SETPRIORITY) { - p = login_getcapnum(lc, "priority", LOGIN_DEFPRI, LOGIN_DEFPRI); + const rlim_t def_val = LOGIN_DEFPRI, err_val = INT64_MIN; + rlim_t p = login_getcapnum(lc, "priority", def_val, err_val); + int rc; + + if (p == err_val) { + /* Invariant: 'lc' != NULL. */ + syslog(LOG_WARNING, + "%s%s%sLogin class '%s': " + "Invalid priority specification: '%s'", + pwd ? "Login '" : "", + pwd ? pwd->pw_name : "", + pwd ? "': " : "", + lc->lc_class, + login_getcapstr(lc, "priority", "", "")); + /* Reset the priority, as if the capability was not present. */ + p = def_val; + } if (p > PRIO_MAX) { + struct rtprio rtp; + rtp.type = RTP_PRIO_IDLE; p += RTP_PRIO_MIN - (PRIO_MAX + 1); rtp.prio = p > RTP_PRIO_MAX ? RTP_PRIO_MAX : p; - if (rtprio(RTP_SET, 0, &rtp)) - syslog(LOG_WARNING, "rtprio '%s' (%s): %m", - pwd ? pwd->pw_name : "-", - lc ? lc->lc_class : LOGIN_DEFCLASS); + rc = rtprio(RTP_SET, 0, &rtp); } else if (p < PRIO_MIN) { + struct rtprio rtp; + rtp.type = RTP_PRIO_REALTIME; p += RTP_PRIO_MAX - (PRIO_MIN - 1); rtp.prio = p < RTP_PRIO_MIN ? RTP_PRIO_MIN : p; - if (rtprio(RTP_SET, 0, &rtp)) - syslog(LOG_WARNING, "rtprio '%s' (%s): %m", - pwd ? pwd->pw_name : "-", - lc ? lc->lc_class : LOGIN_DEFCLASS); - } else { - if (setpriority(PRIO_PROCESS, 0, (int)p) != 0) - syslog(LOG_WARNING, "setpriority '%s' (%s): %m", - pwd ? pwd->pw_name : "-", - lc ? lc->lc_class : LOGIN_DEFCLASS); - } + rc = rtprio(RTP_SET, 0, &rtp); + } else + rc = setpriority(PRIO_PROCESS, 0, (int)p); + + if (rc != 0) + syslog(LOG_WARNING, + "%s%s%sLogin class '%s': " + "Setting priority failed: %m", + pwd ? "Login '" : "", + pwd ? pwd->pw_name : "", + pwd ? "': " : "", + lc ? lc->lc_class : ""); } /* Setup the user's group permissions */