add rtable capability to login.conf.

from Matthew Martin
2025-01-04 23:35:36 -08:00 · 2022-03-01 01:22:11 +00:00 · 2022-03-01 01:22:11 +00:00 · 805ea04014
commit 805ea04014
parent 822b16c692
3 changed files with 20 additions and 6 deletions
--- a/include/login_cap.h
+++ b/include/login_cap.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: login_cap.h,v 1.18 2022/02/10 13:06:07 robert Exp $	*/
+/*	$OpenBSD: login_cap.h,v 1.19 2022/03/01 01:22:11 tedu Exp $	*/

 /*-
 * Copyright (c) 1995,1997 Berkeley Software Design, Inc. All rights reserved.
@ -54,7 +54,8 @@
 #define	LOGIN_SETUMASK		0x0020	/* Set umask */
 #define	LOGIN_SETUSER		0x0040	/* Set user */
 #define	LOGIN_SETENV		0x0080	/* Set environment */
-#define	LOGIN_SETALL 		0x00ff	/* Set all. */
+#define	LOGIN_SETRTABLE		0x0100	/* Set rtable */
+#define	LOGIN_SETALL 		0x01ff	/* Set all. */

 #define	BI_AUTH		"authorize"		/* Accepted authentication */
 #define	BI_REJECT	"reject"		/* Rejected authentication */
--- a/lib/libc/gen/login_cap.c
+++ b/lib/libc/gen/login_cap.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: login_cap.c,v 1.42 2022/02/26 17:42:12 millert Exp $	*/
+/*	$OpenBSD: login_cap.c,v 1.43 2022/03/01 01:22:11 tedu Exp $	*/

 /*
 * Copyright (c) 2000-2004 Todd C. Miller <millert@openbsd.org>
@ -52,6 +52,7 @@
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/resource.h>
+#include <sys/socket.h>

 #include <err.h>
 #include <errno.h>
@ -584,7 +585,7 @@ int
 setusercontext(login_cap_t *lc, struct passwd *pwd, uid_t uid, u_int flags)
 {
 	login_cap_t *flc;
-	quad_t p;
+	quad_t p, rtable;
 	int i;

 	flc = NULL;
@ -635,6 +636,14 @@ setusercontext(login_cap_t *lc, struct passwd *pwd, uid_t uid, u_int flags)
 		umask((mode_t)p);
 	}

+	if (flags & LOGIN_SETRTABLE) {
+		rtable = login_getcapnum(lc, "rtable", 0, 0);
+
+		if (setrtable((int)rtable) == -1) {
+			syslog(LOG_ERR, "%s: setrtable: %m", lc->lc_class);
+		}
+	}
+
 	if (flags & LOGIN_SETGROUP) {
 		if (setresgid(pwd->pw_gid, pwd->pw_gid, pwd->pw_gid) == -1) {
 			syslog(LOG_ERR, "setresgid(%u,%u,%u): %m",
--- a/share/man/man5/login.conf.5
+++ b/share/man/man5/login.conf.5
@ -30,10 +30,10 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $OpenBSD: login.conf.5,v 1.68 2022/02/10 13:06:07 robert Exp $
+.\" $OpenBSD: login.conf.5,v 1.69 2022/03/01 01:22:11 tedu Exp $
 .\" BSDI $From: login.conf.5,v 2.20 2000/06/26 14:50:38 prb Exp $
 .\"
-.Dd $Mdocdate: February 10 2022 $
+.Dd $Mdocdate: March 1 2022 $
 .Dt LOGIN.CONF 5
 .Os
 .Sh NAME
@ -284,6 +284,10 @@ Initial priority (nice) level.
 Require home directory to login.
 .\"
 .Pp
+.It rtable Ta number Ta Dv 0 Ta
+Rtable to be set for the class.
+.\"
+.Pp
 .It setenv Ta envlist Ta "" Ta
 A list of environment variables and associated values to be set for the class.
 .\"