Re: Login not reading /etc/login.conf.db

To: christos%zoulas.com@localhost (Christos Zoulas)
Subject: Re: Login not reading /etc/login.conf.db
From: "D'Arcy J.M. Cain" <darcy%NetBSD.org@localhost>
Date: Thu, 26 Jun 2014 09:29:21 -0400

On Thu, 26 Jun 2014 08:57:52 -0400
christos%zoulas.com@localhost (Christos Zoulas) wrote:
> What I've been thinking is to add a getcap1() call that takes a flags
> argument and if the flags == 1, does the secure_file() check on the
> databases it opens. But this is a 1/2 baked thought.

Yes, I was thinking along those lines as well.  I guess it doesn't
really need to duplicate code.  Something like this assuming that
cgetent1 exists.  Note that my version always returns the defaults if
there is an error.

Index: login_cap.c
===================================================================
RCS file: /cvsroot/src/lib/libutil/login_cap.c,v
retrieving revision 1.31
diff -u -r1.31 login_cap.c
--- login_cap.c 29 Jun 2013 04:52:55 -0000  1.31
+++ login_cap.c 26 Jun 2014 13:25:43 -0000
@@ -77,12 +77,8 @@

    /* class may be NULL */

-   if (secure_path(_PATH_LOGIN_CONF) == 0) {
-       classfiles[0] = _PATH_LOGIN_CONF;
-       classfiles[1] = NULL;
-   } else {
-       classfiles[0] = NULL;
-   }
+   classfiles[0] = _PATH_LOGIN_CONF;
+   classfiles[1] = NULL;

    if ((lc = malloc(sizeof(login_cap_t))) == NULL) {
        syslog(LOG_ERR, "%s:%d malloc: %m", __FILE__, __LINE__);
@@ -102,41 +98,31 @@
    }

    /*
-    * Not having a login.conf file is not an error condition.
+    * Not having a valid login.conf file is not an error condition.
     * The individual routines deal reasonably with missing
     * capabilities and use default values.
     */
-   if (classfiles[0] == NULL)
-       return(lc);

-   if ((res = cgetent(&lc->lc_cap, classfiles, lc->lc_class)) != 0) {
+   if ((res = cgetent1(&lc->lc_cap, classfiles, lc->lc_class)) != 0) {
        lc->lc_cap = 0;
        switch (res) {
        case 1:
-           syslog(LOG_ERR, "%s: couldn't resolve 'tc'",
-               lc->lc_class);
+           syslog(LOG_ERR, "%s: couldn't resolve 'tc'", lc->lc_class);
            break;
        case -1:
-           if (strcmp(lc->lc_class, LOGIN_DEFCLASS) == 0)
-               return (lc);
            syslog(LOG_ERR, "%s: unknown class", lc->lc_class);
            break;
        case -2:
-           syslog(LOG_ERR, "%s: getting class information: %m",
-               lc->lc_class);
+           syslog(LOG_ERR, "%s: getting class information: %m",
  lc->lc_class); break;
        case -3:
-           syslog(LOG_ERR, "%s: 'tc' reference loop",
-               lc->lc_class);
+           syslog(LOG_ERR, "%s: 'tc' reference loop", lc->lc_class);
            break;  
        default:
-           syslog(LOG_ERR, "%s: unexpected cgetent error",
-               lc->lc_class);
+           syslog(LOG_ERR, "%s: unexpected cgetent error",
  lc->lc_class); break;
        }
-       free(lc->lc_class); 
-       free(lc);
-       return (0);
+       syslog(LOG_ERR, "using defaults")
    }
    return (lc);
 }  



-- 
D'Arcy J.M. Cain <darcy%NetBSD.org@localhost>
http://www.NetBSD.org/ IM:darcy%Vex.Net@localhost

Follow-Ups:
- Re: Login not reading /etc/login.conf.db
  - From: D'Arcy J.M. Cain

References:
- Re: Login not reading /etc/login.conf.db
  - From: D'Arcy J.M. Cain
- Re: Login not reading /etc/login.conf.db
  - From: Christos Zoulas

Prev by Date: Re: Login not reading /etc/login.conf.db
Next by Date: Re: Login not reading /etc/login.conf.db
Previous by Thread: Re: Login not reading /etc/login.conf.db
Next by Thread: Re: Login not reading /etc/login.conf.db
Indexes:

Home | Main Index | Thread Index | Old Index