add rtable capability to login.conf.

from Matthew Martin

diff --git a/include/login_cap.h b/include/login_cap.h
index 2af57a7..7c8cc19 100644 (file)
--- a/include/login_cap.h
+++ b/include/login_cap.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: login_cap.h,v 1.18 2022/02/10 13:06:07 robert Exp $   */
+/*     $OpenBSD: login_cap.h,v 1.19 2022/03/01 01:22:11 tedu Exp $     */
 
 /*-
  * Copyright (c) 1995,1997 Berkeley Software Design, Inc. All rights reserved.
@@ -54,7 +54,8 @@
 #define        LOGIN_SETUMASK          0x0020  /* Set umask */
 #define        LOGIN_SETUSER           0x0040  /* Set user */
 #define        LOGIN_SETENV            0x0080  /* Set environment */
-#define        LOGIN_SETALL            0x00ff  /* Set all. */
+#define        LOGIN_SETRTABLE         0x0100  /* Set rtable */
+#define        LOGIN_SETALL            0x01ff  /* Set all. */
 
 #define        BI_AUTH         "authorize"             /* Accepted authentication */
 #define        BI_REJECT       "reject"                /* Rejected authentication */

diff --git a/lib/libc/gen/login_cap.c b/lib/libc/gen/login_cap.c
index 89dbcb3..40b1ec4 100644 (file)
--- a/lib/libc/gen/login_cap.c
+++ b/lib/libc/gen/login_cap.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: login_cap.c,v 1.42 2022/02/26 17:42:12 millert Exp $  */
+/*     $OpenBSD: login_cap.c,v 1.43 2022/03/01 01:22:11 tedu Exp $     */
 
 /*
  * Copyright (c) 2000-2004 Todd C. Miller <millert@openbsd.org>
@@ -52,6 +52,7 @@
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/resource.h>
+#include <sys/socket.h>
 
 #include <err.h>
 #include <errno.h>
@@ -584,7 +585,7 @@ int
 setusercontext(login_cap_t *lc, struct passwd *pwd, uid_t uid, u_int flags)
 {
        login_cap_t *flc;
-       quad_t p;
+       quad_t p, rtable;
        int i;
 
        flc = NULL;
@@ -635,6 +636,14 @@ setusercontext(login_cap_t *lc, struct passwd *pwd, uid_t uid, u_int flags)
                umask((mode_t)p);
        }
 
+       if (flags & LOGIN_SETRTABLE) {
+               rtable = login_getcapnum(lc, "rtable", 0, 0);
+
+               if (setrtable((int)rtable) == -1) {
+                       syslog(LOG_ERR, "%s: setrtable: %m", lc->lc_class);
+               }
+       }
+
        if (flags & LOGIN_SETGROUP) {
                if (setresgid(pwd->pw_gid, pwd->pw_gid, pwd->pw_gid) == -1) {
                        syslog(LOG_ERR, "setresgid(%u,%u,%u): %m",

diff --git a/share/man/man5/login.conf.5 b/share/man/man5/login.conf.5
index 745e27e..d114909 100644 (file)
--- a/share/man/man5/login.conf.5
+++ b/share/man/man5/login.conf.5
@@ -30,10 +30,10 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $OpenBSD: login.conf.5,v 1.68 2022/02/10 13:06:07 robert Exp $
+.\" $OpenBSD: login.conf.5,v 1.69 2022/03/01 01:22:11 tedu Exp $
 .\" BSDI $From: login.conf.5,v 2.20 2000/06/26 14:50:38 prb Exp $
 .\"
-.Dd $Mdocdate: February 10 2022 $
+.Dd $Mdocdate: March 1 2022 $
 .Dt LOGIN.CONF 5
 .Os
 .Sh NAME
@@ -284,6 +284,10 @@ Initial priority (nice) level.
 Require home directory to login.
 .\"
 .Pp
+.It rtable Ta number Ta Dv 0 Ta
+Rtable to be set for the class.
+.\"
+.Pp
 .It setenv Ta envlist Ta "" Ta
 A list of environment variables and associated values to be set for the class.
 .\"