From: tedu <tedu@openbsd.org>
Date: Tue, 1 Mar 2022 01:22:11 +0000 (+0000)
Subject: add rtable capability to login.conf.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=805ea040149ef137c7670b983c0b08243df8ca2b;p=openbsd

add rtable capability to login.conf.
from Matthew Martin
---

diff --git a/include/login_cap.h b/include/login_cap.h
index 2af57a72c4b..7c8cc19b98b 100644
--- a/include/login_cap.h
+++ b/include/login_cap.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: login_cap.h,v 1.18 2022/02/10 13:06:07 robert Exp $	*/
+/*	$OpenBSD: login_cap.h,v 1.19 2022/03/01 01:22:11 tedu Exp $	*/
 
 /*-
  * Copyright (c) 1995,1997 Berkeley Software Design, Inc. All rights reserved.
@@ -54,7 +54,8 @@
 #define	LOGIN_SETUMASK		0x0020	/* Set umask */
 #define	LOGIN_SETUSER		0x0040	/* Set user */
 #define	LOGIN_SETENV		0x0080	/* Set environment */
-#define	LOGIN_SETALL 		0x00ff	/* Set all. */
+#define	LOGIN_SETRTABLE		0x0100	/* Set rtable */
+#define	LOGIN_SETALL 		0x01ff	/* Set all. */
 
 #define	BI_AUTH		"authorize"		/* Accepted authentication */
 #define	BI_REJECT	"reject"		/* Rejected authentication */
diff --git a/lib/libc/gen/login_cap.c b/lib/libc/gen/login_cap.c
index 89dbcb32243..40b1ec4888d 100644
--- a/lib/libc/gen/login_cap.c
+++ b/lib/libc/gen/login_cap.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: login_cap.c,v 1.42 2022/02/26 17:42:12 millert Exp $	*/
+/*	$OpenBSD: login_cap.c,v 1.43 2022/03/01 01:22:11 tedu Exp $	*/
 
 /*
  * Copyright (c) 2000-2004 Todd C. Miller <millert@openbsd.org>
@@ -52,6 +52,7 @@
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/resource.h>
+#include <sys/socket.h>
 
 #include <err.h>
 #include <errno.h>
@@ -584,7 +585,7 @@ int
 setusercontext(login_cap_t *lc, struct passwd *pwd, uid_t uid, u_int flags)
 {
 	login_cap_t *flc;
-	quad_t p;
+	quad_t p, rtable;
 	int i;
 
 	flc = NULL;
@@ -635,6 +636,14 @@ setusercontext(login_cap_t *lc, struct passwd *pwd, uid_t uid, u_int flags)
 		umask((mode_t)p);
 	}
 
+	if (flags & LOGIN_SETRTABLE) {
+		rtable = login_getcapnum(lc, "rtable", 0, 0);
+
+		if (setrtable((int)rtable) == -1) {
+			syslog(LOG_ERR, "%s: setrtable: %m", lc->lc_class);
+		}
+	}
+
 	if (flags & LOGIN_SETGROUP) {
 		if (setresgid(pwd->pw_gid, pwd->pw_gid, pwd->pw_gid) == -1) {
 			syslog(LOG_ERR, "setresgid(%u,%u,%u): %m",
diff --git a/share/man/man5/login.conf.5 b/share/man/man5/login.conf.5
index 745e27ee121..d114909983c 100644
--- a/share/man/man5/login.conf.5
+++ b/share/man/man5/login.conf.5
@@ -30,10 +30,10 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $OpenBSD: login.conf.5,v 1.68 2022/02/10 13:06:07 robert Exp $
+.\" $OpenBSD: login.conf.5,v 1.69 2022/03/01 01:22:11 tedu Exp $
 .\" BSDI $From: login.conf.5,v 2.20 2000/06/26 14:50:38 prb Exp $
 .\"
-.Dd $Mdocdate: February 10 2022 $
+.Dd $Mdocdate: March 1 2022 $
 .Dt LOGIN.CONF 5
 .Os
 .Sh NAME
@@ -284,6 +284,10 @@ Initial priority (nice) level.
 Require home directory to login.
 .\"
 .Pp
+.It rtable Ta number Ta Dv 0 Ta
+Rtable to be set for the class.
+.\"
+.Pp
 .It setenv Ta envlist Ta "" Ta
 A list of environment variables and associated values to be set for the class.
 .\"