From 15dba4e47f2d309e392b252f2f56b6b9e8ec1b12 Mon Sep 17 00:00:00 2001 From: jcs Date: Wed, 20 Apr 2022 21:55:17 +0000 Subject: [PATCH] Use glob to expand wildcards in "other device" paths rather than a custom implementation that only allowed matching all files in a directory. ok millert --- lib/libutil/login_fbtab.c | 60 ++++++++++++++------------------------- share/man/man5/fbtab.5 | 19 ++++++------- 2 files changed, 29 insertions(+), 50 deletions(-) diff --git a/lib/libutil/login_fbtab.c b/lib/libutil/login_fbtab.c index 5eacf4f65ff..cd76da264f7 100644 --- a/lib/libutil/login_fbtab.c +++ b/lib/libutil/login_fbtab.c @@ -1,4 +1,4 @@ -/* $OpenBSD: login_fbtab.c,v 1.16 2015/11/27 01:57:59 mmcc Exp $ */ +/* $OpenBSD: login_fbtab.c,v 1.17 2022/04/20 21:55:17 jcs Exp $ */ /************************************************************************ * Copyright 1995 by Wietse Venema. All rights reserved. Some individual @@ -61,8 +61,8 @@ #include #include -#include #include +#include #include #include #include @@ -134,49 +134,31 @@ login_fbtab(const char *tty, uid_t uid, gid_t gid) static void login_protect(const char *path, mode_t mask, uid_t uid, gid_t gid) { - char buf[PATH_MAX]; - size_t pathlen = strlen(path); - DIR *dir; - struct dirent *ent; + glob_t g; + size_t n; + char *gpath; - if (pathlen >= sizeof(buf)) { + if (strlen(path) >= PATH_MAX) { errno = ENAMETOOLONG; syslog(LOG_ERR, "%s: %s: %m", _PATH_FBTAB, path); return; } - if (strcmp("/*", path + pathlen - 2) != 0) { - if (chmod(path, mask) && errno != ENOENT) - syslog(LOG_ERR, "%s: chmod(%s): %m", _PATH_FBTAB, path); - if (chown(path, uid, gid) && errno != ENOENT) - syslog(LOG_ERR, "%s: chown(%s): %m", _PATH_FBTAB, path); - } else { - /* - * This is a wildcard directory (/path/to/whatever/ * ). - * Make a copy of path without the trailing '*' (but leave - * the trailing '/' so we can append directory entries.) - */ - memcpy(buf, path, pathlen - 1); - buf[pathlen - 1] = '\0'; - if ((dir = opendir(buf)) == NULL) { - syslog(LOG_ERR, "%s: opendir(%s): %m", _PATH_FBTAB, - path); - return; - } + if (glob(path, GLOB_NOSORT, NULL, &g) != 0) { + if (errno != ENOENT) + syslog(LOG_ERR, "%s: glob(%s): %m", _PATH_FBTAB, path); + globfree(&g); + return; + } - while ((ent = readdir(dir)) != NULL) { - if (strcmp(ent->d_name, ".") != 0 && - strcmp(ent->d_name, "..") != 0) { - buf[pathlen - 1] = '\0'; - if (strlcat(buf, ent->d_name, sizeof(buf)) - >= sizeof(buf)) { - errno = ENAMETOOLONG; - syslog(LOG_ERR, "%s: %s: %m", - _PATH_FBTAB, path); - } else - login_protect(buf, mask, uid, gid); - } - } - closedir(dir); + for (n = 0; n < g.gl_matchc; n++) { + gpath = g.gl_pathv[n]; + + if (chmod(gpath, mask) && errno != ENOENT) + syslog(LOG_ERR, "%s: chmod(%s): %m", _PATH_FBTAB, gpath); + if (chown(gpath, uid, gid) && errno != ENOENT) + syslog(LOG_ERR, "%s: chown(%s): %m", _PATH_FBTAB, gpath); } + + globfree(&g); } diff --git a/share/man/man5/fbtab.5 b/share/man/man5/fbtab.5 index 13dfb634b67..fa7672d6f17 100644 --- a/share/man/man5/fbtab.5 +++ b/share/man/man5/fbtab.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: fbtab.5,v 1.14 2014/09/08 01:27:55 schwarze Exp $ +.\" $OpenBSD: fbtab.5,v 1.15 2022/04/20 21:55:17 jcs Exp $ .\" .\" Copyright (c) 1996 Theo de Raadt .\" All rights reserved. @@ -23,7 +23,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 8 2014 $ +.Dd $Mdocdate: April 20 2022 $ .Dt FBTAB 5 .Os .Sh NAME @@ -51,15 +51,11 @@ An octal permission number (0600), as used by .It Other devices The final field is a colon .Pq Ql \&: -delimited list of devices (e.g., -.Dq /dev/console:/dev/fd0a ) . -All device names are absolute paths. -A path that ends in -.Dq /\&* -refers to all directory entries except -.Dq \&. -and -.Dq \&.\&. . +delimited list of device paths (e.g., +.Dq /dev/console:/dev/fd0a:/dev/wskbd* ) . +Device paths may include shell-style globbing patterns (see +.Xr glob 7 ) , +potentially matching multiple devices. .El .Pp The @@ -84,5 +80,6 @@ the files once again belonging to root. .Xr login 1 , .Xr login_fbtab 3 , .Xr init 8 +.Xr glob 7 .Sh AUTHORS .An Guido van Rooij -- 2.20.1