diff options
| author |   Yaroslav Tykhiy <ytykhiy@gmail.com> | 2007-06-14 06:42:49 +0000 |
|---|---|---|
| committer | Yaroslav Tykhiy <ytykhiy@gmail.com> | 2007-06-14 06:42:49 +0000 |
| commit | 62728a54e9ae4be5dbfe2154fcc9db74b215ba49 (patch) | |
| tree | 3598796cb686a56b76f45bc91d2aba51e78d1984 /libutil | |
| parent | 1bcc04152afcff0ed7b48bc1b11b45519599da5d (diff) | |
| download | pw-darwin-62728a54e9ae4be5dbfe2154fcc9db74b215ba49.tar.gz pw-darwin-62728a54e9ae4be5dbfe2154fcc9db74b215ba49.tar.zst pw-darwin-62728a54e9ae4be5dbfe2154fcc9db74b215ba49.zip | |
Update some comments, mostly regarding LOGIN_MECLASS and ~/.login_conf.
Diffstat (limited to 'libutil')
| -rw-r--r-- | libutil/login_cap.c | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/libutil/login_cap.c b/libutil/login_cap.c index 6d965e3..529ce82 100644 --- a/libutil/login_cap.c +++ b/libutil/login_cap.c @@ -169,13 +169,16 @@ login_close(login_cap_t * lc) /* - * login_getclassbyname() get the login class by its name. + * login_getclassbyname() + * Get the login class by its name. * If the name given is NULL or empty, the default class - * LOGIN_DEFCLASS (ie. "default") is fetched. If the + * LOGIN_DEFCLASS (i.e., "default") is fetched. + * If the name given is LOGIN_MECLASS and * 'pwd' argument is non-NULL and contains an non-NULL * dir entry, then the file _FILE_LOGIN_CONF is picked * up from that directory and used before the system - * login database. + * login database. In that case the system login database + * is looked up using LOGIN_MECLASS, too, which is a bug. * Return a filled-out login_cap_t structure, including * class name, and the capability record buffer. */ @@ -216,6 +219,9 @@ login_getclassbyname(char const *name, const struct passwd *pwd) if (_secure_path(userpath, pwd->pw_uid, pwd->pw_gid) != -1) i++; /* only use 'secure' data */ } + /* + * XXX: Why to add the system database if the class is `me'? + */ if (_secure_path(_PATH_LOGIN_CONF, 0, 0) != -1) login_dbarray[i++] = _PATH_LOGIN_CONF; login_dbarray[i] = NULL; @@ -300,12 +306,13 @@ login_getclass(const char *cls) /* - * login_getclass() + * login_getpwclass() * Get the login class for a given password entry from * the system (only) login class database. * If the password entry's class field is not set, or * the class specified does not exist, then use the - * default of LOGIN_DEFCLASS (ie. "default"). + * default of LOGIN_DEFCLASS (i.e., "default") for an unprivileged + * user or that of LOGIN_DEFROOTCLASS (i.e., "root") for a super-user. * Return a filled-out login_cap_t structure, including * class name, and the capability record buffer. */ @@ -320,14 +327,18 @@ login_getpwclass(const struct passwd *pwd) if (cls == NULL || *cls == '\0') cls = (pwd->pw_uid == 0) ? LOGIN_DEFROOTCLASS : LOGIN_DEFCLASS; } + /* + * XXX: pwd should be unused by login_getclassbyname() unless cls is `me', + * so NULL can be passed instead of pwd for more safety. + */ return login_getclassbyname(cls, pwd); } /* * login_getuserclass() - * Get the login class for a given password entry, allowing user - * overrides via ~/.login_conf. + * Get the `me' login class, allowing user overrides via ~/.login_conf. + * Note that user overrides are allowed only in the `me' class. */ login_cap_t * @@ -337,7 +348,6 @@ login_getuserclass(const struct passwd *pwd) } - /* * login_getcapstr() * Given a login_cap entry, and a capability name, return the |