spelling fixes; from paul tagliamonte
any changes not taken noted on tech, but chiefly here i did not take the
cancelation - cancellation changes;

setclasscontext: support LOGIN_SETRTABLE too
Do not clear LOGIN_SETRTABLE if it is set in flags.
OK deraadt@

setusercontext: only call setrtable(2) if "rtable" set explicitly.
When LOGIN_SETRTABLE is set in flags, only call setrtable(2) if
there is an "rtable" entry in login.conf. Previously, a default
val

setusercontext: only call setrtable(2) if "rtable" set explicitly.
When LOGIN_SETRTABLE is set in flags, only call setrtable(2) if
there is an "rtable" entry in login.conf. Previously, a default
value of 0 was used if the capability was missing. That had the
effect of resetting the rtable for every program that uses
setusercontext(3), even if a different rtable was chosen by, e.g.,
"route -T exec command". OK deraadt@ matthieu@

show more ...

add rtable capability to login.conf.
from Matthew Martin

setuserenv: a missing /etc/login.conf file is not an error.
The code to handle LOGIN_SETENV (and thus LOGIN_SETALL) returned
an error if /etc/login.conf could not be opened. We should simply
return

setuserenv: a missing /etc/login.conf file is not an error.
The code to handle LOGIN_SETENV (and thus LOGIN_SETALL) returned
an error if /etc/login.conf could not be opened. We should simply
return success from setuserenv() in this case like we do for the
other flags. From Matthew Martin, OK deraadt@

show more ...

introduce support for storing capability databases in /etc/login.conf.d;

anytime a class is looked up, the /etc/login.conf.d/${class} file will be
checked first for a matching class definition; this

introduce support for storing capability databases in /etc/login.conf.d;

anytime a class is looked up, the /etc/login.conf.d/${class} file will be
checked first for a matching class definition; this will allow us to easily
add custom login classes from packages

ok millert@

show more ...

use O_RDONLY instead of 0 as open() flags parameter

secure_path(3) hasn't been called since we recognized the TOCTOU issues a few
years back, so we can remove it. Since nothing in the ecosystem calls it, I
am not cranking the libc major as required,

secure_path(3) hasn't been called since we recognized the TOCTOU issues a few
years back, so we can remove it. Since nothing in the ecosystem calls it, I
am not cranking the libc major as required, surely another crank will come
along soon.
noticed by Dante Catalfamo
ok millert

show more ...

setting uid to -1 won't work with setresuid, so detect that condition
and return an error instead. may prevent some unset/missing confusion.
ok deraadt millert

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

show more ...

Remove useless secure_path(3) calls.
There is no point in checking permissions of files in root-owned
directories. If it even was a problem, secure_path(3) suffers from
unsolvable TOCTOU issues. OK

Remove useless secure_path(3) calls.
There is no point in checking permissions of files in root-owned
directories. If it even was a problem, secure_path(3) suffers from
unsolvable TOCTOU issues. OK deraadt@

show more ...

I am retiring my old email address; replace it with my OpenBSD one.

ANSIfy function declarations, move initializations to declaration block

ok millert@

Remove NULL-checks before free() and a few related dead assignments.

ok and valuable input from millert@

remove null check before free. from Michael McConville
ok semarie

Wrap <login_cap.h> so that calls go direct and the symbols are all weak

Use setresuid() and setresgid(). OK guenther@ deraadt@

simplify and clarify login_getstyle; ok deraadt@

Check snprintf(3) return value for error or truncation.
Mostly path construction, where truncation could be bad.

ok and input from deraadt@ millert@ ray@

use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg

a few rlim_t casts, kind of ok otto and millert

Fix use after free(). Bug found by mpech@; ok deraadt@

unused variable killed

Only expand a tilde for strings like "~", "~/..", "~user" and "~user/".
For the PATH, only expand a tilde that is at the beginning of the path name.
This is similar to the behavior prior to my commit

Only expand a tilde for strings like "~", "~/..", "~user" and "~user/".
For the PATH, only expand a tilde that is at the beginning of the path name.
This is similar to the behavior prior to my commit here yesterday.

show more ...

Support the "setenv" capability in login.conf ala FreeBSD. Following
FreeBSD's example, a '~' in an environment variable is replaced
with the user's homedir. A '$' is replaced by the user's login
n

Support the "setenv" capability in login.conf ala FreeBSD. Following
FreeBSD's example, a '~' in an environment variable is replaced
with the user's homedir. A '$' is replaced by the user's login
name. Both can be escaped with a backslash to get the literal char.
OK deraadt@

show more ...