Bug 236204 - Cannot use comma in setenv in login.conf
Summary: Cannot use comma in setenv in login.conf
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: 12.1-STABLE
Hardware: Any Any
: --- Affects Many People
Assignee: Sean Eric Fagan
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-03-04 12:11 UTC by Michael Osipov
Modified: 2020-06-22 15:03 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Osipov 2019-03-04 12:11:33 UTC
I cannot set the following in login.conf

> :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,\
> HTTP_PROXY=http\c//194.145.60.1\c9400,\
> HTTPS_PROXY=http\c//194.145.60.1\c9400,\
> FTP_PROXY=ftp\c//194.145.60.1\c9400,\
> NO_PROXY="localhost,.siemens.net,.siemens.com,.siemens.de":\

because comma seperates the vars themselves.

While fetch(1) and curl(1) also supports whitespace-delimited values, poudriere chokes on: https://github.com/freebsd/poudriere/issues/669

There must be some mechanism to escape commas just like semicolons.
Comment 1 Bryan Drewery freebsd_committer 2019-03-04 19:37:32 UTC
Poudriere is effectively fine here with this syntax (no quotes needed):
        :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,NO_PROXY=localhost .siemens.net .siemens.com .siemens.de:\
Comment 2 Michael Osipov 2019-03-05 09:15:03 UTC
I cannot confirm this. Besides poudriere, it whould be possible in general to have commas in env values.
Comment 3 Michael Osipov 2020-06-16 08:43:10 UTC
I think I have traced down the cause: cap_mkdb uses cgetnext() whose manpage says:
>      String capability values may contain any character.  Non-printable ASCII
>      codes, new lines, and colons may be conveniently represented by the use
>      of escape sequences:
> 
>      ^X        ('X' & 037)          control-X
>      \b, \B    (ASCII 010)          backspace
>      \t, \T    (ASCII 011)          tab
>      \n, \N    (ASCII 012)          line feed (newline)
>      \f, \F    (ASCII 014)          form feed
>      \r, \R    (ASCII 015)          carriage return
>      \e, \E    (ASCII 027)          escape
>      \c, \C    (:)                  colon
>      \\        (\)                  back slash
>      \^        (^)                  caret
>      \nnn      (ASCII octal nnn)

While I have tried to do \054, it is still not working because the setenv magic is performed with login_getcaplist() in
> ./lib/libutil/login_class.c:    const char      **set_env = login_getcaplist(lc, "setenv", ",");

So also the \054 is converted to comma, the subsequent call adds its own sematics to split the setenv capability with comma. So it would require something like \O which is used in login_class only and
 if ((np = substvar(p, pwd, hlen, pch, nlen)) != NULL) {
     setenv(*set_env, np, 1);
     free(np);
 }

and np needs to be processed for \O to replace with a comma. If I understand ./lib/libc/gen/getcap.c correctly the blackslash is retained by "*mp++ = *(bp-1)" if the escape char is unknown.
Comment 4 Sean Eric Fagan freebsd_committer 2020-06-20 00:12:30 UTC
Ok, on HEAD, I've got a change that, for that login.conf entry, gives me:

	0: MAIL=/var/mail/$
	1: BLOCKSIZE=K
	2: 	HTTP_PROXY=http://194.145.60.1:9400
	3: 	HTTPS_PROXY=http://194.145.60.1:9400
	4: 	FTP_PROXY=ftp://194.145.60.1:9400
	5: 	NO_PROXY=localhost,.siemens.net,.siemens.com,.siemens.de

as the output.  Specifically, it treats a quoted string as a quoted string, and then removes the quotes.  I'll create a review for it.
Comment 5 Sean Eric Fagan freebsd_committer 2020-06-20 00:24:50 UTC
I created review D25368
Comment 6 Michael Osipov 2020-06-20 09:34:48 UTC
Sean, thanks for the patch. I will try that next week and let you know!
Comment 7 Michael Osipov 2020-06-22 15:03:26 UTC
I cannot unfortunately sign in into Phabricator:

Fehler 401: disabled_client
The OAuth client was disabled.

I have tested your patch. Set up a jail from stable/12 with Poudriere applied patch, recompiled:

> root@deblndw011x:/var/poudriere/jails/121-stable-amd64/usr/src
> # jexec 121-stable-amd64-default  env -i TERM=$TERM /usr/bin/login -fp root
> Last login: Mon Jun 22 14:51:48 on pts/2
> FreeBSD ?.?.?  (UNKNOWN)
> 
> root@121-stable-amd64-default:~ # less /etc/login.conf
> # login.conf - login class capabilities database.
> #
> ...
> default:\
>     :passwd_format=sha512:\
>     :copyright=/etc/COPYRIGHT:\
>     :welcome=/etc/motd:\
>     :setenv=BLOCKSIZE=K,UNAME_r=12.1-STABLE,UNAME_v=FreeBSD 12.1-STABLE 1201518,OSVERSION=1201518,\
> LSCOLORS=gxfxcxdxbxegedabagacad,\
> CLICOLOR=YES,\
> EDITOR=vim,\
> LESS=-x4 -R -eFK,\
> NCURSES_NO_UTF8_ACS=1,\
> HTTP_PROXY=http\c//194.145.60.1\c9400,\
> HTTPS_PROXY=http\c//194.145.60.1\c9400,\
> FTP_PROXY=http\c//194.145.60.1\c9400,\
> NO_PROXY="localhost,.siemens.net,.siemens.com,.siemens.de":\
>     :mail=/var/mail/$:\
>     :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\
>     :nologin=/var/run/nologin:\
>     :cputime=unlimited:\
>     :datasize=unlimited:\
>     :stacksize=unlimited:\
>     :memorylocked=64K:\
>     :memoryuse=unlimited:\
>     :filesize=unlimited:\
>     :coredumpsize=unlimited:\
>     :openfiles=unlimited:\
>     :maxproc=unlimited:\
>     :sbsize=unlimited:\
>     :vmemoryuse=unlimited:\
>     :swapuse=unlimited:\
>     :pseudoterminals=unlimited:\
>     :kqueues=unlimited:\
>     :umtxp=unlimited:\
>     :priority=0:\
>     :ignoretime@:\
>     :umask=022:
> 
> root@121-stable-amd64-default:~ # env
> USER=root
> LOGNAME=root
> HOME=/root
> SHELL=/bin/csh
> NO_PROXY=localhost,.siemens.net,.siemens.com,.siemens.de
> FTP_PROXY=http://194.145.60.1:9400
> HTTPS_PROXY=http://194.145.60.1:9400
> HTTP_PROXY=http://194.145.60.1:9400
> NCURSES_NO_UTF8_ACS=1
> LESS=-x4 -R -eFK
> EDITOR=vi
> CLICOLOR=YES
> LSCOLORS=gxfxcxdxbxegedabagacad
> OSVERSION=1201518
> UNAME_v=FreeBSD 12.1-STABLE 1201518
> UNAME_r=12.1-STABLE
> BLOCKSIZE=K
> MAIL=/var/mail/root
> PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
> TERM=xterm
> HOSTTYPE=FreeBSD
> VENDOR=amd
> OSTYPE=FreeBSD
> MACHTYPE=x86_64
> SHLVL=1
> PWD=/root
> GROUP=wheel
> HOST=121-stable-amd64-default
> PAGER=less

Works for me. It needs a manpage update to tell that quotes will help for commas or maybe other characters affecting parsing.