PERFORCE change 22822 for review
Brian Feldman
green at freebsd.org
Sat Dec 28 00:12:58 GMT 2002
http://perforce.freebsd.org/chv.cgi?CH=22822
Change 22822 by green at green_laptop_2 on 2002/12/27 16:12:33
Add to libsebsd the query_user_context() call which has a PAM
conversation with the user to determine what domain to transition
to, and add support for this to login(1). Users can now finally
log in and receive the correct domain, via the console so far.
Affected files ...
.. //depot/projects/trustedbsd/mac/lib/libsebsd/Makefile#4 edit
.. //depot/projects/trustedbsd/mac/lib/libsebsd/query_user_context.c#1 add
.. //depot/projects/trustedbsd/mac/lib/libsebsd/sebsd.h#5 edit
.. //depot/projects/trustedbsd/mac/usr.bin/login/Makefile#6 edit
.. //depot/projects/trustedbsd/mac/usr.bin/login/login.c#26 edit
Differences ...
==== //depot/projects/trustedbsd/mac/lib/libsebsd/Makefile#4 (text+ko) ====
@@ -11,7 +11,7 @@
NOMAN=
SRCS= system.c security_get_user_contexts.c get_ordered_context_list.c \
- getseccontext.c
+ getseccontext.c query_user_context.c
INCS= sebsd_context.h sebsd_ss.h sebsd_proc.h sebsd_fs.h sebsd.h \
sebsd_syscalls.h flask_types.h
==== //depot/projects/trustedbsd/mac/lib/libsebsd/sebsd.h#5 (text+ko) ====
@@ -37,6 +37,8 @@
#ifndef _SEBSD_H
#define _SEBSD_H
+#include <sys/types.h>
+#include <security/pam_types.h>
#include "flask_types.h"
#include "sebsd_syscalls.h"
@@ -52,6 +54,8 @@
char ***ordered_list, size_t *length);
int get_default_context(const char *username, const char *from_context,
char **default_context);
+int query_user_context(pam_handle_t *pamh, char **ordered_context_list,
+ size_t length, char **retcontext);
int sebsd_avc_toggle(void);
int sebsd_enabled(void);
==== //depot/projects/trustedbsd/mac/usr.bin/login/Makefile#6 (text+ko) ====
@@ -4,8 +4,8 @@
PROG= login
SRCS= login.c login_fbtab.c
CFLAGS+=-DLOGALL
-DPADD= ${LIBUTIL} ${LIBCRYPT} ${LIBPAM}
-LDADD= -lutil -lcrypt ${MINUSLPAM}
+DPADD= ${LIBUTIL} ${LIBCRYPT} ${LIBPAM} ${LIBSEBSD}
+LDADD= -lutil -lcrypt ${MINUSLPAM} -lsebsd
MAN= login.1 login.access.5
BINOWN= root
BINMODE=4555
==== //depot/projects/trustedbsd/mac/usr.bin/login/login.c#26 (text+ko) ====
@@ -68,6 +68,7 @@
#include <libutil.h>
#include <login_cap.h>
#include <pwd.h>
+#include <sebsd.h>
#include <setjmp.h>
#include <signal.h>
#include <stdio.h>
@@ -156,6 +157,8 @@
static int pam_cred_established;
static int pam_session_established;
+extern char **environ;
+
int
main(int argc, char *argv[])
{
@@ -172,6 +175,7 @@
const char *tp;
const char *shell = NULL;
login_cap_t *lc = NULL;
+ mac_t execlabel = NULL;
const char *label_string;
pid_t pid;
@@ -491,6 +495,34 @@
}
/*
+ * Determine if we must execute a transition when we
+ * run our shell, for MAC policies which require it. For now,
+ * this is just SEBSD, and therefore not generic at all.
+ */
+ if (sebsd_enabled()) {
+ char *labeltext, *queried, **contexts;
+ size_t ncontexts;
+ int n;
+
+ if (get_ordered_context_list(username, NULL, &contexts,
+ &ncontexts) != 0 || ncontexts == 0)
+ goto nosebsd;
+ if (query_user_context(pamh, contexts, ncontexts,
+ &queried) != 0 ||
+ asprintf(&labeltext, "sebsd/%s", queried) == -1 ||
+ mac_from_text(&execlabel, labeltext) != 0) {
+ syslog(LOG_ERR, "Determining SEBSD domain transition:"
+ " %m");
+ bail(NO_SLEEP_EXIT, 1);
+ }
+ free(labeltext);
+ for (n = 0; n < ncontexts; n++)
+ free(contexts[n]);
+ free(contexts);
+ }
+nosebsd:
+
+ /*
* Destroy environment unless user has requested its
* preservation - but preserve TERM in all cases
*/
@@ -646,7 +678,15 @@
err(1, "asprintf()");
}
- execlp(shell, arg0, (char *)0);
+ if (execlabel != NULL) {
+ char *shell_argv[2];
+
+ shell_argv[0] = arg0;
+ shell_argv[1] = NULL;
+ mac_execve(pwd->pw_shell, shell_argv, environ, execlabel);
+ } else {
+ execlp(shell, arg0, (char *)0);
+ }
err(1, "%s", shell);
/*
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list