PERFORCE change 21024 for review

Robert Watson rwatson at freebsd.org
Wed Nov 13 05:10:26 GMT 2002 

http://perforce.freebsd.org/chv.cgi?CH=21024

Change 21024 by rwatson at rwatson_tislabs on 2002/11/12 21:09:42

	Begin to futz around with login classes and inetd: rather than
	using "daemon" as the default, use the class of the user specified
	in inetd.conf.  This way, MAC labels get set correctly also.
	Allow the default to be overriden, permitting a restoration of
	the previous behavior using:
	
		inetd -L daemon
	
	Probably not quite there yet in terms of complete correctness
	and functionality, but appears to be a step up.

Affected files ...

.. //depot/projects/trustedbsd/mac/usr.sbin/inetd/inetd.8#7 edit
.. //depot/projects/trustedbsd/mac/usr.sbin/inetd/inetd.c#8 edit

Differences ...

==== //depot/projects/trustedbsd/mac/usr.sbin/inetd/inetd.8#7 (text+ko) ====

@@ -43,6 +43,7 @@
 .Nm
 .Op Fl d
 .Op Fl l
+.Op Fl L Ar class
 .Op Fl w
 .Op Fl W
 .Op Fl c Ar maximum
@@ -80,6 +81,11 @@
 Turn on debugging.
 .It Fl l
 Turn on logging of successful connections.
+.It Fl L Ar class
+Specify an alternative class to use as the default login class for a
+daemon; by default, inetd will use the user class specified in the
+.Xr 5 master.passwd
+file.
 .It Fl w
 Turn on TCP Wrapping for external services.
 See the
@@ -426,9 +432,7 @@
 part separated by
 .Dq /
 allows to specify login class different
-than default
-.Dq daemon
-login class.
+than default login class for the specified user.
 .Pp
 The
 .Em server-program

==== //depot/projects/trustedbsd/mac/usr.sbin/inetd/inetd.c#8 (text+ko) ====

@@ -180,10 +180,6 @@
 
 #ifdef LOGIN_CAP
 #include <login_cap.h>
-
-/* see init.c */
-#define RESOURCE_RC "daemon"
-
 #endif
 
 #ifndef	MAXCHILD
@@ -277,6 +273,9 @@
 uid_t	euid;
 gid_t	egid;
 mode_t	mask;
+#ifdef LOGIN_CAP
+char	*default_class = NULL;
+#endif
 
 struct	servtab *servtab;
 
@@ -338,7 +337,7 @@
 
 	openlog("inetd", LOG_PID | LOG_NOWAIT | LOG_PERROR, LOG_DAEMON);
 
-	while ((ch = getopt(argc, argv, "dlwWR:a:c:C:p:s:")) != -1)
+	while ((ch = getopt(argc, argv, "dlL:wWR:a:c:C:p:s:")) != -1)
 		switch(ch) {
 		case 'd':
 			debug = 1;
@@ -347,6 +346,11 @@
 		case 'l':
 			log = 1;
 			break;
+#ifdef LOGIN_CAP
+		case 'L':
+			default_class = optarg;
+			break;
+#endif
 		case 'R':
 			getvalue(optarg, &toomany,
 				"-R %s: bad value for service invocation rate");
@@ -793,7 +797,10 @@
 				if (grp != NULL)
 					pwd->pw_gid = grp->gr_gid;
 #ifdef LOGIN_CAP
-				if ((lc = login_getclass(sep->se_class)) == NULL) {
+				if (sep->se_class == NULL)
+					lc = NULL;
+				else if ((lc = login_getclass(sep->se_class))
+				    == NULL) {
 					/* error syslogged by getclass */
 					syslog(LOG_ERR,
 					    "%s/%s: %s: login class error",
@@ -1894,7 +1901,7 @@
 		*s = '\0';
 		sep->se_class = newstr(s + 1);
 	} else
-		sep->se_class = newstr(RESOURCE_RC);
+		sep->se_class = default_class;
 #endif
 	if ((s = strrchr(sep->se_user, ':')) != NULL) {
 		*s = '\0';
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list