PERFORCE change 42748 for review
Andrew Reisse
areisse at FreeBSD.org
Tue Nov 18 18:52:21 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=42748
Change 42748 by areisse at areisse_ibook on 2003/11/18 10:51:32
domain selection dialog box
currently, it doesn't work for root logins.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/English.lproj/MainMenu.nib/classes.nib#1 add
.. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/English.lproj/MainMenu.nib/info.nib#1 add
.. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/English.lproj/MainMenu.nib/objects.nib#1 add
.. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/LabelChooser.h#1 add
.. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/LabelChooser.m#1 add
.. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/main.m#1 add
.. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/wslogin.c#2 edit
.. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/wsloginui.pbproj/project.pbxproj#1 add
Differences ...
==== //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/wslogin.c#2 (text+ko) ====
@@ -6,6 +6,8 @@
#include <unistd.h>
#include <syslog.h>
#include <errno.h>
+#include <stdio.h>
+#include <sys/mman.h>
#define errexit(args...) \
{ \
@@ -15,15 +17,39 @@
const char *username = "root";
+char *shm = NULL;
+
int setlogin (const char *user)
{
+ if (!shm)
+ {
+ shm = (char *) mmap (0, 4096, PROT_READ | PROT_WRITE,
+ MAP_SHARED | MAP_ANON, -1, 0);
+ memset (shm, 0, 4096);
+ }
+ if (!shm)
+ return -1;
+
username = user;
return syscall (50, user);
}
-
+/*
+int fork ()
+{
+ if (!shm)
+ {
+ shm = (char *) mmap (0, 4096, PROT_READ | PROT_WRITE,
+ MAP_SHARED | MAP_ANON, -1, 0);
+ memset (shm, 0, 4096);
+ }
+ if (!shm)
+ return -1;
+ return syscall (2);
+}
+*/
int setuid (uid_t uid)
{
- mac_t execlabel = NULL; /* label to transition to in exec */
+ mac_t execlabel = NULL; /* label to transition to in exec */
openlog ("wslogin", LOG_ODELAY, LOG_AUTH);
@@ -34,27 +60,76 @@
if (r)
return r;
+ if (shm[0])
+ {
+ if (shm[1] == 0)
+ errexit ("previous attempt to do transition failed");
+
+ if (mac_from_text(&execlabel, shm+1))
+ errexit("%s is not a valid domain", shm[1]);
+
+ return mac_set_proc (execlabel);
+ }
+
if (sebsd_enabled())
{
char *labeltext, *queried, **contexts;
size_t ncontexts;
int n;
+ FILE *fp;
+ char userlabel[512];
if (get_ordered_context_list(username, NULL, &contexts,
&ncontexts) != 0 || ncontexts == 0)
errexit ("Getting context list for %s: %s", username, strerror (errno));
-#if 0
- if (query_user_context(pamh, contexts, ncontexts,
- &queried) != 0)
- errexit ("Requesting domain from user");
-#else
- queried = contexts[0];
-#endif
+ int retries = 3;
+ const char *wexe = "/System/Library/CoreServices/wsloginui.app/Contents/MacOS/wslui";
+ size_t warglen = strlen (wexe);
+ for (r = 0; r < ncontexts; r++)
+ warglen += 2 + strlen (contexts[r]);
+
+ char *wargs = (char *) malloc (warglen);
+ strcpy (wargs, wexe);
+ for (r = 0; r < ncontexts; r++)
+ {
+ strcat (wargs, " ");
+ strcat (wargs, contexts[r]);
+ }
+ choosed:
+ fp = popen (wargs, "r");
+ if (fp == NULL)
+ errexit ("Executing domain chooser");
+ if (!fgets (userlabel, 512, fp))
+ errexit ("Reading from domain chooser");
+ char *p = userlabel;
+ while (*p && *p != '\n')
+ p++;
+ *p = 0;
+ pclose (fp);
+
+ /* Verify that the chooser program returned one of the labels
+ we gave it */
+ for (r = 0; r < ncontexts; r++)
+ if (!strcmp (contexts[r], userlabel))
+ break;
+
+ if (r == ncontexts)
+ {
+ if (!--retries)
+ errexit ("Requesting domain from user");
+ goto choosed;
+ }
+ else
+ queried = contexts[r];
if (asprintf(&labeltext, "sebsd/%s", queried) == -1 ||
mac_from_text(&execlabel, labeltext) != 0)
errexit("%s is not a valid domain", queried);
syslog (LOG_ERR, "wslogin: user domain is %s", labeltext);
+
+ shm[0] = 1;
+ strcpy (shm+1,labeltext);
+
free(labeltext);
}
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list