From owner-p4-projects  Tue Nov 12 21:12:57 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 2BB0F37B404; Tue, 12 Nov 2002 21:12:53 -0800 (PST)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B516237B401
	for <perforce@freebsd.org>; Tue, 12 Nov 2002 21:12:52 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4BAD643E42
	for <perforce@freebsd.org>; Tue, 12 Nov 2002 21:12:52 -0800 (PST)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id gAD5ARmV067488
	for <perforce@freebsd.org>; Tue, 12 Nov 2002 21:10:27 -0800 (PST)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id gAD5AQEC067485
	for perforce@freebsd.org; Tue, 12 Nov 2002 21:10:26 -0800 (PST)
Date: Tue, 12 Nov 2002 21:10:26 -0800 (PST)
Message-Id: <200211130510.gAD5AQEC067485@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 21024 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://perforce.freebsd.org/chv.cgi?CH=21024

Change 21024 by rwatson@rwatson_tislabs on 2002/11/12 21:09:42

	Begin to futz around with login classes and inetd: rather than
	using "daemon" as the default, use the class of the user specified
	in inetd.conf.  This way, MAC labels get set correctly also.
	Allow the default to be overriden, permitting a restoration of
	the previous behavior using:
	
		inetd -L daemon
	
	Probably not quite there yet in terms of complete correctness
	and functionality, but appears to be a step up.

Affected files ...

.. //depot/projects/trustedbsd/mac/usr.sbin/inetd/inetd.8#7 edit
.. //depot/projects/trustedbsd/mac/usr.sbin/inetd/inetd.c#8 edit

Differences ...

==== //depot/projects/trustedbsd/mac/usr.sbin/inetd/inetd.8#7 (text+ko) ====

@@ -43,6 +43,7 @@
 .Nm
 .Op Fl d
 .Op Fl l
+.Op Fl L Ar class
 .Op Fl w
 .Op Fl W
 .Op Fl c Ar maximum
@@ -80,6 +81,11 @@
 Turn on debugging.
 .It Fl l
 Turn on logging of successful connections.
+.It Fl L Ar class
+Specify an alternative class to use as the default login class for a
+daemon; by default, inetd will use the user class specified in the
+.Xr 5 master.passwd
+file.
 .It Fl w
 Turn on TCP Wrapping for external services.
 See the
@@ -426,9 +432,7 @@
 part separated by
 .Dq /
 allows to specify login class different
-than default
-.Dq daemon
-login class.
+than default login class for the specified user.
 .Pp
 The
 .Em server-program

==== //depot/projects/trustedbsd/mac/usr.sbin/inetd/inetd.c#8 (text+ko) ====

@@ -180,10 +180,6 @@
 
 #ifdef LOGIN_CAP
 #include <login_cap.h>
-
-/* see init.c */
-#define RESOURCE_RC "daemon"
-
 #endif
 
 #ifndef	MAXCHILD
@@ -277,6 +273,9 @@
 uid_t	euid;
 gid_t	egid;
 mode_t	mask;
+#ifdef LOGIN_CAP
+char	*default_class = NULL;
+#endif
 
 struct	servtab *servtab;
 
@@ -338,7 +337,7 @@
 
 	openlog("inetd", LOG_PID | LOG_NOWAIT | LOG_PERROR, LOG_DAEMON);
 
-	while ((ch = getopt(argc, argv, "dlwWR:a:c:C:p:s:")) != -1)
+	while ((ch = getopt(argc, argv, "dlL:wWR:a:c:C:p:s:")) != -1)
 		switch(ch) {
 		case 'd':
 			debug = 1;
@@ -347,6 +346,11 @@
 		case 'l':
 			log = 1;
 			break;
+#ifdef LOGIN_CAP
+		case 'L':
+			default_class = optarg;
+			break;
+#endif
 		case 'R':
 			getvalue(optarg, &toomany,
 				"-R %s: bad value for service invocation rate");
@@ -793,7 +797,10 @@
 				if (grp != NULL)
 					pwd->pw_gid = grp->gr_gid;
 #ifdef LOGIN_CAP
-				if ((lc = login_getclass(sep->se_class)) == NULL) {
+				if (sep->se_class == NULL)
+					lc = NULL;
+				else if ((lc = login_getclass(sep->se_class))
+				    == NULL) {
 					/* error syslogged by getclass */
 					syslog(LOG_ERR,
 					    "%s/%s: %s: login class error",
@@ -1894,7 +1901,7 @@
 		*s = '\0';
 		sep->se_class = newstr(s + 1);
 	} else
-		sep->se_class = newstr(RESOURCE_RC);
+		sep->se_class = default_class;
 #endif
 	if ((s = strrchr(sep->se_user, ':')) != NULL) {
 		*s = '\0';

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message