Date: Tue, 12 Nov 2002 21:10:26 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 21024 for review Message-ID: <200211130510.gAD5AQEC067485@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=21024 Change 21024 by rwatson@rwatson_tislabs on 2002/11/12 21:09:42 Begin to futz around with login classes and inetd: rather than using "daemon" as the default, use the class of the user specified in inetd.conf. This way, MAC labels get set correctly also. Allow the default to be overriden, permitting a restoration of the previous behavior using: inetd -L daemon Probably not quite there yet in terms of complete correctness and functionality, but appears to be a step up. Affected files ... .. //depot/projects/trustedbsd/mac/usr.sbin/inetd/inetd.8#7 edit .. //depot/projects/trustedbsd/mac/usr.sbin/inetd/inetd.c#8 edit Differences ... ==== //depot/projects/trustedbsd/mac/usr.sbin/inetd/inetd.8#7 (text+ko) ==== @@ -43,6 +43,7 @@ .Nm .Op Fl d .Op Fl l +.Op Fl L Ar class .Op Fl w .Op Fl W .Op Fl c Ar maximum @@ -80,6 +81,11 @@ Turn on debugging. .It Fl l Turn on logging of successful connections. +.It Fl L Ar class +Specify an alternative class to use as the default login class for a +daemon; by default, inetd will use the user class specified in the +.Xr 5 master.passwd +file. .It Fl w Turn on TCP Wrapping for external services. See the @@ -426,9 +432,7 @@ part separated by .Dq / allows to specify login class different -than default -.Dq daemon -login class. +than default login class for the specified user. .Pp The .Em server-program ==== //depot/projects/trustedbsd/mac/usr.sbin/inetd/inetd.c#8 (text+ko) ==== @@ -180,10 +180,6 @@ #ifdef LOGIN_CAP #include <login_cap.h> - -/* see init.c */ -#define RESOURCE_RC "daemon" - #endif #ifndef MAXCHILD @@ -277,6 +273,9 @@ uid_t euid; gid_t egid; mode_t mask; +#ifdef LOGIN_CAP +char *default_class = NULL; +#endif struct servtab *servtab; @@ -338,7 +337,7 @@ openlog("inetd", LOG_PID | LOG_NOWAIT | LOG_PERROR, LOG_DAEMON); - while ((ch = getopt(argc, argv, "dlwWR:a:c:C:p:s:")) != -1) + while ((ch = getopt(argc, argv, "dlL:wWR:a:c:C:p:s:")) != -1) switch(ch) { case 'd': debug = 1; @@ -347,6 +346,11 @@ case 'l': log = 1; break; +#ifdef LOGIN_CAP + case 'L': + default_class = optarg; + break; +#endif case 'R': getvalue(optarg, &toomany, "-R %s: bad value for service invocation rate"); @@ -793,7 +797,10 @@ if (grp != NULL) pwd->pw_gid = grp->gr_gid; #ifdef LOGIN_CAP - if ((lc = login_getclass(sep->se_class)) == NULL) { + if (sep->se_class == NULL) + lc = NULL; + else if ((lc = login_getclass(sep->se_class)) + == NULL) { /* error syslogged by getclass */ syslog(LOG_ERR, "%s/%s: %s: login class error", @@ -1894,7 +1901,7 @@ *s = '\0'; sep->se_class = newstr(s + 1); } else - sep->se_class = newstr(RESOURCE_RC); + sep->se_class = default_class; #endif if ((s = strrchr(sep->se_user, ':')) != NULL) { *s = '\0'; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211130510.gAD5AQEC067485>