Date: Tue, 18 Nov 2003 10:52:21 -0800 (PST) From: Andrew Reisse <areisse@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 42748 for review Message-ID: <200311181852.hAIIqLcm067347@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=42748 Change 42748 by areisse@areisse_ibook on 2003/11/18 10:51:32 domain selection dialog box currently, it doesn't work for root logins. Affected files ... .. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/English.lproj/MainMenu.nib/classes.nib#1 add .. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/English.lproj/MainMenu.nib/info.nib#1 add .. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/English.lproj/MainMenu.nib/objects.nib#1 add .. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/LabelChooser.h#1 add .. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/LabelChooser.m#1 add .. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/main.m#1 add .. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/wslogin.c#2 edit .. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/wsloginui.pbproj/project.pbxproj#1 add Differences ... ==== //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/wslogin.c#2 (text+ko) ==== @@ -6,6 +6,8 @@ #include <unistd.h> #include <syslog.h> #include <errno.h> +#include <stdio.h> +#include <sys/mman.h> #define errexit(args...) \ { \ @@ -15,15 +17,39 @@ const char *username = "root"; +char *shm = NULL; + int setlogin (const char *user) { + if (!shm) + { + shm = (char *) mmap (0, 4096, PROT_READ | PROT_WRITE, + MAP_SHARED | MAP_ANON, -1, 0); + memset (shm, 0, 4096); + } + if (!shm) + return -1; + username = user; return syscall (50, user); } - +/* +int fork () +{ + if (!shm) + { + shm = (char *) mmap (0, 4096, PROT_READ | PROT_WRITE, + MAP_SHARED | MAP_ANON, -1, 0); + memset (shm, 0, 4096); + } + if (!shm) + return -1; + return syscall (2); +} +*/ int setuid (uid_t uid) { - mac_t execlabel = NULL; /* label to transition to in exec */ + mac_t execlabel = NULL; /* label to transition to in exec */ openlog ("wslogin", LOG_ODELAY, LOG_AUTH); @@ -34,27 +60,76 @@ if (r) return r; + if (shm[0]) + { + if (shm[1] == 0) + errexit ("previous attempt to do transition failed"); + + if (mac_from_text(&execlabel, shm+1)) + errexit("%s is not a valid domain", shm[1]); + + return mac_set_proc (execlabel); + } + if (sebsd_enabled()) { char *labeltext, *queried, **contexts; size_t ncontexts; int n; + FILE *fp; + char userlabel[512]; if (get_ordered_context_list(username, NULL, &contexts, &ncontexts) != 0 || ncontexts == 0) errexit ("Getting context list for %s: %s", username, strerror (errno)); -#if 0 - if (query_user_context(pamh, contexts, ncontexts, - &queried) != 0) - errexit ("Requesting domain from user"); -#else - queried = contexts[0]; -#endif + int retries = 3; + const char *wexe = "/System/Library/CoreServices/wsloginui.app/Contents/MacOS/wslui"; + size_t warglen = strlen (wexe); + for (r = 0; r < ncontexts; r++) + warglen += 2 + strlen (contexts[r]); + + char *wargs = (char *) malloc (warglen); + strcpy (wargs, wexe); + for (r = 0; r < ncontexts; r++) + { + strcat (wargs, " "); + strcat (wargs, contexts[r]); + } + choosed: + fp = popen (wargs, "r"); + if (fp == NULL) + errexit ("Executing domain chooser"); + if (!fgets (userlabel, 512, fp)) + errexit ("Reading from domain chooser"); + char *p = userlabel; + while (*p && *p != '\n') + p++; + *p = 0; + pclose (fp); + + /* Verify that the chooser program returned one of the labels + we gave it */ + for (r = 0; r < ncontexts; r++) + if (!strcmp (contexts[r], userlabel)) + break; + + if (r == ncontexts) + { + if (!--retries) + errexit ("Requesting domain from user"); + goto choosed; + } + else + queried = contexts[r]; if (asprintf(&labeltext, "sebsd/%s", queried) == -1 || mac_from_text(&execlabel, labeltext) != 0) errexit("%s is not a valid domain", queried); syslog (LOG_ERR, "wslogin: user domain is %s", labeltext); + + shm[0] = 1; + strcpy (shm+1,labeltext); + free(labeltext); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200311181852.hAIIqLcm067347>