Date: Wed, 31 Dec 2003 10:27:06 -0800 (PST) From: Andrew Reisse <areisse@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 44601 for review Message-ID: <200312311827.hBVIR62d060958@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=44601 Change 44601 by areisse@areisse_tislabs on 2003/12/31 10:26:54 Support roles supplied after the username, as "andrew/user_r". Affected files ... .. //depot/projects/trustedbsd/sebsd/usr.bin/login/login.c#6 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/usr.bin/login/login.c#6 (text+ko) ==== @@ -138,6 +138,8 @@ static char *username; /* user name */ static char *olduser; /* previous user name */ +static char *user_role; /* role/type specified with username */ + /* * Prompts */ @@ -292,6 +294,13 @@ badlogin(olduser); } + char *rp = username; + while (*rp && *rp != '/') + rp++; + if (*rp == '/') { + *rp = 0; + user_role = rp+1; + } /* * Load the PAM policy and set some variables */ @@ -504,7 +513,7 @@ * according to what the security server reports. */ if (sebsd_enabled()) { - char *labeltext, *queried, *oldttylabeltext, *tty_queried, + char *labeltext, *queried, *oldttylabeltext, *tty_queried=NULL, **contexts; size_t ncontexts; mac_t newttylabel; @@ -513,9 +522,40 @@ if (get_ordered_context_list(username, NULL, &contexts, &ncontexts) != 0 || ncontexts == 0) goto nosebsd; + + queried = NULL; + if (user_role) { + int i; + char *p = user_role; + while (*p) { + if (*p == '|' || *p == '/') + *p = ':'; + p++; + } + for (i = 0; i < ncontexts; i++) { + p = contexts[i] + strlen(username)+1; + if (!strcmp (p, user_role)) { + queried = contexts[i]; + break; + } + char *pt = strchr (p, ':'); + if (pt-p == strlen(user_role) && + !strncmp (p, user_role, pt-p)) { + queried = contexts[i]; + break; + } + } + } + + if (!queried) if (query_user_context(pamh, contexts, ncontexts, - &queried) != 0 || - asprintf(&labeltext, "sebsd/%s", queried) == -1 || + &queried) != 0) { + + syslog(LOG_ERR, "Reading SEBSD domain from user:" + " %m"); + bail(NO_SLEEP_EXIT, 1); + } + if (asprintf(&labeltext, "sebsd/%s", queried) == -1 || mac_from_text(&execlabel, labeltext) != 0) { syslog(LOG_ERR, "Determining SEBSD domain transition:" " %m");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312311827.hBVIR62d060958>