diff options
-rw-r--r-- | usr.sbin/inetd/Makefile | 2 | ||||
-rw-r--r-- | usr.sbin/inetd/inetd.c | 27 |
2 files changed, 27 insertions, 2 deletions
diff --git a/usr.sbin/inetd/Makefile b/usr.sbin/inetd/Makefile index 0654eba..2682ea5 100644 --- a/usr.sbin/inetd/Makefile +++ b/usr.sbin/inetd/Makefile @@ -4,7 +4,7 @@ PROG= inetd MAN8= inetd.8 MLINKS= inetd.8 inetd.conf.5 -COPTS+= -Wall +COPTS+= -Wall -DLOGIN_CAP #COPTS+= -DSANITY_CHECK DPADD+= ${LIBUTIL} diff --git a/usr.sbin/inetd/inetd.c b/usr.sbin/inetd/inetd.c index cb9ef46..cb9407b 100644 --- a/usr.sbin/inetd/inetd.c +++ b/usr.sbin/inetd/inetd.c @@ -40,7 +40,7 @@ static char copyright[] __attribute__ ((unused)) = #ifndef lint /* from: @(#)inetd.c 8.4 (Berkeley) 4/13/94"; */ static char inetd_c_rcsid[] __attribute__ ((unused)) = - "$Id: inetd.c,v 1.16 1996/11/10 21:07:27 julian Exp $"; + "$Id: inetd.c,v 1.17 1996/11/10 21:12:44 julian Exp $"; #endif /* not lint */ /* @@ -127,6 +127,11 @@ static char inetd_c_rcsid[] __attribute__ ((unused)) = #include <libutil.h> #include <sysexits.h> +#ifdef LOGIN_CAP +#undef AUTH_NONE /* conflicts with rpc stuff */ +#include <login_cap.h> +#endif + #include "pathnames.h" #define TOOMANY 256 /* don't start more than TOOMANY */ @@ -267,6 +272,9 @@ main(argc, argv, envp) char buf[50]; struct sockaddr_in peer; int i; +#ifdef LOGIN_CAP + login_cap_t *lc = NULL; +#endif #ifdef OLD_SETPROCTITLE @@ -503,12 +511,28 @@ main(argc, argv, envp) recv(0, buf, sizeof (buf), 0); _exit(EX_NOUSER); } +#ifdef LOGIN_CAP + /* + * Establish the class now, falls back to + * the "default" if unavailable. + */ + lc = login_getclass(pwd); +#endif if (setsid() < 0) { syslog(LOG_ERR, "%s: can't setsid(): %m", sep->se_service); /* _exit(EX_OSERR); not fatal yet */ } +#ifdef LOGIN_CAP + if (setusercontext(lc, pwd, pwd->pw_uid, + LOGIN_SETALL) != 0) { + syslog(LOG_ERR, + "%s: can't setusercontext(..%s..): %m", + sep->se_service, sep->se_user); + _exit(EX_OSERR); + } +#else if (pwd->pw_uid) { if (setlogin(sep->se_user) < 0) { syslog(LOG_ERR, @@ -531,6 +555,7 @@ main(argc, argv, envp) _exit(EX_OSERR); } } +#endif execv(sep->se_server, sep->se_argv); if (sep->se_socktype != SOCK_STREAM) recv(0, buf, sizeof (buf), 0); |