From 71edd02c559d6c9bf0437f8c01c73628ead40d01 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Thu, 24 Oct 2002 16:19:52 +0000
Subject: Have ftpd specify the LOGIN_SETMAC flag to setlogincontext() so that
 MAC labels are set if MAC is enabled and configured for the user logging in.

Note that lukemftpd is not considered a supported application when
MAC is enabled, as it does not use the standard system interfaces for
managing user contexts; if lukemftpd is used with labeled MAC policies,
it will not properly give up privileges when switching to the user
account.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
---
 libexec/ftpd/ftpd.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'libexec')

diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c
index 180f0c1..05d4188 100644
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@@ -1145,7 +1145,8 @@ end_login(void)
 	pw = NULL;
 #ifdef	LOGIN_CAP
 	setusercontext(NULL, getpwuid(0), (uid_t)0,
-		       LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK);
+		       LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK|
+		       LOGIN_SETMAC);
 #endif
 #ifdef USE_PAM
 	if ((e = pam_setcred(pamh, PAM_DELETE_CRED)) != PAM_SUCCESS)
@@ -1408,7 +1409,7 @@ skip:
 	}
 	setusercontext(lc, pw, (uid_t)0,
 		LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY|
-		LOGIN_SETRESOURCES|LOGIN_SETUMASK);
+		LOGIN_SETRESOURCES|LOGIN_SETUMASK|LOGIN_SETMAC);
 #else
 	setlogin(pw->pw_name);
 	(void) initgroups(pw->pw_name, pw->pw_gid);
-- 
cgit v1.1