PERFORCE change 97294 for review

[Todd Miller]

http://perforce.freebsd.org/chv.cgi?CH=97294

Change 97294 by millert at millert_p4 on 2006/05/16 20:16:28

	Update for new SEBSD userland

Affected files ...

.. //depot/projects/trustedbsd/sebsd/usr.bin/login/Makefile#10 edit
.. //depot/projects/trustedbsd/sebsd/usr.bin/login/login.c#13 edit
.. //depot/projects/trustedbsd/sebsd/usr.sbin/cron/cron/Makefile#6 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/usr.bin/login/Makefile#10 (text+ko) ====

@@ -16,13 +16,12 @@
 .endif
 
 .if !defined(NO_SEBSD)
-CFLAGS+=-I${.CURDIR}/../../lib/libsebsd
 CFLAGS+=-I${.CURDIR}/../../contrib/sebsd/libselinux/include
 CFLAGS+=-I${.CURDIR}/../../sys
 CFLAGS+=-I${.CURDIR}/../../sys/security/sebsd
 CFLAGS+=-DSEBSD
-DPADD+=	${LIBSEBSD}
-LDADD+=	-lsebsd
+DPADD+=	${LIBSELINUX}
+LDADD+=	-lselinux -lsepol -lsecompat
 .endif
 
 .include <bsd.prog.mk>

==== //depot/projects/trustedbsd/sebsd/usr.bin/login/login.c#13 (text+ko) ====

@@ -68,9 +68,6 @@
 #include <libutil.h>
 #include <login_cap.h>
 #include <pwd.h>
-#ifdef SEBSD
-#include <sebsd.h>
-#endif
 #include <setjmp.h>
 #include <signal.h>
 #include <stdio.h>
@@ -84,6 +81,7 @@
 #include <security/openpam.h>
 #ifdef SEBSD
 #include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
 #include <selinux/flask.h>
 #endif
 
@@ -467,7 +465,6 @@
 	label_string = login_getcapstr(lc, "ttylabel", NULL, NULL);
 	if (label_string != NULL) {
 		mac_t label;
-		int error;
 
 		if (mac_from_text(&label, label_string) == 0) {
 			if (pathconf(ttyn, _PC_MAC_PRESENT) > 0 &&
@@ -546,12 +543,11 @@
 	if (is_selinux_enabled()) {
 		char *labeltext, *queried, *oldttylabeltext, *tty_queried=NULL,
 		    **contexts;
-		size_t ncontexts;
 		mac_t newttylabel;
-		int n;
+		int n, ncontexts;
 
-		if (get_ordered_context_list(username, NULL, &contexts,
-		    &ncontexts) != 0 || ncontexts == 0)
+		ncontexts = get_ordered_context_list(username, NULL, &contexts);
+		if (ncontexts <= 0)
 			goto nosebsd;
 
 		queried = NULL;
@@ -578,10 +574,8 @@
 			}
 		}
 		
-		if (!queried)
-		if (query_user_context(pamh, contexts, ncontexts,
-			&queried) != 0) {
-
+		if (queried == NULL &&
+		    query_user_context(contexts, &queried) != 0) {
 			syslog(LOG_ERR, "Reading SEBSD domain from user:"
 			    " %m");
 			bail(NO_SLEEP_EXIT, 1);

==== //depot/projects/trustedbsd/sebsd/usr.sbin/cron/cron/Makefile#6 (text+ko) ====

@@ -12,8 +12,8 @@
 .if !defined(NO_SEBSD)
 CFLAGS+= -I${.CURDIR}/../../../sys
 CFLAGS+= -DSEBSD
-DPADD+=	${LIBSEBSD}
-LDADD+=	-lsebsd
+DPADD+=	${LIBSELINUX}
+LDADD+=	-lselinux -lsepol -lsecompat
 .endif
 
 .include <bsd.prog.mk>