|
Lines 117-122
Link Here
|
| 117 |
#include "monitor_fdpass.h" |
117 |
#include "monitor_fdpass.h" |
| 118 |
#include "version.h" |
118 |
#include "version.h" |
| 119 |
|
119 |
|
|
|
120 |
#ifdef USE_SECURITY_SESSION_API |
| 121 |
#include <Security/AuthSession.h> |
| 122 |
#endif |
| 123 |
|
| 120 |
#ifdef LIBWRAP |
124 |
#ifdef LIBWRAP |
| 121 |
#include <tcpd.h> |
125 |
#include <tcpd.h> |
| 122 |
#include <syslog.h> |
126 |
#include <syslog.h> |
|
Lines 1749-1754
Link Here
|
| 1749 |
|
1753 |
|
| 1750 |
/* Log the connection. */ |
1754 |
/* Log the connection. */ |
| 1751 |
verbose("Connection from %.500s port %d", remote_ip, remote_port); |
1755 |
verbose("Connection from %.500s port %d", remote_ip, remote_port); |
|
|
1756 |
|
| 1757 |
#ifdef USE_SECURITY_SESSION_API |
| 1758 |
/* |
| 1759 |
* Create a new security session for use by the new user login if |
| 1760 |
* the current session is the root session or we are not launched |
| 1761 |
* by inetd (eg: debugging mode or server mode). We do not |
| 1762 |
* necessarily need to create a session if we are launched from |
| 1763 |
* inetd because Panther xinetd will create a session for us. |
| 1764 |
* |
| 1765 |
* The only case where this logic will fail is if there is an |
| 1766 |
* inetd running in a non-root session which is not creating |
| 1767 |
* new sessions for us. Then all the users will end up in the |
| 1768 |
* same session (bad). |
| 1769 |
* |
| 1770 |
* When the client exits, the session will be destroyed for us |
| 1771 |
* automatically. |
| 1772 |
* |
| 1773 |
* We must create the session before any credentials are stored |
| 1774 |
* (including AFS pags, which happens a few lines below). |
| 1775 |
*/ |
| 1776 |
{ |
| 1777 |
OSStatus err = 0; |
| 1778 |
SecuritySessionId sid = 0; |
| 1779 |
SessionAttributeBits sattrs = 0; |
| 1780 |
|
| 1781 |
err = SessionGetInfo(callerSecuritySession, &sid, &sattrs); |
| 1782 |
if (err) |
| 1783 |
error("SessionGetInfo() failed with error %.8X", |
| 1784 |
(unsigned) err); |
| 1785 |
else |
| 1786 |
debug("Current Session ID is %.8X / Session Attributes are %.8X", |
| 1787 |
(unsigned) sid, (unsigned) sattrs); |
| 1788 |
|
| 1789 |
if (inetd_flag && !(sattrs & sessionIsRoot)) |
| 1790 |
debug("Running in inetd mode in a non-root session... " |
| 1791 |
"assuming inetd created the session for us."); |
| 1792 |
else { |
| 1793 |
debug("Creating new security session..."); |
| 1794 |
err = SessionCreate(0, sessionHasTTY | sessionIsRemote); |
| 1795 |
if (err) |
| 1796 |
error("SessionCreate() failed with error %.8X", |
| 1797 |
(unsigned) err); |
| 1798 |
|
| 1799 |
err = SessionGetInfo(callerSecuritySession, &sid, |
| 1800 |
&sattrs); |
| 1801 |
if (err) |
| 1802 |
error("SessionGetInfo() failed with error %.8X", |
| 1803 |
(unsigned) err); |
| 1804 |
else |
| 1805 |
debug("New Session ID is %.8X / Session Attributes are %.8X", |
| 1806 |
(unsigned) sid, (unsigned) sattrs); |
| 1807 |
} |
| 1808 |
} |
| 1809 |
#endif |
| 1752 |
|
1810 |
|
| 1753 |
/* |
1811 |
/* |
| 1754 |
* We don't want to listen forever unless the other side |
1812 |
* We don't want to listen forever unless the other side |