Add "-M" argument to id(1), which permits the id command to be used

to print the MAC label of the current process.  "-M" selected as that's
what is used in Trusted IRIX.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
This commit is contained in:
rwatson 2004-05-03 22:50:23 +00:00
parent 15b2afd48d
commit bbf5b43ff8
2 changed files with 46 additions and 3 deletions

View File

@ -48,6 +48,8 @@
.Fl G Op Fl n
.Op Ar user
.Nm
.Fl M
.Nm
.Fl P
.Op Ar user
.Nm
@ -78,6 +80,8 @@ The options are as follows:
.It Fl G
Display the different group IDs (effective, real and supplementary)
as white-space separated numbers, in no particular order.
.It Fl M
Display the MAC label of the current prorcess.
.It Fl P
Display the id as a password file entry.
.It Fl g

View File

@ -46,8 +46,10 @@ static char sccsid[] = "@(#)id.c 8.2 (Berkeley) 2/16/94";
__FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/mac.h>
#include <err.h>
#include <errno.h>
#include <grp.h>
#include <pwd.h>
#include <stdio.h>
@ -59,6 +61,7 @@ void current(void);
void pline(struct passwd *);
void pretty(struct passwd *);
void group(struct passwd *, int);
void maclabel(void);
void usage(void);
void user(struct passwd *);
struct passwd *
@ -71,10 +74,10 @@ main(int argc, char *argv[])
{
struct group *gr;
struct passwd *pw;
int Gflag, Pflag, ch, gflag, id, nflag, pflag, rflag, uflag;
int Gflag, Mflag, Pflag, ch, gflag, id, nflag, pflag, rflag, uflag;
const char *myname;
Gflag = Pflag = gflag = nflag = pflag = rflag = uflag = 0;
Gflag = Mflag = Pflag = gflag = nflag = pflag = rflag = uflag = 0;
myname = strrchr(argv[0], '/');
myname = (myname != NULL) ? myname + 1 : argv[0];
@ -88,11 +91,14 @@ main(int argc, char *argv[])
}
while ((ch = getopt(argc, argv,
(isgroups || iswhoami) ? "" : "PGgnpru")) != -1)
(isgroups || iswhoami) ? "" : "PGMgnpru")) != -1)
switch(ch) {
case 'G':
Gflag = 1;
break;
case 'M':
Mflag = 1;
break;
case 'P':
Pflag = 1;
break;
@ -134,6 +140,9 @@ main(int argc, char *argv[])
pw = *argv ? who(*argv) : NULL;
if (Mflag && pw != NULL)
usage();
if (gflag) {
id = pw ? pw->pw_gid : rflag ? getgid() : getegid();
if (nflag && (gr = getgrgid(id)))
@ -157,6 +166,11 @@ main(int argc, char *argv[])
exit(0);
}
if (Mflag) {
maclabel();
exit(0);
}
if (Pflag) {
pline(pw);
exit(0);
@ -317,6 +331,30 @@ group(struct passwd *pw, int nflag)
(void)printf("\n");
}
void
maclabel(void)
{
char *string;
mac_t label;
int error;
error = mac_prepare_process_label(&label);
if (error == -1)
errx(1, "mac_prepare_type: %s", strerror(errno));
error = mac_get_proc(label);
if (error == -1)
errx(1, "mac_get_proc: %s", strerror(errno));
error = mac_to_text(label, &string);
if (error == -1)
errx(1, "mac_to_text: %s", strerror(errno));
(void)printf("%s\n", string);
mac_free(label);
free(string);
}
struct passwd *
who(char *u)
{
@ -366,6 +404,7 @@ usage(void)
(void)fprintf(stderr, "%s\n%s\n%s\n%s\n%s\n%s\n",
"usage: id [user]",
" id -G [-n] [user]",
" id -M",
" id -P [user]",
" id -g [-nr] [user]",
" id -p [user]",