1 diff -urN openssh-3.9p1.org/Makefile.in openssh-3.9p1/Makefile.in
2 --- openssh-3.9p1.org/Makefile.in 2004-08-17 19:03:29.052607640 +0200
3 +++ openssh-3.9p1/Makefile.in 2004-08-17 19:07:48.572154672 +0200
9 +CFLAGS=@CFLAGS@ -DWITH_SELINUX
10 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
14 $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
16 sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
17 - $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS)
18 + $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS) -lselinux
20 scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
21 $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
22 diff -urN openssh-3.9p1.org/session.c openssh-3.9p1/session.c
23 --- openssh-3.9p1.org/session.c 2004-08-17 19:03:29.189586816 +0200
24 +++ openssh-3.9p1/session.c 2004-08-17 19:07:48.559156648 +0200
30 +#include <selinux/get_context_list.h>
31 +#include <selinux/selinux.h>
36 Session *session_new(void);
37 @@ -1304,6 +1309,18 @@
39 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
40 fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
42 + if (is_selinux_enabled()>0)
44 + security_context_t scontext;
45 + if (get_default_context(pw->pw_name,NULL,&scontext))
46 + fatal("Failed to get default security context for %s.", pw->pw_name);
47 + if (setexeccon(scontext)) {
48 + fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
56 diff -urN openssh-3.9p1.org/sshpty.c openssh-3.9p1/sshpty.c
57 --- openssh-3.9p1.org/sshpty.c 2004-08-17 19:03:29.219582256 +0200
58 +++ openssh-3.9p1/sshpty.c 2004-08-17 19:15:00.180540224 +0200
64 +#include <selinux/flask.h>
65 +#include <selinux/get_context_list.h>
66 +#include <selinux/selinux.h>
73 * Warn but continue if filesystem is read-only and the uids match/
74 * tty is owned by root.
77 + if (is_selinux_enabled()>0) {
78 + security_context_t new_tty_context=NULL,
80 + old_tty_context=NULL;
81 + if (get_default_context(pw->pw_name,NULL,&user_context))
82 + fatal("Failed to get default security context for %s.", pw->pw_name);
84 + if (getfilecon(tty, &old_tty_context)<0) {
85 + error("getfilecon(%.100s) failed: %.100s", tty, strerror(errno));
87 + if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) {
88 + error("security_compute_relabel(%.100s) failed: %.100s", tty, strerror(errno));
90 + if (setfilecon (tty, new_tty_context) != 0) {
91 + error("setfilecon(%.100s, %s) failed: %.100s",
92 + tty, new_tty_context, strerror(errno));
94 + freecon(new_tty_context);
96 + freecon(old_tty_context);
98 + freecon(user_context);
103 fatal("stat(%.100s) failed: %.100s", tty,
106 tty, (u_int)mode, strerror(errno));