]>
Commit | Line | Data |
---|---|---|
03ad15b9 AM |
1 | --- openssh-3.6.1p2/session.c.selinux 2003-10-13 10:22:17.975083901 -0400 |
2 | +++ openssh-3.6.1p2/session.c 2003-10-13 10:22:34.399253449 -0400 | |
3 | @@ -58,6 +58,11 @@ | |
4 | #include "session.h" | |
5 | #include "monitor_wrap.h" | |
6 | ||
7 | +#ifdef WITH_SELINUX | |
8 | +#include <selinux/get_context_list.h> | |
9 | +#include <selinux/selinux.h> | |
10 | +#endif | |
11 | + | |
12 | #ifdef HAVE_CYGWIN | |
13 | #include <windows.h> | |
14 | #include <sys/cygwin.h> | |
15 | @@ -1268,6 +1273,18 @@ | |
16 | #endif | |
17 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) | |
18 | fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); | |
19 | +#ifdef WITH_SELINUX | |
20 | + if (is_selinux_enabled()) | |
21 | + { | |
22 | + security_context_t scontext; | |
23 | + if (get_default_context(pw->pw_name,NULL,&scontext)) | |
24 | + fatal("Failed to get default security context for %s.", pw->pw_name); | |
25 | + if (setexeccon(scontext)) { | |
26 | + fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name); | |
27 | + } | |
28 | + freecon(scontext); | |
29 | + } | |
30 | +#endif | |
31 | } | |
32 | ||
33 | static void | |
34 | --- openssh-3.6.1p2/sshpty.c.selinux 2003-02-23 19:54:10.000000000 -0500 | |
35 | +++ openssh-3.6.1p2/sshpty.c 2003-10-13 10:22:18.079072312 -0400 | |
36 | @@ -22,6 +22,12 @@ | |
37 | #include "log.h" | |
38 | #include "misc.h" | |
39 | ||
40 | +#ifdef WITH_SELINUX | |
41 | +#include <selinux/flask.h> | |
42 | +#include <selinux/get_context_list.h> | |
43 | +#include <selinux/selinux.h> | |
44 | +#endif | |
45 | + | |
46 | /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */ | |
47 | #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY) | |
48 | #undef HAVE_DEV_PTMX | |
49 | @@ -386,6 +392,37 @@ | |
50 | * Warn but continue if filesystem is read-only and the uids match/ | |
51 | * tty is owned by root. | |
52 | */ | |
53 | +#ifdef WITH_SELINUX | |
54 | + if (is_selinux_enabled()) { | |
55 | + security_context_t new_tty_context=NULL, | |
56 | + user_context=NULL, old_tty_context=NULL; | |
57 | + | |
58 | + if (get_default_context(pw->pw_name,NULL,&user_context)) | |
59 | + fatal("Failed to get default security context for %s.", pw->pw_name); | |
60 | + | |
61 | + if (getfilecon(ttyname, &old_tty_context)<0) { | |
62 | + error("getfilecon(%.100s) failed: %.100s", ttyname, | |
63 | + strerror(errno)); | |
64 | + } | |
65 | + else | |
66 | + { | |
67 | + if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) { | |
68 | + error("security_compute_relabel(%.100s) failed: %.100s", ttyname, | |
69 | + strerror(errno)); | |
70 | + } | |
71 | + else | |
72 | + { | |
73 | + if (setfilecon (ttyname, new_tty_context) != 0) { | |
74 | + error("setfilecon(%.100s, %s) failed: %.100s", | |
75 | + ttyname, new_tty_context, strerror(errno)); | |
76 | + } | |
77 | + freecon(new_tty_context); | |
78 | + } | |
79 | + freecon(old_tty_context); | |
80 | + } | |
81 | + freecon(user_context); | |
82 | + } | |
83 | +#endif | |
84 | if (stat(ttyname, &st)) | |
85 | fatal("stat(%.100s) failed: %.100s", ttyname, | |
86 | strerror(errno)); | |
87 | @@ -415,4 +452,5 @@ | |
88 | ttyname, mode, strerror(errno)); | |
89 | } | |
90 | } | |
91 | + | |
92 | } | |
93 | --- openssh-3.6.1p2/Makefile.in.selinux 2003-04-29 05:12:08.000000000 -0400 | |
94 | +++ openssh-3.6.1p2/Makefile.in 2003-10-13 10:22:18.080072200 -0400 | |
95 | @@ -40,7 +40,7 @@ | |
96 | ||
97 | CC=@CC@ | |
98 | LD=@LD@ | |
99 | -CFLAGS=@CFLAGS@ | |
100 | +CFLAGS=@CFLAGS@ -DWITH_SELINUX | |
101 | CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ | |
102 | LIBS=@LIBS@ | |
103 | LIBPAM=@LIBPAM@ | |
104 | @@ -52,7 +52,7 @@ | |
105 | SED=@SED@ | |
106 | ENT=@ENT@ | |
107 | XAUTH_PATH=@XAUTH_PATH@ | |
108 | -LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ | |
109 | +LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ -lselinux | |
110 | EXEEXT=@EXEEXT@ | |
111 | ||
112 | INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ |