[packages/openssh.git] / openssh-selinux.patch

--- openssh-3.6.1p2/session.c.selinux	2003-10-13 10:22:17.975083901 -0400
+++ openssh-3.6.1p2/session.c	2003-10-13 10:22:34.399253449 -0400
@@ -58,6 +58,11 @@
 #include "session.h"
 #include "monitor_wrap.h"
 
+#ifdef WITH_SELINUX
+#include <selinux/get_context_list.h>
+#include <selinux/selinux.h>
+#endif
+
 #ifdef HAVE_CYGWIN
 #include <windows.h>
 #include <sys/cygwin.h>
@@ -1268,6 +1273,18 @@
 #endif
 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
 		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
+#ifdef WITH_SELINUX
+	if (is_selinux_enabled())
+	  {
+	    security_context_t scontext;
+	    if (get_default_context(pw->pw_name,NULL,&scontext))
+	      fatal("Failed to get default security context for %s.", pw->pw_name);
+	    if (setexeccon(scontext)) {
+	      fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
+	    }
+	    freecon(scontext);
+	  }
+#endif
 }
 
 static void
--- openssh-3.6.1p2/sshpty.c.selinux	2003-02-23 19:54:10.000000000 -0500
+++ openssh-3.6.1p2/sshpty.c	2003-10-13 10:22:18.079072312 -0400
@@ -22,6 +22,12 @@
 #include "log.h"
 #include "misc.h"
 
+#ifdef WITH_SELINUX
+#include <selinux/flask.h>
+#include <selinux/get_context_list.h>
+#include <selinux/selinux.h>
+#endif
+
 /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
 #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
 #undef HAVE_DEV_PTMX
@@ -386,6 +392,37 @@
 	 * Warn but continue if filesystem is read-only and the uids match/
 	 * tty is owned by root.
 	 */
+#ifdef WITH_SELINUX
+	if (is_selinux_enabled()) {
+	  security_context_t 	  new_tty_context=NULL,
+	    user_context=NULL, old_tty_context=NULL; 
+
+	  if (get_default_context(pw->pw_name,NULL,&user_context))
+	      fatal("Failed to get default security context for %s.", pw->pw_name);
+
+	  if (getfilecon(ttyname, &old_tty_context)<0) {
+	    error("getfilecon(%.100s) failed: %.100s", ttyname,
+		  strerror(errno));
+	  }
+	  else 
+	    {
+	      if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) {
+		error("security_compute_relabel(%.100s) failed: %.100s", ttyname,
+		      strerror(errno));
+	      } 
+	      else 
+		{
+		  if (setfilecon (ttyname, new_tty_context) != 0) {
+		    error("setfilecon(%.100s, %s) failed: %.100s",
+			  ttyname, new_tty_context, strerror(errno));
+		  }
+		  freecon(new_tty_context);
+		}
+	      freecon(old_tty_context);
+	    }
+	  freecon(user_context);
+	}
+#endif
 	if (stat(ttyname, &st))
 		fatal("stat(%.100s) failed: %.100s", ttyname,
 		    strerror(errno));
@@ -415,4 +452,5 @@
 				    ttyname, mode, strerror(errno));
 		}
 	}
+
 }
--- openssh-3.6.1p2/Makefile.in.selinux	2003-04-29 05:12:08.000000000 -0400
+++ openssh-3.6.1p2/Makefile.in	2003-10-13 10:22:18.080072200 -0400
@@ -40,7 +40,7 @@
 
 CC=@CC@
 LD=@LD@
-CFLAGS=@CFLAGS@
+CFLAGS=@CFLAGS@ -DWITH_SELINUX
 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
 LIBS=@LIBS@
 LIBPAM=@LIBPAM@
@@ -52,7 +52,7 @@
 SED=@SED@
 ENT=@ENT@
 XAUTH_PATH=@XAUTH_PATH@
-LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
+LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ -lselinux 
 EXEEXT=@EXEEXT@
 
 INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
Commit	Line	Data
03ad15b9 AM	1	--- openssh-3.6.1p2/session.c.selinux 2003-10-13 10:22:17.975083901 -0400
	2	+++ openssh-3.6.1p2/session.c 2003-10-13 10:22:34.399253449 -0400
	3	@@ -58,6 +58,11 @@
	4	#include "session.h"
	5	#include "monitor_wrap.h"
	6
	7	+#ifdef WITH_SELINUX
	8	+#include <selinux/get_context_list.h>
	9	+#include <selinux/selinux.h>
	10	+#endif
	11	+
	12	#ifdef HAVE_CYGWIN
	13	#include <windows.h>
	14	#include <sys/cygwin.h>
	15	@@ -1268,6 +1273,18 @@
	16	#endif
	17	if (getuid() != pw->pw_uid \|\| geteuid() != pw->pw_uid)
	18	fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
	19	+#ifdef WITH_SELINUX
	20	+ if (is_selinux_enabled())
	21	+ {
	22	+ security_context_t scontext;
	23	+ if (get_default_context(pw->pw_name,NULL,&scontext))
	24	+ fatal("Failed to get default security context for %s.", pw->pw_name);
	25	+ if (setexeccon(scontext)) {
	26	+ fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
	27	+ }
	28	+ freecon(scontext);
	29	+ }
	30	+#endif
	31	}
	32
	33	static void
	34	--- openssh-3.6.1p2/sshpty.c.selinux 2003-02-23 19:54:10.000000000 -0500
	35	+++ openssh-3.6.1p2/sshpty.c 2003-10-13 10:22:18.079072312 -0400
	36	@@ -22,6 +22,12 @@
	37	#include "log.h"
	38	#include "misc.h"
	39
	40	+#ifdef WITH_SELINUX
	41	+#include <selinux/flask.h>
	42	+#include <selinux/get_context_list.h>
	43	+#include <selinux/selinux.h>
	44	+#endif
	45	+
	46	/* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
	47	#if defined(HAVE__GETPTY) \|\| defined(HAVE_OPENPTY)
	48	#undef HAVE_DEV_PTMX
	49	@@ -386,6 +392,37 @@
	50	* Warn but continue if filesystem is read-only and the uids match/
	51	* tty is owned by root.
	52	*/
	53	+#ifdef WITH_SELINUX
	54	+ if (is_selinux_enabled()) {
	55	+ security_context_t new_tty_context=NULL,
	56	+ user_context=NULL, old_tty_context=NULL;
	57	+
	58	+ if (get_default_context(pw->pw_name,NULL,&user_context))
	59	+ fatal("Failed to get default security context for %s.", pw->pw_name);
	60	+
	61	+ if (getfilecon(ttyname, &old_tty_context)<0) {
	62	+ error("getfilecon(%.100s) failed: %.100s", ttyname,
	63	+ strerror(errno));
	64	+ }
65	+ else
66	+ {
67	+ if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) {
68	+ error("security_compute_relabel(%.100s) failed: %.100s", ttyname,
69	+ strerror(errno));
70	+ }
71	+ else
72	+ {
73	+ if (setfilecon (ttyname, new_tty_context) != 0) {
74	+ error("setfilecon(%.100s, %s) failed: %.100s",
75	+ ttyname, new_tty_context, strerror(errno));
76	+ }
77	+ freecon(new_tty_context);
78	+ }
79	+ freecon(old_tty_context);
80	+ }
81	+ freecon(user_context);
82	+ }
83	+#endif
84	if (stat(ttyname, &st))
85	fatal("stat(%.100s) failed: %.100s", ttyname,
86	strerror(errno));
87	@@ -415,4 +452,5 @@
88	ttyname, mode, strerror(errno));
89	}
90	}
91	+
92	}
93	--- openssh-3.6.1p2/Makefile.in.selinux 2003-04-29 05:12:08.000000000 -0400
94	+++ openssh-3.6.1p2/Makefile.in 2003-10-13 10:22:18.080072200 -0400
95	@@ -40,7 +40,7 @@
96
97	CC=@CC@
98	LD=@LD@
99	-CFLAGS=@CFLAGS@
100	+CFLAGS=@CFLAGS@ -DWITH_SELINUX
101	CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
102	LIBS=@LIBS@
103	LIBPAM=@LIBPAM@
104	@@ -52,7 +52,7 @@
105	SED=@SED@
106	ENT=@ENT@
107	XAUTH_PATH=@XAUTH_PATH@
108	-LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
109	+LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ -lselinux
110	EXEEXT=@EXEEXT@
111
112	INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@