---- openssh-3.6.1p2/session.c.selinux 2003-10-13 10:22:17.975083901 -0400
-+++ openssh-3.6.1p2/session.c 2003-10-13 10:22:34.399253449 -0400
-@@ -58,6 +58,11 @@
- #include "session.h"
- #include "monitor_wrap.h"
-
-+#ifdef WITH_SELINUX
-+#include <selinux/get_context_list.h>
-+#include <selinux/selinux.h>
-+#endif
-+
- #ifdef HAVE_CYGWIN
- #include <windows.h>
- #include <sys/cygwin.h>
-@@ -1268,6 +1273,18 @@
- #endif
- if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
- fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
-+#ifdef WITH_SELINUX
-+ if (is_selinux_enabled())
-+ {
-+ security_context_t scontext;
-+ if (get_default_context(pw->pw_name,NULL,&scontext))
-+ fatal("Failed to get default security context for %s.", pw->pw_name);
-+ if (setexeccon(scontext)) {
-+ fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
-+ }
-+ freecon(scontext);
-+ }
-+#endif
- }
-
- static void
---- openssh-3.6.1p2/sshpty.c.selinux 2003-02-23 19:54:10.000000000 -0500
-+++ openssh-3.6.1p2/sshpty.c 2003-10-13 10:22:18.079072312 -0400
-@@ -22,6 +22,12 @@
- #include "log.h"
- #include "misc.h"
-
-+#ifdef WITH_SELINUX
-+#include <selinux/flask.h>
-+#include <selinux/get_context_list.h>
-+#include <selinux/selinux.h>
-+#endif
-+
- /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
- #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
- #undef HAVE_DEV_PTMX
-@@ -386,6 +392,37 @@
- * Warn but continue if filesystem is read-only and the uids match/
- * tty is owned by root.
- */
-+#ifdef WITH_SELINUX
-+ if (is_selinux_enabled()) {
-+ security_context_t new_tty_context=NULL,
-+ user_context=NULL, old_tty_context=NULL;
-+
-+ if (get_default_context(pw->pw_name,NULL,&user_context))
-+ fatal("Failed to get default security context for %s.", pw->pw_name);
-+
-+ if (getfilecon(ttyname, &old_tty_context)<0) {
-+ error("getfilecon(%.100s) failed: %.100s", ttyname,
-+ strerror(errno));
-+ }
-+ else
-+ {
-+ if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) {
-+ error("security_compute_relabel(%.100s) failed: %.100s", ttyname,
-+ strerror(errno));
-+ }
-+ else
-+ {
-+ if (setfilecon (ttyname, new_tty_context) != 0) {
-+ error("setfilecon(%.100s, %s) failed: %.100s",
-+ ttyname, new_tty_context, strerror(errno));
-+ }
-+ freecon(new_tty_context);
-+ }
-+ freecon(old_tty_context);
-+ }
-+ freecon(user_context);
-+ }
-+#endif
- if (stat(ttyname, &st))
- fatal("stat(%.100s) failed: %.100s", ttyname,
- strerror(errno));
-@@ -415,4 +452,5 @@
- ttyname, mode, strerror(errno));
- }
+--- openssh-4.4p1/openbsd-compat/port-linux.c.orig 2006-09-01 07:38:41.000000000 +0200
++++ openssh-4.4p1/openbsd-compat/port-linux.c 2006-10-05 10:21:21.445971000 +0200
+@@ -42,7 +42,7 @@
+ static int enabled = -1;
+
+ if (enabled == -1) {
+- enabled = is_selinux_enabled();
++ enabled = (is_selinux_enabled() > 0);
+ debug("SELinux support %s", enabled ? "enabled" : "disabled");
}
-+
- }
---- openssh-3.6.1p2/Makefile.in.selinux 2003-04-29 05:12:08.000000000 -0400
-+++ openssh-3.6.1p2/Makefile.in 2003-10-13 10:22:18.080072200 -0400
-@@ -40,7 +40,7 @@
-
- CC=@CC@
- LD=@LD@
--CFLAGS=@CFLAGS@
-+CFLAGS=@CFLAGS@ -DWITH_SELINUX
- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
- LIBS=@LIBS@
- LIBPAM=@LIBPAM@
-@@ -52,7 +52,7 @@
- SED=@SED@
- ENT=@ENT@
- XAUTH_PATH=@XAUTH_PATH@
--LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
-+LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ -lselinux
- EXEEXT=@EXEEXT@
- INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
projects / packages / openssh.git / blobdiff