From 03ad15b9152d7253b637de4db978fe362feda6ae Mon Sep 17 00:00:00 2001
From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= <arekm@maven.pl>
Date: Fri, 26 Dec 2003 19:03:11 +0000
Subject: [PATCH] - new

Changed files:
    openssh-selinux.patch -> 1.1
---
 openssh-selinux.patch | 112 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 112 insertions(+)
 create mode 100644 openssh-selinux.patch

diff --git a/openssh-selinux.patch b/openssh-selinux.patch
new file mode 100644
index 0000000..119a27d
--- /dev/null
+++ b/openssh-selinux.patch
@@ -0,0 +1,112 @@
+--- openssh-3.6.1p2/session.c.selinux	2003-10-13 10:22:17.975083901 -0400
++++ openssh-3.6.1p2/session.c	2003-10-13 10:22:34.399253449 -0400
+@@ -58,6 +58,11 @@
+ #include "session.h"
+ #include "monitor_wrap.h"
+ 
++#ifdef WITH_SELINUX
++#include <selinux/get_context_list.h>
++#include <selinux/selinux.h>
++#endif
++
+ #ifdef HAVE_CYGWIN
+ #include <windows.h>
+ #include <sys/cygwin.h>
+@@ -1268,6 +1273,18 @@
+ #endif
+ 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
+ 		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
++#ifdef WITH_SELINUX
++	if (is_selinux_enabled())
++	  {
++	    security_context_t scontext;
++	    if (get_default_context(pw->pw_name,NULL,&scontext))
++	      fatal("Failed to get default security context for %s.", pw->pw_name);
++	    if (setexeccon(scontext)) {
++	      fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
++	    }
++	    freecon(scontext);
++	  }
++#endif
+ }
+ 
+ static void
+--- openssh-3.6.1p2/sshpty.c.selinux	2003-02-23 19:54:10.000000000 -0500
++++ openssh-3.6.1p2/sshpty.c	2003-10-13 10:22:18.079072312 -0400
+@@ -22,6 +22,12 @@
+ #include "log.h"
+ #include "misc.h"
+ 
++#ifdef WITH_SELINUX
++#include <selinux/flask.h>
++#include <selinux/get_context_list.h>
++#include <selinux/selinux.h>
++#endif
++
+ /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
+ #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
+ #undef HAVE_DEV_PTMX
+@@ -386,6 +392,37 @@
+ 	 * Warn but continue if filesystem is read-only and the uids match/
+ 	 * tty is owned by root.
+ 	 */
++#ifdef WITH_SELINUX
++	if (is_selinux_enabled()) {
++	  security_context_t 	  new_tty_context=NULL,
++	    user_context=NULL, old_tty_context=NULL; 
++
++	  if (get_default_context(pw->pw_name,NULL,&user_context))
++	      fatal("Failed to get default security context for %s.", pw->pw_name);
++
++	  if (getfilecon(ttyname, &old_tty_context)<0) {
++	    error("getfilecon(%.100s) failed: %.100s", ttyname,
++		  strerror(errno));
++	  }
++	  else 
++	    {
++	      if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) {
++		error("security_compute_relabel(%.100s) failed: %.100s", ttyname,
++		      strerror(errno));
++	      } 
++	      else 
++		{
++		  if (setfilecon (ttyname, new_tty_context) != 0) {
++		    error("setfilecon(%.100s, %s) failed: %.100s",
++			  ttyname, new_tty_context, strerror(errno));
++		  }
++		  freecon(new_tty_context);
++		}
++	      freecon(old_tty_context);
++	    }
++	  freecon(user_context);
++	}
++#endif
+ 	if (stat(ttyname, &st))
+ 		fatal("stat(%.100s) failed: %.100s", ttyname,
+ 		    strerror(errno));
+@@ -415,4 +452,5 @@
+ 				    ttyname, mode, strerror(errno));
+ 		}
+ 	}
++
+ }
+--- openssh-3.6.1p2/Makefile.in.selinux	2003-04-29 05:12:08.000000000 -0400
++++ openssh-3.6.1p2/Makefile.in	2003-10-13 10:22:18.080072200 -0400
+@@ -40,7 +40,7 @@
+ 
+ CC=@CC@
+ LD=@LD@
+-CFLAGS=@CFLAGS@
++CFLAGS=@CFLAGS@ -DWITH_SELINUX
+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
+ LIBPAM=@LIBPAM@
+@@ -52,7 +52,7 @@
+ SED=@SED@
+ ENT=@ENT@
+ XAUTH_PATH=@XAUTH_PATH@
+-LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
++LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ -lselinux 
+ EXEEXT=@EXEEXT@
+ 
+ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
-- 
2.44.0