[packages/openssh.git] / openssh-selinux-pld.patch

diff -urN openssh-3.9p1.org/session.c openssh-3.9p1/session.c
--- openssh-3.9p1.org/session.c	2004-08-17 19:17:21.188103816 +0200
+++ openssh-3.9p1/session.c	2004-08-17 19:21:15.548475624 +0200
@@ -1310,15 +1310,23 @@
 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
 		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
 #ifdef WITH_SELINUX
-	if (is_selinux_enabled()>0)
+	if (is_selinux_enabled() > 0)
 	  {
 	    security_context_t scontext;
-	    if (get_default_context(pw->pw_name,NULL,&scontext))
-	      fatal("Failed to get default security context for %s.", pw->pw_name);
-	    if (setexeccon(scontext)) {
-	      fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
+	    if (get_default_context(pw->pw_name,NULL,&scontext)) {
+	      if (security_getenforce() > 0)
+    		  fatal("Failed to get default security context for %s.", pw->pw_name);
+	      else
+		  error("Failed to get default security context for %s (SELinux in permissive mode, continuing).", pw->pw_name);
+	    } else {
+    		if (setexeccon(scontext)) {
+      		    if (security_getenforce() > 0)
+			fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
+		    else
+			error("Failed to set exec security context %s for %s (SELinux in permissive mode, continuing).", scontext, pw->pw_name);
+    		}
+    		freecon(scontext);
 	    }
-	    freecon(scontext);
 	  }
 #endif
 }
diff -urN openssh-3.9p1.org/sshpty.c openssh-3.9p1/sshpty.c
--- openssh-3.9p1.org/sshpty.c	2004-08-17 19:17:21.189103664 +0200
+++ openssh-3.9p1/sshpty.c	2004-08-17 19:20:59.265950944 +0200
@@ -207,8 +207,12 @@
 		security_context_t	new_tty_context=NULL,
 					user_context=NULL,
 					old_tty_context=NULL;
-		if (get_default_context(pw->pw_name,NULL,&user_context))
-			fatal("Failed to get default security context for %s.", pw->pw_name);
+		if (get_default_context(pw->pw_name,NULL,&user_context)) {
+			if (security_getenforce() > 0)
+			 	fatal("Failed to get default security context for %s.", pw->pw_name);
+			else
+				error("Failed to get default security context for %s (SELinux in permissive mode, continuing).", pw->pw_name);
+		} else {
 	
 		if (getfilecon(tty, &old_tty_context)<0) {
 			error("getfilecon(%.100s) failed: %.100s", tty, strerror(errno));
@@ -225,6 +229,7 @@
 			freecon(old_tty_context);
 		}
 		freecon(user_context);
+		}
 	}
 #endif
Commit	Line	Data
99b5700c AM	1	diff -urN openssh-3.9p1.org/session.c openssh-3.9p1/session.c
	2	--- openssh-3.9p1.org/session.c 2004-08-17 19:17:21.188103816 +0200
	3	+++ openssh-3.9p1/session.c 2004-08-17 19:21:15.548475624 +0200
	4	@@ -1310,15 +1310,23 @@
424d4b74 AM	5	if (getuid() != pw->pw_uid \|\| geteuid() != pw->pw_uid)
	6	fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
	7	#ifdef WITH_SELINUX
c228aa77	8	- if (is_selinux_enabled()>0)
424d4b74 AM	9	+ if (is_selinux_enabled() > 0)
	10	{
	11	security_context_t scontext;
	12	- if (get_default_context(pw->pw_name,NULL,&scontext))
	13	- fatal("Failed to get default security context for %s.", pw->pw_name);
	14	- if (setexeccon(scontext)) {
	15	- fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
	16	+ if (get_default_context(pw->pw_name,NULL,&scontext)) {
99b5700c	17	+ if (security_getenforce() > 0)
424d4b74 AM	18	+ fatal("Failed to get default security context for %s.", pw->pw_name);
	19	+ else
	20	+ error("Failed to get default security context for %s (SELinux in permissive mode, continuing).", pw->pw_name);
	21	+ } else {
	22	+ if (setexeccon(scontext)) {
99b5700c	23	+ if (security_getenforce() > 0)
424d4b74 AM	24	+ fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
	25	+ else
	26	+ error("Failed to set exec security context %s for %s (SELinux in permissive mode, continuing).", scontext, pw->pw_name);
	27	+ }
	28	+ freecon(scontext);
	29	}
	30	- freecon(scontext);
	31	}
	32	#endif
	33	}
99b5700c AM	34	diff -urN openssh-3.9p1.org/sshpty.c openssh-3.9p1/sshpty.c
	35	--- openssh-3.9p1.org/sshpty.c 2004-08-17 19:17:21.189103664 +0200
	36	+++ openssh-3.9p1/sshpty.c 2004-08-17 19:20:59.265950944 +0200
	37	@@ -207,8 +207,12 @@
	38	security_context_t new_tty_context=NULL,
	39	user_context=NULL,
	40	old_tty_context=NULL;
	41	- if (get_default_context(pw->pw_name,NULL,&user_context))
	42	- fatal("Failed to get default security context for %s.", pw->pw_name);
	43	+ if (get_default_context(pw->pw_name,NULL,&user_context)) {
	44	+ if (security_getenforce() > 0)
	45	+ fatal("Failed to get default security context for %s.", pw->pw_name);
	46	+ else
	47	+ error("Failed to get default security context for %s (SELinux in permissive mode, continuing).", pw->pw_name);
	48	+ } else {
	49
	50	if (getfilecon(tty, &old_tty_context)<0) {
	51	error("getfilecon(%.100s) failed: %.100s", tty, strerror(errno));
	52	@@ -225,6 +229,7 @@
	53	freecon(old_tty_context);
	54	}
	55	freecon(user_context);
	56	+ }
424d4b74 AM	57	}
424d4b74 AM	58	#endif
99b5700c	59