From 71adf127e834e215017b22d61cb4cd4b75cf8ddc Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 25 Jan 2011 12:16:15 +1100 Subject: [PATCH] - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to port-linux.c to avoid compilation errors. Add -lselinux to ssh when building with SELinux support to avoid linking failure; report from amk AT spamfence.net; ok dtucker --- ChangeLog | 7 +++++++ Makefile.in | 5 +++-- configure.ac | 12 ++++++++---- openbsd-compat/port-linux.c | 16 +++++++++++++++- openbsd-compat/port-linux.h | 3 ++- ssh.c | 7 ++----- 6 files changed, 37 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0356a33c5..6d2375a33 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20110125 + - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c + openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to + port-linux.c to avoid compilation errors. Add -lselinux to ssh when + building with SELinux support to avoid linking failure; report from + amk AT spamfence.net; ok dtucker + 20110122 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add RSA_get_default_method() for the benefit of openssl versions that don't diff --git a/Makefile.in b/Makefile.in index 77a78aa61..d0263779b 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.320 2011/01/17 10:15:29 dtucker Exp $ +# $Id: Makefile.in,v 1.321 2011/01/25 01:16:16 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -46,6 +46,7 @@ LD=@LD@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ LIBS=@LIBS@ +SSHLIBS=@SSHLIBS@ SSHDLIBS=@SSHDLIBS@ LIBEDIT=@LIBEDIT@ AR=@AR@ @@ -142,7 +143,7 @@ libssh.a: $(LIBSSH_OBJS) $(RANLIB) $@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) - $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) diff --git a/configure.ac b/configure.ac index 769e83594..0c46aebeb 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $ +# $Id: configure.ac,v 1.470 2011/01/25 01:16:17 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.469 $) +AC_REVISION($Revision: 1.470 $) AC_CONFIG_SRCDIR([ssh.c]) # local macros @@ -737,7 +737,6 @@ mips-sony-bsd|mips-sony-newsos4) [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1, [Define if you have Solaris process contracts]) SSHDLIBS="$SSHDLIBS -lcontract" - AC_SUBST(SSHDLIBS) SPC_MSG="yes" ], ) ], ) @@ -748,7 +747,6 @@ mips-sony-bsd|mips-sony-newsos4) [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1, [Define if you have Solaris projects]) SSHDLIBS="$SSHDLIBS -lproject" - AC_SUBST(SSHDLIBS) SP_MSG="yes" ], ) ], ) @@ -3515,11 +3513,14 @@ AC_ARG_WITH(selinux, LIBS="$LIBS -lselinux" ], AC_MSG_ERROR(SELinux support requires libselinux library)) + SSHLIBS="$SSHLIBS $LIBSELINUX" SSHDLIBS="$SSHDLIBS $LIBSELINUX" AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) LIBS="$save_LIBS" fi ] ) +AC_SUBST(SSHLIBS) +AC_SUBST(SSHDLIBS) # Check whether user wants Kerberos 5 support KRB5_MSG="no" @@ -4341,6 +4342,9 @@ echo " Libraries: ${LIBS}" if test ! -z "${SSHDLIBS}"; then echo " +for sshd: ${SSHDLIBS}" fi +if test ! -z "${SSHLIBS}"; then +echo " +for ssh: ${SSHLIBS}" +fi echo "" diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index 5b1cf402c..b152efc29 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.11 2011/01/17 07:50:24 dtucker Exp $ */ +/* $Id: port-linux.c,v 1.12 2011/01/25 01:16:18 djm Exp $ */ /* * Copyright (c) 2005 Daniel Walsh @@ -205,6 +205,20 @@ ssh_selinux_change_context(const char *newname) xfree(oldctx); xfree(newctx); } + +void +ssh_selinux_setfscreatecon(const char *path) +{ + security_context_t context; + + if (path == NULL) { + setfscreatecon(NULL); + return; + } + matchpathcon(path, 0700, &context); + setfscreatecon(context); +} + #endif /* WITH_SELINUX */ #ifdef LINUX_OOM_ADJUST diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h index 209d9a7a2..e3d1004aa 100644 --- a/openbsd-compat/port-linux.h +++ b/openbsd-compat/port-linux.h @@ -1,4 +1,4 @@ -/* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */ +/* $Id: port-linux.h,v 1.5 2011/01/25 01:16:18 djm Exp $ */ /* * Copyright (c) 2006 Damien Miller @@ -24,6 +24,7 @@ int ssh_selinux_enabled(void); void ssh_selinux_setup_pty(char *, const char *); void ssh_selinux_setup_exec_context(char *); void ssh_selinux_change_context(const char *); +void ssh_selinux_setfscreatecon(const char *); #endif #ifdef LINUX_OOM_ADJUST diff --git a/ssh.c b/ssh.c index 9409fa713..d32ef78b0 100644 --- a/ssh.c +++ b/ssh.c @@ -852,15 +852,12 @@ main(int ac, char **av) strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { #ifdef WITH_SELINUX - char *scon; - - matchpathcon(buf, 0700, &scon); - setfscreatecon(scon); + ssh_selinux_setfscreatecon(buf); #endif if (mkdir(buf, 0700) < 0) error("Could not create directory '%.200s'.", buf); #ifdef WITH_SELINUX - setfscreatecon(NULL); + ssh_selinux_setfscreatecon(NULL); #endif } /* load options.identity_files */