- (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to port-linux.c to avoid compilation errors. Add -lselinux to ssh when building with SELinux support to avoid linking failure; report from amk AT spamfence.net; ok dtucker
This commit is contained in:
parent
6f8f04b860
commit
71adf127e8
|
@ -1,3 +1,10 @@
|
||||||
|
20110125
|
||||||
|
- (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
|
||||||
|
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
|
||||||
|
port-linux.c to avoid compilation errors. Add -lselinux to ssh when
|
||||||
|
building with SELinux support to avoid linking failure; report from
|
||||||
|
amk AT spamfence.net; ok dtucker
|
||||||
|
|
||||||
20110122
|
20110122
|
||||||
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
|
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
|
||||||
RSA_get_default_method() for the benefit of openssl versions that don't
|
RSA_get_default_method() for the benefit of openssl versions that don't
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# $Id: Makefile.in,v 1.320 2011/01/17 10:15:29 dtucker Exp $
|
# $Id: Makefile.in,v 1.321 2011/01/25 01:16:16 djm Exp $
|
||||||
|
|
||||||
# uncomment if you run a non bourne compatable shell. Ie. csh
|
# uncomment if you run a non bourne compatable shell. Ie. csh
|
||||||
#SHELL = @SH@
|
#SHELL = @SH@
|
||||||
|
@ -46,6 +46,7 @@ LD=@LD@
|
||||||
CFLAGS=@CFLAGS@
|
CFLAGS=@CFLAGS@
|
||||||
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
|
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
|
||||||
LIBS=@LIBS@
|
LIBS=@LIBS@
|
||||||
|
SSHLIBS=@SSHLIBS@
|
||||||
SSHDLIBS=@SSHDLIBS@
|
SSHDLIBS=@SSHDLIBS@
|
||||||
LIBEDIT=@LIBEDIT@
|
LIBEDIT=@LIBEDIT@
|
||||||
AR=@AR@
|
AR=@AR@
|
||||||
|
@ -142,7 +143,7 @@ libssh.a: $(LIBSSH_OBJS)
|
||||||
$(RANLIB) $@
|
$(RANLIB) $@
|
||||||
|
|
||||||
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
|
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
|
||||||
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
|
||||||
|
|
||||||
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
|
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
|
||||||
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
|
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
|
||||||
|
|
12
configure.ac
12
configure.ac
|
@ -1,4 +1,4 @@
|
||||||
# $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $
|
# $Id: configure.ac,v 1.470 2011/01/25 01:16:17 djm Exp $
|
||||||
#
|
#
|
||||||
# Copyright (c) 1999-2004 Damien Miller
|
# Copyright (c) 1999-2004 Damien Miller
|
||||||
#
|
#
|
||||||
|
@ -15,7 +15,7 @@
|
||||||
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
|
|
||||||
AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
|
AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
|
||||||
AC_REVISION($Revision: 1.469 $)
|
AC_REVISION($Revision: 1.470 $)
|
||||||
AC_CONFIG_SRCDIR([ssh.c])
|
AC_CONFIG_SRCDIR([ssh.c])
|
||||||
|
|
||||||
# local macros
|
# local macros
|
||||||
|
@ -737,7 +737,6 @@ mips-sony-bsd|mips-sony-newsos4)
|
||||||
[ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
|
[ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
|
||||||
[Define if you have Solaris process contracts])
|
[Define if you have Solaris process contracts])
|
||||||
SSHDLIBS="$SSHDLIBS -lcontract"
|
SSHDLIBS="$SSHDLIBS -lcontract"
|
||||||
AC_SUBST(SSHDLIBS)
|
|
||||||
SPC_MSG="yes" ], )
|
SPC_MSG="yes" ], )
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
@ -748,7 +747,6 @@ mips-sony-bsd|mips-sony-newsos4)
|
||||||
[ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
|
[ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
|
||||||
[Define if you have Solaris projects])
|
[Define if you have Solaris projects])
|
||||||
SSHDLIBS="$SSHDLIBS -lproject"
|
SSHDLIBS="$SSHDLIBS -lproject"
|
||||||
AC_SUBST(SSHDLIBS)
|
|
||||||
SP_MSG="yes" ], )
|
SP_MSG="yes" ], )
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
@ -3515,11 +3513,14 @@ AC_ARG_WITH(selinux,
|
||||||
LIBS="$LIBS -lselinux"
|
LIBS="$LIBS -lselinux"
|
||||||
],
|
],
|
||||||
AC_MSG_ERROR(SELinux support requires libselinux library))
|
AC_MSG_ERROR(SELinux support requires libselinux library))
|
||||||
|
SSHLIBS="$SSHLIBS $LIBSELINUX"
|
||||||
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
|
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
|
||||||
AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
|
AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
|
||||||
LIBS="$save_LIBS"
|
LIBS="$save_LIBS"
|
||||||
fi ]
|
fi ]
|
||||||
)
|
)
|
||||||
|
AC_SUBST(SSHLIBS)
|
||||||
|
AC_SUBST(SSHDLIBS)
|
||||||
|
|
||||||
# Check whether user wants Kerberos 5 support
|
# Check whether user wants Kerberos 5 support
|
||||||
KRB5_MSG="no"
|
KRB5_MSG="no"
|
||||||
|
@ -4341,6 +4342,9 @@ echo " Libraries: ${LIBS}"
|
||||||
if test ! -z "${SSHDLIBS}"; then
|
if test ! -z "${SSHDLIBS}"; then
|
||||||
echo " +for sshd: ${SSHDLIBS}"
|
echo " +for sshd: ${SSHDLIBS}"
|
||||||
fi
|
fi
|
||||||
|
if test ! -z "${SSHLIBS}"; then
|
||||||
|
echo " +for ssh: ${SSHLIBS}"
|
||||||
|
fi
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $Id: port-linux.c,v 1.11 2011/01/17 07:50:24 dtucker Exp $ */
|
/* $Id: port-linux.c,v 1.12 2011/01/25 01:16:18 djm Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
|
* Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
|
||||||
|
@ -205,6 +205,20 @@ ssh_selinux_change_context(const char *newname)
|
||||||
xfree(oldctx);
|
xfree(oldctx);
|
||||||
xfree(newctx);
|
xfree(newctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
ssh_selinux_setfscreatecon(const char *path)
|
||||||
|
{
|
||||||
|
security_context_t context;
|
||||||
|
|
||||||
|
if (path == NULL) {
|
||||||
|
setfscreatecon(NULL);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
matchpathcon(path, 0700, &context);
|
||||||
|
setfscreatecon(context);
|
||||||
|
}
|
||||||
|
|
||||||
#endif /* WITH_SELINUX */
|
#endif /* WITH_SELINUX */
|
||||||
|
|
||||||
#ifdef LINUX_OOM_ADJUST
|
#ifdef LINUX_OOM_ADJUST
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */
|
/* $Id: port-linux.h,v 1.5 2011/01/25 01:16:18 djm Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2006 Damien Miller <djm@openbsd.org>
|
* Copyright (c) 2006 Damien Miller <djm@openbsd.org>
|
||||||
|
@ -24,6 +24,7 @@ int ssh_selinux_enabled(void);
|
||||||
void ssh_selinux_setup_pty(char *, const char *);
|
void ssh_selinux_setup_pty(char *, const char *);
|
||||||
void ssh_selinux_setup_exec_context(char *);
|
void ssh_selinux_setup_exec_context(char *);
|
||||||
void ssh_selinux_change_context(const char *);
|
void ssh_selinux_change_context(const char *);
|
||||||
|
void ssh_selinux_setfscreatecon(const char *);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef LINUX_OOM_ADJUST
|
#ifdef LINUX_OOM_ADJUST
|
||||||
|
|
7
ssh.c
7
ssh.c
|
@ -852,15 +852,12 @@ main(int ac, char **av)
|
||||||
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
|
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
|
||||||
if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
|
if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
|
||||||
#ifdef WITH_SELINUX
|
#ifdef WITH_SELINUX
|
||||||
char *scon;
|
ssh_selinux_setfscreatecon(buf);
|
||||||
|
|
||||||
matchpathcon(buf, 0700, &scon);
|
|
||||||
setfscreatecon(scon);
|
|
||||||
#endif
|
#endif
|
||||||
if (mkdir(buf, 0700) < 0)
|
if (mkdir(buf, 0700) < 0)
|
||||||
error("Could not create directory '%.200s'.", buf);
|
error("Could not create directory '%.200s'.", buf);
|
||||||
#ifdef WITH_SELINUX
|
#ifdef WITH_SELINUX
|
||||||
setfscreatecon(NULL);
|
ssh_selinux_setfscreatecon(NULL);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
/* load options.identity_files */
|
/* load options.identity_files */
|
||||||
|
|
Loading…
Reference in New Issue