- (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c

openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
   port-linux.c to avoid compilation errors. Add -lselinux to ssh when
   building with SELinux support to avoid linking failure; report from
   amk AT spamfence.net; ok dtucker
This commit is contained in:
Damien Miller 2011-01-25 12:16:15 +11:00
parent 6f8f04b860
commit 71adf127e8
6 changed files with 37 additions and 13 deletions

View File

@ -1,3 +1,10 @@
20110125
- (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
port-linux.c to avoid compilation errors. Add -lselinux to ssh when
building with SELinux support to avoid linking failure; report from
amk AT spamfence.net; ok dtucker
20110122 20110122
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
RSA_get_default_method() for the benefit of openssl versions that don't RSA_get_default_method() for the benefit of openssl versions that don't

View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.320 2011/01/17 10:15:29 dtucker Exp $ # $Id: Makefile.in,v 1.321 2011/01/25 01:16:16 djm Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh # uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@ #SHELL = @SH@
@ -46,6 +46,7 @@ LD=@LD@
CFLAGS=@CFLAGS@ CFLAGS=@CFLAGS@
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@ LIBS=@LIBS@
SSHLIBS=@SSHLIBS@
SSHDLIBS=@SSHDLIBS@ SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@ LIBEDIT=@LIBEDIT@
AR=@AR@ AR=@AR@
@ -142,7 +143,7 @@ libssh.a: $(LIBSSH_OBJS)
$(RANLIB) $@ $(RANLIB) $@
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)

View File

@ -1,4 +1,4 @@
# $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $ # $Id: configure.ac,v 1.470 2011/01/25 01:16:17 djm Exp $
# #
# Copyright (c) 1999-2004 Damien Miller # Copyright (c) 1999-2004 Damien Miller
# #
@ -15,7 +15,7 @@
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
AC_REVISION($Revision: 1.469 $) AC_REVISION($Revision: 1.470 $)
AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_SRCDIR([ssh.c])
# local macros # local macros
@ -737,7 +737,6 @@ mips-sony-bsd|mips-sony-newsos4)
[ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1, [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
[Define if you have Solaris process contracts]) [Define if you have Solaris process contracts])
SSHDLIBS="$SSHDLIBS -lcontract" SSHDLIBS="$SSHDLIBS -lcontract"
AC_SUBST(SSHDLIBS)
SPC_MSG="yes" ], ) SPC_MSG="yes" ], )
], ],
) )
@ -748,7 +747,6 @@ mips-sony-bsd|mips-sony-newsos4)
[ AC_DEFINE(USE_SOLARIS_PROJECTS, 1, [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
[Define if you have Solaris projects]) [Define if you have Solaris projects])
SSHDLIBS="$SSHDLIBS -lproject" SSHDLIBS="$SSHDLIBS -lproject"
AC_SUBST(SSHDLIBS)
SP_MSG="yes" ], ) SP_MSG="yes" ], )
], ],
) )
@ -3515,11 +3513,14 @@ AC_ARG_WITH(selinux,
LIBS="$LIBS -lselinux" LIBS="$LIBS -lselinux"
], ],
AC_MSG_ERROR(SELinux support requires libselinux library)) AC_MSG_ERROR(SELinux support requires libselinux library))
SSHLIBS="$SSHLIBS $LIBSELINUX"
SSHDLIBS="$SSHDLIBS $LIBSELINUX" SSHDLIBS="$SSHDLIBS $LIBSELINUX"
AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
LIBS="$save_LIBS" LIBS="$save_LIBS"
fi ] fi ]
) )
AC_SUBST(SSHLIBS)
AC_SUBST(SSHDLIBS)
# Check whether user wants Kerberos 5 support # Check whether user wants Kerberos 5 support
KRB5_MSG="no" KRB5_MSG="no"
@ -4341,6 +4342,9 @@ echo " Libraries: ${LIBS}"
if test ! -z "${SSHDLIBS}"; then if test ! -z "${SSHDLIBS}"; then
echo " +for sshd: ${SSHDLIBS}" echo " +for sshd: ${SSHDLIBS}"
fi fi
if test ! -z "${SSHLIBS}"; then
echo " +for ssh: ${SSHLIBS}"
fi
echo "" echo ""

View File

@ -1,4 +1,4 @@
/* $Id: port-linux.c,v 1.11 2011/01/17 07:50:24 dtucker Exp $ */ /* $Id: port-linux.c,v 1.12 2011/01/25 01:16:18 djm Exp $ */
/* /*
* Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@ -205,6 +205,20 @@ ssh_selinux_change_context(const char *newname)
xfree(oldctx); xfree(oldctx);
xfree(newctx); xfree(newctx);
} }
void
ssh_selinux_setfscreatecon(const char *path)
{
security_context_t context;
if (path == NULL) {
setfscreatecon(NULL);
return;
}
matchpathcon(path, 0700, &context);
setfscreatecon(context);
}
#endif /* WITH_SELINUX */ #endif /* WITH_SELINUX */
#ifdef LINUX_OOM_ADJUST #ifdef LINUX_OOM_ADJUST

View File

@ -1,4 +1,4 @@
/* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */ /* $Id: port-linux.h,v 1.5 2011/01/25 01:16:18 djm Exp $ */
/* /*
* Copyright (c) 2006 Damien Miller <djm@openbsd.org> * Copyright (c) 2006 Damien Miller <djm@openbsd.org>
@ -24,6 +24,7 @@ int ssh_selinux_enabled(void);
void ssh_selinux_setup_pty(char *, const char *); void ssh_selinux_setup_pty(char *, const char *);
void ssh_selinux_setup_exec_context(char *); void ssh_selinux_setup_exec_context(char *);
void ssh_selinux_change_context(const char *); void ssh_selinux_change_context(const char *);
void ssh_selinux_setfscreatecon(const char *);
#endif #endif
#ifdef LINUX_OOM_ADJUST #ifdef LINUX_OOM_ADJUST

7
ssh.c
View File

@ -852,15 +852,12 @@ main(int ac, char **av)
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
char *scon; ssh_selinux_setfscreatecon(buf);
matchpathcon(buf, 0700, &scon);
setfscreatecon(scon);
#endif #endif
if (mkdir(buf, 0700) < 0) if (mkdir(buf, 0700) < 0)
error("Could not create directory '%.200s'.", buf); error("Could not create directory '%.200s'.", buf);
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
setfscreatecon(NULL); ssh_selinux_setfscreatecon(NULL);
#endif #endif
} }
/* load options.identity_files */ /* load options.identity_files */