vishalmishra434 / rpms / openssh

Forked from rpms/openssh a month ago
Clone
Jan F. Chadima ce94da
diff -up openssh-5.2p1/openbsd-compat/port-linux.c.sesftp openssh-5.2p1/openbsd-compat/port-linux.c
Jan F. Chadima ce94da
--- openssh-5.2p1/openbsd-compat/port-linux.c.sesftp	2009-08-12 00:29:37.712368892 +0200
Jan F. Chadima ce94da
+++ openssh-5.2p1/openbsd-compat/port-linux.c	2009-08-12 00:29:37.732544890 +0200
Jan F. Chadima ce94da
@@ -469,4 +469,36 @@ ssh_selinux_setup_pty(char *pwname, cons
Jan F. Chadima ce94da
 		freecon(user_ctx);
Jan F. Chadima ce94da
 	debug3("%s: done", __func__);
Jan F. Chadima ce94da
 }
Jan F. Chadima ce94da
+
Jan F. Chadima ce94da
+void
Jan F. Chadima ce94da
+ssh_selinux_change_context(const char *newname)
Jan F. Chadima ce94da
+{
Jan F. Chadima ce94da
+	int len, newlen;
Jan F. Chadima ce94da
+	char *oldctx, *newctx, *cx;
Jan F. Chadima ce94da
+
Jan F. Chadima ce94da
+	if (!ssh_selinux_enabled())
Jan F. Chadima ce94da
+		return;
Jan F. Chadima ce94da
+
Jan F. Chadima ce94da
+	if (getcon((security_context_t *)&oldctx) < 0) {
Jan F. Chadima ce94da
+		logit("%s: getcon failed with %s", __func__, strerror (errno));
Jan F. Chadima ce94da
+		return;
Jan F. Chadima ce94da
+	}
Jan F. Chadima ce94da
+	if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) == NULL) {
Jan F. Chadima ce94da
+		logit ("%s: unparseable context %s", __func__, oldctx);
Jan F. Chadima ce94da
+		return;
Jan F. Chadima ce94da
+	}
Jan F. Chadima ce94da
+
Jan F. Chadima ce94da
+	newlen = strlen(oldctx) + strlen(newname) + 1;
Jan F. Chadima ce94da
+	newctx = xmalloc(newlen);
Jan F. Chadima ce94da
+	len = cx - oldctx + 1;
Jan F. Chadima ce94da
+	memcpy(newctx, oldctx, len);
Jan F. Chadima ce94da
+	strlcpy(newctx + len, newname, newlen - len);
Jan F. Chadima ce94da
+	if ((cx = index(cx + 1, ':')))
Jan F. Chadima ce94da
+		strlcat(newctx, cx, newlen);
Jan F. Chadima ce94da
+	debug3("%s: setting context from '%s' to '%s'", __func__, oldctx, newctx);
Jan F. Chadima ce94da
+	if (setcon(newctx) < 0)
Jan F. Chadima ce94da
+		logit("%s: setcon failed with %s", __func__, strerror (errno));
Jan F. Chadima ce94da
+	xfree(oldctx);
Jan F. Chadima ce94da
+	xfree(newctx);
Jan F. Chadima ce94da
+}
Jan F. Chadima ce94da
 #endif /* WITH_SELINUX */
Jan F. Chadima ce94da
diff -up openssh-5.2p1/openbsd-compat/port-linux.h.sesftp openssh-5.2p1/openbsd-compat/port-linux.h
Jan F. Chadima ce94da
--- openssh-5.2p1/openbsd-compat/port-linux.h.sesftp	2008-03-26 21:27:21.000000000 +0100
Jan F. Chadima ce94da
+++ openssh-5.2p1/openbsd-compat/port-linux.h	2009-08-12 00:29:37.733388083 +0200
Jan F. Chadima ce94da
@@ -23,6 +23,7 @@
Jan F. Chadima ce94da
 int ssh_selinux_enabled(void);
Jan F. Chadima ce94da
 void ssh_selinux_setup_pty(char *, const char *);
Jan F. Chadima ce94da
 void ssh_selinux_setup_exec_context(char *);
Jan F. Chadima ce94da
+void ssh_selinux_change_context(const char *);
Jan F. Chadima ce94da
 #endif
Jan F. Chadima 3d6b00
 
Jan F. Chadima ce94da
 #endif /* ! _PORT_LINUX_H */
Jan F. Chadima ce94da
diff -up openssh-5.2p1/session.c.sesftp openssh-5.2p1/session.c
Jan F. Chadima ce94da
--- openssh-5.2p1/session.c.sesftp	2009-08-12 00:29:37.659250161 +0200
Jan F. Chadima ce94da
+++ openssh-5.2p1/session.c	2009-08-12 00:29:37.729578695 +0200
Jan F. Chadima ce94da
@@ -1798,6 +1798,9 @@ do_child(Session *s, const char *command
Jan F. Chadima 3d6b00
 		argv[i] = NULL;
Jan F. Chadima 3d6b00
 		optind = optreset = 1;
Jan F. Chadima 3d6b00
 		__progname = argv[0];
Jan F. Chadima 56bb42
+#ifdef WITH_SELINUX
Jan F. Chadima ce94da
+		ssh_selinux_change_context("sftpd_t");
Jan F. Chadima 56bb42
+#endif
Jan F. Chadima 3d6b00
 		exit(sftp_server_main(i, argv, s->pw));
Jan F. Chadima 3d6b00
 	}
Jan F. Chadima 3d6b00