|
Jan F |
84d568 |
diff -up openssh-5.6p1/configure.ac.selabel openssh-5.6p1/configure.ac
|
|
Jan F |
84d568 |
--- openssh-5.6p1/configure.ac.selabel 2010-09-13 11:20:47.000000000 +0200
|
|
Jan F |
84d568 |
+++ openssh-5.6p1/configure.ac 2010-09-13 11:20:50.000000000 +0200
|
|
Jan F |
84d568 |
@@ -700,7 +700,6 @@ mips-sony-bsd|mips-sony-newsos4)
|
|
Jan F |
84d568 |
[ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
|
|
Jan F |
84d568 |
[Define if you have Solaris process contracts])
|
|
Jan F |
84d568 |
SSHDLIBS="$SSHDLIBS -lcontract"
|
|
Jan F |
84d568 |
- AC_SUBST(SSHDLIBS)
|
|
Jan F |
84d568 |
SPC_MSG="yes" ], )
|
|
Jan F |
84d568 |
],
|
|
Jan F |
84d568 |
)
|
|
Jan F |
84d568 |
@@ -3500,6 +3499,7 @@ AC_ARG_WITH(selinux,
|
|
Jan F |
84d568 |
],
|
|
Jan F |
84d568 |
AC_MSG_ERROR(SELinux support requires libselinux library))
|
|
Jan F |
84d568 |
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
|
|
Jan F |
84d568 |
+ SSHLIBS="$SSHLIBS $LIBSELINUX"
|
|
Jan F |
84d568 |
LIBS="$LIBS $LIBSELINUX"
|
|
Jan F |
84d568 |
AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
|
|
Jan F |
84d568 |
AC_CHECK_FUNCS(setkeycreatecon)
|
|
Jan F |
84d568 |
@@ -4269,6 +4269,8 @@ else
|
|
Jan F |
84d568 |
fi
|
|
Jan F |
84d568 |
AC_CHECK_DECL(BROKEN_GETADDRINFO, TEST_SSH_IPV6=no)
|
|
Jan F |
84d568 |
AC_SUBST(TEST_SSH_IPV6, $TEST_SSH_IPV6)
|
|
Jan F |
84d568 |
+AC_SUBST(SSHLIBS)
|
|
Jan F |
84d568 |
+AC_SUBST(SSHDLIBS)
|
|
Jan F |
84d568 |
|
|
Jan F |
84d568 |
AC_EXEEXT
|
|
Jan F |
84d568 |
AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
|
|
Jan F |
84d568 |
@@ -4345,6 +4347,9 @@ echo " Libraries: ${LIBS}"
|
|
Jan F |
84d568 |
if test ! -z "${SSHDLIBS}"; then
|
|
Jan F |
84d568 |
echo " +for sshd: ${SSHDLIBS}"
|
|
Jan F |
84d568 |
fi
|
|
Jan F |
84d568 |
+if test ! -z "${SSHLIBS}"; then
|
|
Jan F |
84d568 |
+echo " +for ssh: ${SSHLIBS}"
|
|
Jan F |
84d568 |
+fi
|
|
Jan F |
84d568 |
|
|
Jan F |
84d568 |
echo ""
|
|
Jan F |
84d568 |
|
|
Jan F. Chadima |
1b8a26 |
diff -up openssh-5.6p1/contrib/ssh-copy-id.selabel openssh-5.6p1/contrib/ssh-copy-id
|
|
Jan F. Chadima |
1b8a26 |
--- openssh-5.6p1/contrib/ssh-copy-id.selabel 2010-08-10 05:36:09.000000000 +0200
|
|
Jan F |
84d568 |
+++ openssh-5.6p1/contrib/ssh-copy-id 2010-09-13 11:20:50.000000000 +0200
|
|
Jan F. Chadima |
1b8a26 |
@@ -41,7 +41,7 @@ fi
|
|
Jan F. Chadima |
1b8a26 |
# strip any trailing colon
|
|
Jan F. Chadima |
1b8a26 |
host=`echo $1 | sed 's/:$//'`
|
|
Jan F. Chadima |
ca05b3 |
|
|
Jan F. Chadima |
1b8a26 |
-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
|
|
Jan F. Chadima |
1b8a26 |
+{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys" || exit 1
|
|
Jan F. Chadima |
ca05b3 |
|
|
Jan F. Chadima |
ca05b3 |
cat <
|
|
Jan F. Chadima |
1b8a26 |
Now try logging into the machine, with "ssh '$host'", and check in:
|
|
Jan F. Chadima |
1b8a26 |
diff -up openssh-5.6p1/Makefile.in.selabel openssh-5.6p1/Makefile.in
|
|
Jan F |
84d568 |
--- openssh-5.6p1/Makefile.in.selabel 2010-09-13 11:20:49.000000000 +0200
|
|
Jan F |
84d568 |
+++ openssh-5.6p1/Makefile.in 2010-09-13 11:20:50.000000000 +0200
|
|
Jan F |
84d568 |
@@ -47,6 +47,7 @@ LD=@LD@
|
|
Jan F |
84d568 |
CFLAGS=@CFLAGS@
|
|
Jan F |
84d568 |
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
|
|
Jan F |
84d568 |
LIBS=@LIBS@
|
|
Jan F |
84d568 |
+SSHLIBS=@SSHLIBS@
|
|
Jan F |
84d568 |
SSHDLIBS=@SSHDLIBS@
|
|
Jan F |
84d568 |
LIBEDIT=@LIBEDIT@
|
|
Jan F |
84d568 |
AR=@AR@
|
|
Jan F |
84d568 |
@@ -141,7 +142,7 @@ libssh.a: $(LIBSSH_OBJS)
|
|
Jan F. Chadima |
ca05b3 |
$(RANLIB) $@
|
|
Jan F. Chadima |
ca05b3 |
|
|
Jan F. Chadima |
ca05b3 |
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
|
|
Jan F. Chadima |
ca05b3 |
- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
|
|
Jan F |
84d568 |
+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHLIBS) $(LIBS)
|
|
Jan F. Chadima |
ca05b3 |
|
|
Jan F. Chadima |
ca05b3 |
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
|
|
Jan F. Chadima |
c54a8b |
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS)
|
|
Jan F |
84d568 |
diff -up openssh-5.6p1/openbsd-compat/port-linux.h.selabel openssh-5.6p1/openbsd-compat/port-linux.h
|
|
Jan F |
84d568 |
--- openssh-5.6p1/openbsd-compat/port-linux.h.selabel 2009-12-08 03:39:48.000000000 +0100
|
|
Jan F |
84d568 |
+++ openssh-5.6p1/openbsd-compat/port-linux.h 2010-09-13 11:20:50.000000000 +0200
|
|
Jan F |
84d568 |
@@ -20,6 +20,7 @@
|
|
Jan F |
84d568 |
#define _PORT_LINUX_H
|
|
Jan F. Chadima |
ca05b3 |
|
|
Jan F |
84d568 |
#ifdef WITH_SELINUX
|
|
Jan F |
84d568 |
+#include <selinux/selinux.h>
|
|
Jan F |
84d568 |
int ssh_selinux_enabled(void);
|
|
Jan F |
84d568 |
void ssh_selinux_setup_pty(char *, const char *);
|
|
Jan F |
84d568 |
void ssh_selinux_setup_exec_context(char *);
|
|
Jan F |
84d568 |
diff -up openssh-5.6p1/ssh.c.selabel openssh-5.6p1/ssh.c
|
|
Jan F |
84d568 |
--- openssh-5.6p1/ssh.c.selabel 2010-09-13 11:20:50.000000000 +0200
|
|
Jan F |
84d568 |
+++ openssh-5.6p1/ssh.c 2010-09-13 11:23:02.000000000 +0200
|
|
Jan F |
84d568 |
@@ -848,10 +848,21 @@ main(int ac, char **av)
|
|
Jan F. Chadima |
ca05b3 |
*/
|
|
Jan F. Chadima |
3d6b00 |
r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
|
|
Jan F. Chadima |
ca05b3 |
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
|
|
Jan F. Chadima |
3d6b00 |
- if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)
|
|
Jan F. Chadima |
3d6b00 |
+ if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
|
|
Jan F |
84d568 |
+#ifdef WITH_SELINUX
|
|
Jan F. Chadima |
ca05b3 |
+ char *scon;
|
|
Jan F. Chadima |
ca05b3 |
+
|
|
Jan F |
93909d |
+ if (matchpathcon(buf, 0700, &scon) != -1) {
|
|
Jan F |
93909d |
+ setfscreatecon(scon);
|
|
Jan F |
93909d |
+ matchpathcon_fini();
|
|
Jan F |
93909d |
+ }
|
|
Jan F |
84d568 |
+#endif
|
|
Jan F. Chadima |
ca05b3 |
if (mkdir(buf, 0700) < 0)
|
|
Jan F. Chadima |
ca05b3 |
error("Could not create directory '%.200s'.", buf);
|
|
Jan F. Chadima |
ca05b3 |
-
|
|
Jan F |
84d568 |
+#ifdef WITH_SELINUX
|
|
Jan F. Chadima |
ca05b3 |
+ setfscreatecon(NULL);
|
|
Jan F |
84d568 |
+#endif
|
|
Jan F. Chadima |
ca05b3 |
+ }
|
|
Jan F. Chadima |
ca05b3 |
/* load options.identity_files */
|
|
Jan F. Chadima |
ca05b3 |
load_public_identity_files();
|
|
Jan F. Chadima |
ca05b3 |
|