vishalmishra434 / rpms / openssh

Forked from rpms/openssh 3 months ago
Clone
Source Code
GIT

Blame openssh-5.8p1-sftpcontext.patch

c10s-sig-hyperscale c10s-sig-hyperscale-2 c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   1f6bdc75f1347b15c0c833ffc32679cf700a14df
  2.   openssh-5.8p1-sftpcontext.patch
Blob History Raw
Jan F 8fe150 
diff -up openssh-5.8p1/session.c.sftpcontext openssh-5.8p1/session.c
Jan F 8fe150 
--- openssh-5.8p1/session.c.sftpcontext	2011-03-17 06:20:41.651773603 +0100
Jan F 8fe150 
+++ openssh-5.8p1/session.c	2011-03-17 06:39:11.947648737 +0100
Jan F 8fe150 
@@ -1479,12 +1479,21 @@ safely_chroot(const char *path, uid_t ui
Jan F 8fe150
Jan F 8fe150 
 /* Set login name, uid, gid, and groups. */
Jan F 8fe150 
 void
Jan F 8fe150 
+#ifdef WITH_SELINUX
Jan F 8fe150 
+do_setusercontext(struct passwd *pw, const char *context)
Jan F 8fe150 
+#else
Jan F 8fe150 
 do_setusercontext(struct passwd *pw)
Jan F 8fe150 
+#endif
Jan F 8fe150 
 {
Jan F 8fe150 
 	char *chroot_path, *tmp;
Jan F 8fe150
Jan F 8fe150 
 	platform_setusercontext(pw);
Jan F 8fe150
Jan F 8fe150 
+#ifdef WITH_SELINUX
Jan F 8fe150 
+	if (context)
Jan F 8fe150 
+		ssh_selinux_change_context(context);
Jan F 8fe150 
+#endif
Jan F 8fe150 
+
Jan F 8fe150 
 	if (platform_privileged_uidswap()) {
Jan F 8fe150 
 #ifdef HAVE_LOGIN_CAP
Jan F 8fe150 
 		if (setusercontext(lc, pw, pw->pw_uid,
Jan F 8fe150 
@@ -1633,7 +1642,11 @@ do_child(Session *s, const char *command
Jan F 8fe150
Jan F 8fe150 
 	/* Force a password change */
Jan F 8fe150 
 	if (s->authctxt->force_pwchange) {
Jan F 8fe150 
+#ifdef WITH_SELINUX
Jan F 8fe150 
+		do_setusercontext(pw, NULL); //should be passwd_t context set here?
Jan F 8fe150 
+#else
Jan F 8fe150 
 		do_setusercontext(pw);
Jan F 8fe150 
+#endif
Jan F 8fe150 
 		child_close_fds();
Jan F 8fe150 
 		do_pwchange(s);
Jan F 8fe150 
 		exit(1);
Jan F 8fe150 
@@ -1660,7 +1673,11 @@ do_child(Session *s, const char *command
Jan F 8fe150 
 		/* When PAM is enabled we rely on it to do the nologin check */
Jan F 8fe150 
 		if (!options.use_pam)
Jan F 8fe150 
 			do_nologin(pw);
Jan F 8fe150 
+#ifdef WITH_SELINUX
Jan F 8fe150 
+		do_setusercontext(pw, s->is_subsystem == SUBSYSTEM_INT_SFTP ? "sftpd_t" : NULL);
Jan F 8fe150 
+#else
Jan F 8fe150 
 		do_setusercontext(pw);
Jan F 8fe150 
+#endif
Jan F 8fe150 
 		/*
Jan F 8fe150 
 		 * PAM session modules in do_setusercontext may have
Jan F 8fe150 
 		 * generated messages, so if this in an interactive
Jan F 8fe150 
@@ -1780,9 +1797,6 @@ do_child(Session *s, const char *command
Jan F 8fe150 
 		argv[i] = NULL;
Jan F 8fe150 
 		optind = optreset = 1;
Jan F 8fe150 
 		__progname = argv[0];
Jan F 8fe150 
-#ifdef WITH_SELINUX
Jan F 8fe150 
-		ssh_selinux_change_context("sftpd_t");
Jan F 8fe150 
-#endif
Jan F 8fe150 
 		exit(sftp_server_main(i, argv, s->pw));
Jan F 8fe150 
 	}
Jan F 8fe150
Jan F 8fe150 
diff -up openssh-5.8p1/session.h.sftpcontext openssh-5.8p1/session.h
Jan F 8fe150 
--- openssh-5.8p1/session.h.sftpcontext	2011-03-17 06:38:15.287648531 +0100
Jan F 8fe150 
+++ openssh-5.8p1/session.h	2011-03-17 06:40:25.907648653 +0100
Jan F 8fe150 
@@ -84,7 +84,11 @@ Session	*session_new(void);
Jan F 8fe150 
 Session *session_by_id(int);
Jan F 8fe150 
 Session	*session_by_tty(char *);
Jan F 8fe150 
 void	 session_close(Session *);
Jan F 8fe150 
+#ifdef WITH_SELINUX
Jan F 8fe150 
+void	 do_setusercontext(struct passwd *, const char *);
Jan F 8fe150 
+#else
Jan F 8fe150 
 void	 do_setusercontext(struct passwd *);
Jan F 8fe150 
+#endif
Jan F 8fe150 
 void	 child_set_env(char ***envp, u_int *envsizep, const char *name,
Jan F 8fe150 
 		       const char *value);
Jan F 8fe150
Jan F 8fe150 
diff -up openssh-5.8p1/sshd.c.sftpcontext openssh-5.8p1/sshd.c
Jan F 8fe150 
--- openssh-5.8p1/sshd.c.sftpcontext	2011-03-17 06:40:55.961663207 +0100
Jan F 8fe150 
+++ openssh-5.8p1/sshd.c	2011-03-17 06:45:14.037735849 +0100
Jan F 8fe150 
@@ -772,7 +772,11 @@ privsep_postauth(Authctxt *authctxt)
Jan F 8fe150 
 	RAND_seed(rnd, sizeof(rnd));
Jan F 8fe150
Jan F 8fe150 
 	/* Drop privileges */
Jan F 8fe150 
-	do_setusercontext(authctxt->pw);
Jan F 8fe150 
+#ifdef WITH_SELINUX
Jan F 8fe150 
+	do_setusercontext(authctxt->pw, NULL);
Jan F 8fe150 
+#else
Jan F 8fe150 
+	do_setusercontext(authctxt->pw);
Jan F 8fe150 
+#endif
Jan F 8fe150
Jan F 8fe150 
  skip:
Jan F 8fe150 
 	/* It is safe now to apply the key state */

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation