rpms/openssh
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

rearange sesftp patch acording to upstream request

Browse Source
This commit is contained in:
Jan F. Chadima 2009-08-28 22:43:53 +00:00
parent 15914f24ed
commit 56bb42082f
2 changed files with 36 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
openssh-5.2p1-sesftp.patch
View File

@ -1,49 +1,66 @@
diff -up openssh-5.2p1/session.c.sesftp openssh-5.2p1/session.c diff -up openssh-5.2p1/session.c.sesftp openssh-5.2p1/session.c
--- openssh-5.2p1/session.c.sesftp 2009-07-22 15:18:17.156499945 +0200 --- openssh-5.2p1/session.c.sesftp 2009-08-09 10:21:11.586827446 +0200
+++ openssh-5.2p1/session.c 2009-07-22 15:20:09.950319644 +0200 +++ openssh-5.2p1/session.c 2009-08-09 10:39:30.475622699 +0200
@@ -58,6 +58,7 @@ @@ -58,6 +58,9 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <unistd.h> #include <unistd.h>
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h> +#include <selinux/selinux.h>
+#endif
#include "openbsd-compat/sys-queue.h" #include "openbsd-compat/sys-queue.h"
#include "xmalloc.h" #include "xmalloc.h"
@@ -1805,8 +1806,8 @@ do_child(Session *s, const char *command @@ -101,6 +104,9 @@
c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \
c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t'))
if (s->is_subsystem == SUBSYSTEM_INT_SFTP) { +#ifdef WITH_SELINUX
+#define SFTPD_T "sftpd_t"
+#endif
/* func */
Session *session_new(void);
@@ -1789,6 +1795,10 @@ do_child(Session *s, const char *command
extern int optind, optreset; extern int optind, optreset;
- int i; int i;
- char *p, *args; char *p, *args;
+ int i, l; +#ifdef WITH_SELINUX
+ char *p, *args, *c1, *c2, *cx; + int L1, L2;
+ char *c1, *c2, *cx;
+#endif
setproctitle("%s@internal-sftp-server", s->pw->pw_name); setproctitle("%s@internal-sftp-server", s->pw->pw_name);
args = xstrdup(command ? command : "sftp-server"); args = xstrdup(command ? command : "sftp-server");
@@ -1816,6 +1817,27 @@ do_child(Session *s, const char *command @@ -1798,6 +1808,32 @@ do_child(Session *s, const char *command
argv[i] = NULL; argv[i] = NULL;
optind = optreset = 1; optind = optreset = 1;
__progname = argv[0]; __progname = argv[0];
+ if (getcon (&c1) < 0) { +#ifdef WITH_SELINUX
+ logit("do_child: getcon failed witch %s", strerror (errno)); + if (getcon ((security_context_t *) &c1) < 0) {
+ logit("do_child: getcon failed with %s", strerror (errno));
+ } else { + } else {
+ c2 = xmalloc (strlen (c1) + 8); + L1 = strlen (c1) + sizeof (SFTPD_T);
+ c2 = xmalloc (L1);
+ if (!(cx = index (c1, ':'))) + if (!(cx = index (c1, ':')))
+ goto badcontext; + goto badcontext;
+ if (!(cx = index (cx + 1, ':'))) { + if (!(cx = index (cx + 1, ':'))) {
+badcontext: +badcontext:
+ logit ("do_child: unparseable context %s", c1); + logit ("do_child: unparseable context %s", c1);
+ } else { + } else {
+ l = cx - c1 + 1; + L2 = cx - c1 + 1;
+ memcpy (c2, c1, l); + memcpy (c2, c1, L2);
+ strcpy (c2 + l, "sftpd_t"); + strlcpy (c2 + L2, SFTPD_T, L1);
+ if ((cx = index (cx + 1, ':'))) + if ((cx = index (cx + 1, ':')))
+ strcat (c2, cx); + strlcat (c2, cx, L1);
+ if (setcon (c2) < 0) + if (setcon (c2) < 0)
+ logit("do_child: setcon failed witch %s", strerror (errno)); + logit("do_child: setcon failed with %s", strerror (errno));
+ +
+ } + }
+ xfree (c1);
+ xfree (c2);
+ } + }
+#endif
+ +
exit(sftp_server_main(i, argv, s->pw)); exit(sftp_server_main(i, argv, s->pw));
} }

1
openssh.spec
View File

@ -473,6 +473,7 @@ fi
- merged gssapi-role to selinux patch - merged gssapi-role to selinux patch
- merged cve-2007_3102 to audit patch - merged cve-2007_3102 to audit patch
- sesftp patch only with WITH_SELINUX flag - sesftp patch only with WITH_SELINUX flag
- rearange sesftp patch according to upstream request
* Wed Aug 26 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-19 * Wed Aug 26 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-19
- minor change in sesftp patch - minor change in sesftp patch