- (dtucker) [platform.c platform.h session.c] Add a platform hook to run

after the user's groups are established and move the selinux calls into it.
author: Darren Tucker <dtucker@zip.com.au> 2010-11-05 12:36:15 +1100
committer: Darren Tucker <dtucker@zip.com.au> 2010-11-05 12:36:15 +1100
commit: 920612e45ae8183226e8841ff27cdc54a8287ba2 (patch)
tree: 18b9cf0af1c0c470d463b8e03cdd2504f5c3ca2f /platform.c
parent: 97528353c2b4f27169ea9b81e5c4420c734ceea2 (diff)
1 files changed, 22 insertions, 1 deletions
diff --git a/platform.c b/platform.c
index c894190b2..730e7b718 100644
--- a/platform.c
+++ b/platform.c
@@ -1,4 +1,4 @@
-/* $Id: platform.c,v 1.4 2010/11/05 01:03:05 dtucker Exp $ */
+/* $Id: platform.c,v 1.5 2010/11/05 01:36:15 dtucker Exp $ */
 /*
 * Copyright (c) 2006 Darren Tucker.  All rights reserved.
@@ -57,9 +57,18 @@ platform_post_fork_child(void)
 #endif
 }
+/*
+ * This gets called before switching UIDs, and is called even when sshd is
+ * not running as root.
+ */
 void
 platform_setusercontext(struct passwd *pw)
 {
+#ifdef WITH_SELINUX
+        /* Cache selinux status for later use */
+        (void)ssh_selinux_enabled();
+#endif
 #ifdef USE_SOLARIS_PROJECTS
        /* if solaris projects were detected, set the default now */
        if (getuid() == 0 || geteuid() == 0)
@@ -67,6 +76,18 @@ platform_setusercontext(struct passwd *pw)
 #endif
 }
+/*
+ * This gets called after we've established the user's groups, and is only
+ * called if sshd is running as root.
+ */
+void
+platform_setusercontext_post_groups(struct passwd *pw)
+{
+#ifdef WITH_SELINUX
+        ssh_selinux_setup_exec_context(pw->pw_name);
+#endif
+}
 char *
 platform_krb5_get_principal_name(const char *pw_name)
 {
author	Darren Tucker <dtucker@zip.com.au>	2010-11-05 12:36:15 +1100
committer	Darren Tucker <dtucker@zip.com.au>	2010-11-05 12:36:15 +1100
commit	920612e45ae8183226e8841ff27cdc54a8287ba2 (patch)
tree	18b9cf0af1c0c470d463b8e03cdd2504f5c3ca2f /platform.c
parent	97528353c2b4f27169ea9b81e5c4420c734ceea2 (diff)

diff --git a/platform.c b/platform.c index c894190b2..730e7b718 100644 --- a/platform.c +++ b/platform.c
@@ -1,4 +1,4 @@
1	/* $Id: platform.c,v 1.4 2010/11/05 01:03:05 dtucker Exp $ */	1	/* $Id: platform.c,v 1.5 2010/11/05 01:36:15 dtucker Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2006 Darren Tucker. All rights reserved.	4	* Copyright (c) 2006 Darren Tucker. All rights reserved.
@@ -57,9 +57,18 @@ platform_post_fork_child(void)
57	#endif	57	#endif
58	}	58	}
59		59
		60	/*
		61	* This gets called before switching UIDs, and is called even when sshd is
		62	* not running as root.
		63	*/
60	void	64	void
61	platform_setusercontext(struct passwd *pw)	65	platform_setusercontext(struct passwd *pw)
62	{	66	{
		67	#ifdef WITH_SELINUX
		68	/* Cache selinux status for later use */
		69	(void)ssh_selinux_enabled();
		70	#endif
		71
63	#ifdef USE_SOLARIS_PROJECTS	72	#ifdef USE_SOLARIS_PROJECTS
64	/* if solaris projects were detected, set the default now */	73	/* if solaris projects were detected, set the default now */
65	if (getuid() == 0 \|\| geteuid() == 0)	74	if (getuid() == 0 \|\| geteuid() == 0)
@@ -67,6 +76,18 @@ platform_setusercontext(struct passwd *pw)
67	#endif	76	#endif
68	}	77	}
69		78
		79	/*
		80	* This gets called after we've established the user's groups, and is only
		81	* called if sshd is running as root.
		82	*/
		83	void
		84	platform_setusercontext_post_groups(struct passwd *pw)
		85	{
		86	#ifdef WITH_SELINUX
		87	ssh_selinux_setup_exec_context(pw->pw_name);
		88	#endif
		89	}
		90
70	char *	91	char *
71	platform_krb5_get_principal_name(const char *pw_name)	92	platform_krb5_get_principal_name(const char *pw_name)
72	{	93	{