diff options
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | Makefile.in | 5 | ||||
-rw-r--r-- | configure.ac | 12 | ||||
-rw-r--r-- | openbsd-compat/port-linux.c | 16 | ||||
-rw-r--r-- | openbsd-compat/port-linux.h | 3 | ||||
-rw-r--r-- | ssh.c | 7 |
6 files changed, 37 insertions, 13 deletions
@@ -1,3 +1,10 @@ | |||
1 | 20110125 | ||
2 | - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c | ||
3 | openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to | ||
4 | port-linux.c to avoid compilation errors. Add -lselinux to ssh when | ||
5 | building with SELinux support to avoid linking failure; report from | ||
6 | amk AT spamfence.net; ok dtucker | ||
7 | |||
1 | 20110122 | 8 | 20110122 |
2 | - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add | 9 | - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add |
3 | RSA_get_default_method() for the benefit of openssl versions that don't | 10 | RSA_get_default_method() for the benefit of openssl versions that don't |
diff --git a/Makefile.in b/Makefile.in index 77a78aa61..d0263779b 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: Makefile.in,v 1.320 2011/01/17 10:15:29 dtucker Exp $ | 1 | # $Id: Makefile.in,v 1.321 2011/01/25 01:16:16 djm Exp $ |
2 | 2 | ||
3 | # uncomment if you run a non bourne compatable shell. Ie. csh | 3 | # uncomment if you run a non bourne compatable shell. Ie. csh |
4 | #SHELL = @SH@ | 4 | #SHELL = @SH@ |
@@ -46,6 +46,7 @@ LD=@LD@ | |||
46 | CFLAGS=@CFLAGS@ | 46 | CFLAGS=@CFLAGS@ |
47 | CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ | 47 | CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ |
48 | LIBS=@LIBS@ | 48 | LIBS=@LIBS@ |
49 | SSHLIBS=@SSHLIBS@ | ||
49 | SSHDLIBS=@SSHDLIBS@ | 50 | SSHDLIBS=@SSHDLIBS@ |
50 | LIBEDIT=@LIBEDIT@ | 51 | LIBEDIT=@LIBEDIT@ |
51 | AR=@AR@ | 52 | AR=@AR@ |
@@ -142,7 +143,7 @@ libssh.a: $(LIBSSH_OBJS) | |||
142 | $(RANLIB) $@ | 143 | $(RANLIB) $@ |
143 | 144 | ||
144 | ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) | 145 | ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) |
145 | $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 146 | $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) |
146 | 147 | ||
147 | sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) | 148 | sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) |
148 | $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) | 149 | $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) |
diff --git a/configure.ac b/configure.ac index 769e83594..0c46aebeb 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $ | 1 | # $Id: configure.ac,v 1.470 2011/01/25 01:16:17 djm Exp $ |
2 | # | 2 | # |
3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
4 | # | 4 | # |
@@ -15,7 +15,7 @@ | |||
15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | 16 | ||
17 | AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) | 17 | AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) |
18 | AC_REVISION($Revision: 1.469 $) | 18 | AC_REVISION($Revision: 1.470 $) |
19 | AC_CONFIG_SRCDIR([ssh.c]) | 19 | AC_CONFIG_SRCDIR([ssh.c]) |
20 | 20 | ||
21 | # local macros | 21 | # local macros |
@@ -737,7 +737,6 @@ mips-sony-bsd|mips-sony-newsos4) | |||
737 | [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1, | 737 | [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1, |
738 | [Define if you have Solaris process contracts]) | 738 | [Define if you have Solaris process contracts]) |
739 | SSHDLIBS="$SSHDLIBS -lcontract" | 739 | SSHDLIBS="$SSHDLIBS -lcontract" |
740 | AC_SUBST(SSHDLIBS) | ||
741 | SPC_MSG="yes" ], ) | 740 | SPC_MSG="yes" ], ) |
742 | ], | 741 | ], |
743 | ) | 742 | ) |
@@ -748,7 +747,6 @@ mips-sony-bsd|mips-sony-newsos4) | |||
748 | [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1, | 747 | [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1, |
749 | [Define if you have Solaris projects]) | 748 | [Define if you have Solaris projects]) |
750 | SSHDLIBS="$SSHDLIBS -lproject" | 749 | SSHDLIBS="$SSHDLIBS -lproject" |
751 | AC_SUBST(SSHDLIBS) | ||
752 | SP_MSG="yes" ], ) | 750 | SP_MSG="yes" ], ) |
753 | ], | 751 | ], |
754 | ) | 752 | ) |
@@ -3515,11 +3513,14 @@ AC_ARG_WITH(selinux, | |||
3515 | LIBS="$LIBS -lselinux" | 3513 | LIBS="$LIBS -lselinux" |
3516 | ], | 3514 | ], |
3517 | AC_MSG_ERROR(SELinux support requires libselinux library)) | 3515 | AC_MSG_ERROR(SELinux support requires libselinux library)) |
3516 | SSHLIBS="$SSHLIBS $LIBSELINUX" | ||
3518 | SSHDLIBS="$SSHDLIBS $LIBSELINUX" | 3517 | SSHDLIBS="$SSHDLIBS $LIBSELINUX" |
3519 | AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) | 3518 | AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) |
3520 | LIBS="$save_LIBS" | 3519 | LIBS="$save_LIBS" |
3521 | fi ] | 3520 | fi ] |
3522 | ) | 3521 | ) |
3522 | AC_SUBST(SSHLIBS) | ||
3523 | AC_SUBST(SSHDLIBS) | ||
3523 | 3524 | ||
3524 | # Check whether user wants Kerberos 5 support | 3525 | # Check whether user wants Kerberos 5 support |
3525 | KRB5_MSG="no" | 3526 | KRB5_MSG="no" |
@@ -4341,6 +4342,9 @@ echo " Libraries: ${LIBS}" | |||
4341 | if test ! -z "${SSHDLIBS}"; then | 4342 | if test ! -z "${SSHDLIBS}"; then |
4342 | echo " +for sshd: ${SSHDLIBS}" | 4343 | echo " +for sshd: ${SSHDLIBS}" |
4343 | fi | 4344 | fi |
4345 | if test ! -z "${SSHLIBS}"; then | ||
4346 | echo " +for ssh: ${SSHLIBS}" | ||
4347 | fi | ||
4344 | 4348 | ||
4345 | echo "" | 4349 | echo "" |
4346 | 4350 | ||
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index 5b1cf402c..b152efc29 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: port-linux.c,v 1.11 2011/01/17 07:50:24 dtucker Exp $ */ | 1 | /* $Id: port-linux.c,v 1.12 2011/01/25 01:16:18 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> | 4 | * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> |
@@ -205,6 +205,20 @@ ssh_selinux_change_context(const char *newname) | |||
205 | xfree(oldctx); | 205 | xfree(oldctx); |
206 | xfree(newctx); | 206 | xfree(newctx); |
207 | } | 207 | } |
208 | |||
209 | void | ||
210 | ssh_selinux_setfscreatecon(const char *path) | ||
211 | { | ||
212 | security_context_t context; | ||
213 | |||
214 | if (path == NULL) { | ||
215 | setfscreatecon(NULL); | ||
216 | return; | ||
217 | } | ||
218 | matchpathcon(path, 0700, &context); | ||
219 | setfscreatecon(context); | ||
220 | } | ||
221 | |||
208 | #endif /* WITH_SELINUX */ | 222 | #endif /* WITH_SELINUX */ |
209 | 223 | ||
210 | #ifdef LINUX_OOM_ADJUST | 224 | #ifdef LINUX_OOM_ADJUST |
diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h index 209d9a7a2..e3d1004aa 100644 --- a/openbsd-compat/port-linux.h +++ b/openbsd-compat/port-linux.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */ | 1 | /* $Id: port-linux.h,v 1.5 2011/01/25 01:16:18 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2006 Damien Miller <djm@openbsd.org> | 4 | * Copyright (c) 2006 Damien Miller <djm@openbsd.org> |
@@ -24,6 +24,7 @@ int ssh_selinux_enabled(void); | |||
24 | void ssh_selinux_setup_pty(char *, const char *); | 24 | void ssh_selinux_setup_pty(char *, const char *); |
25 | void ssh_selinux_setup_exec_context(char *); | 25 | void ssh_selinux_setup_exec_context(char *); |
26 | void ssh_selinux_change_context(const char *); | 26 | void ssh_selinux_change_context(const char *); |
27 | void ssh_selinux_setfscreatecon(const char *); | ||
27 | #endif | 28 | #endif |
28 | 29 | ||
29 | #ifdef LINUX_OOM_ADJUST | 30 | #ifdef LINUX_OOM_ADJUST |
@@ -852,15 +852,12 @@ main(int ac, char **av) | |||
852 | strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); | 852 | strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); |
853 | if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { | 853 | if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { |
854 | #ifdef WITH_SELINUX | 854 | #ifdef WITH_SELINUX |
855 | char *scon; | 855 | ssh_selinux_setfscreatecon(buf); |
856 | |||
857 | matchpathcon(buf, 0700, &scon); | ||
858 | setfscreatecon(scon); | ||
859 | #endif | 856 | #endif |
860 | if (mkdir(buf, 0700) < 0) | 857 | if (mkdir(buf, 0700) < 0) |
861 | error("Could not create directory '%.200s'.", buf); | 858 | error("Could not create directory '%.200s'.", buf); |
862 | #ifdef WITH_SELINUX | 859 | #ifdef WITH_SELINUX |
863 | setfscreatecon(NULL); | 860 | ssh_selinux_setfscreatecon(NULL); |
864 | #endif | 861 | #endif |
865 | } | 862 | } |
866 | /* load options.identity_files */ | 863 | /* load options.identity_files */ |