6 files changed, 37 insertions, 13 deletions

diff --git a/ChangeLog b/ChangeLog
index 0356a33c5..6d2375a33 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+20110125
+ - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
+   openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
+   port-linux.c to avoid compilation errors. Add -lselinux to ssh when
+   building with SELinux support to avoid linking failure; report from
+   amk AT spamfence.net; ok dtucker
+
 20110122
  - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
    RSA_get_default_method() for the benefit of openssl versions that don't
diff --git a/Makefile.in b/Makefile.in
index 77a78aa61..d0263779b 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.320 2011/01/17 10:15:29 dtucker Exp $
+# $Id: Makefile.in,v 1.321 2011/01/25 01:16:16 djm Exp $
 
 # uncomment if you run a non bourne compatable shell. Ie. csh
 #SHELL = @SH@
@@ -46,6 +46,7 @@ LD=@LD@
 CFLAGS=@CFLAGS@
 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
 LIBS=@LIBS@
+SSHLIBS=@SSHLIBS@
 SSHDLIBS=@SSHDLIBS@
 LIBEDIT=@LIBEDIT@
 AR=@AR@
@@ -142,7 +143,7 @@ libssh.a: $(LIBSSH_OBJS)
         $(RANLIB) $@
 
 ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
-        $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+        $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
 
 sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
         $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
diff --git a/configure.ac b/configure.ac
index 769e83594..0c46aebeb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $
+# $Id: configure.ac,v 1.470 2011/01/25 01:16:17 djm Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.469 $)
+AC_REVISION($Revision: 1.470 $)
 AC_CONFIG_SRCDIR([ssh.c])
 
 # local macros
@@ -737,7 +737,6 @@ mips-sony-bsd|mips-sony-newsos4)
                         [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
                                 [Define if you have Solaris process contracts])
                           SSHDLIBS="$SSHDLIBS -lcontract"
-                          AC_SUBST(SSHDLIBS)
                           SPC_MSG="yes" ], )
                 ],
         )
@@ -748,7 +747,6 @@ mips-sony-bsd|mips-sony-newsos4)
                         [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
                                 [Define if you have Solaris projects])
                         SSHDLIBS="$SSHDLIBS -lproject"
-                        AC_SUBST(SSHDLIBS)
                         SP_MSG="yes" ], )
                 ],
         )
@@ -3515,11 +3513,14 @@ AC_ARG_WITH(selinux,
                           LIBS="$LIBS -lselinux"
                         ],
                         AC_MSG_ERROR(SELinux support requires libselinux library))
+                SSHLIBS="$SSHLIBS $LIBSELINUX"
                 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
                 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
                 LIBS="$save_LIBS"
         fi ]
 )
+AC_SUBST(SSHLIBS)
+AC_SUBST(SSHDLIBS)
 
 # Check whether user wants Kerberos 5 support
 KRB5_MSG="no"
@@ -4341,6 +4342,9 @@ echo "         Libraries: ${LIBS}"
 if test ! -z "${SSHDLIBS}"; then
 echo "         +for sshd: ${SSHDLIBS}"
 fi
+if test ! -z "${SSHLIBS}"; then
+echo "          +for ssh: ${SSHLIBS}"
+fi
 
 echo ""
 
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 5b1cf402c..b152efc29 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -1,4 +1,4 @@
-/* $Id: port-linux.c,v 1.11 2011/01/17 07:50:24 dtucker Exp $ */
+/* $Id: port-linux.c,v 1.12 2011/01/25 01:16:18 djm Exp $ */
 
 /*
  * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@@ -205,6 +205,20 @@ ssh_selinux_change_context(const char *newname)
         xfree(oldctx);
         xfree(newctx);
 }
+
+void
+ssh_selinux_setfscreatecon(const char *path)
+{
+                security_context_t context;
+
+                if (path == NULL) {
+                        setfscreatecon(NULL);
+                        return;
+                }
+                matchpathcon(path, 0700, &context);
+                setfscreatecon(context);
+}
+
 #endif /* WITH_SELINUX */
 
 #ifdef LINUX_OOM_ADJUST
diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
index 209d9a7a2..e3d1004aa 100644
--- a/openbsd-compat/port-linux.h
+++ b/openbsd-compat/port-linux.h
@@ -1,4 +1,4 @@
-/* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */
+/* $Id: port-linux.h,v 1.5 2011/01/25 01:16:18 djm Exp $ */
 
 /*
  * Copyright (c) 2006 Damien Miller <djm@openbsd.org>
@@ -24,6 +24,7 @@ int ssh_selinux_enabled(void);
 void ssh_selinux_setup_pty(char *, const char *);
 void ssh_selinux_setup_exec_context(char *);
 void ssh_selinux_change_context(const char *);
+void ssh_selinux_setfscreatecon(const char *);
 #endif
 
 #ifdef LINUX_OOM_ADJUST
diff --git a/ssh.c b/ssh.c
index 9409fa713..d32ef78b0 100644
--- a/ssh.c
+++ b/ssh.c
@@ -852,15 +852,12 @@ main(int ac, char **av)
             strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
         if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
 #ifdef WITH_SELINUX
-                char *scon;
-
-                matchpathcon(buf, 0700, &scon);
-                setfscreatecon(scon);
+                ssh_selinux_setfscreatecon(buf);
 #endif
                 if (mkdir(buf, 0700) < 0)
                         error("Could not create directory '%.200s'.", buf);
 #ifdef WITH_SELINUX
-                setfscreatecon(NULL);
+                ssh_selinux_setfscreatecon(NULL);
 #endif
         }
         /* load options.identity_files */