summaryrefslogtreecommitdiff
path: root/openbsd-compat/port-linux.c
diff options
context:
space:
mode:
Diffstat (limited to 'openbsd-compat/port-linux.c')
-rw-r--r--openbsd-compat/port-linux.c16
1 files changed, 6 insertions, 10 deletions
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 744a404c8..11385326e 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -44,8 +44,6 @@
44#include <selinux/flask.h> 44#include <selinux/flask.h>
45#include <selinux/get_context_list.h> 45#include <selinux/get_context_list.h>
46 46
47extern Authctxt *the_authctxt;
48
49/* Wrapper around is_selinux_enabled() to log its return value once only */ 47/* Wrapper around is_selinux_enabled() to log its return value once only */
50int 48int
51ssh_selinux_enabled(void) 49ssh_selinux_enabled(void)
@@ -62,10 +60,10 @@ ssh_selinux_enabled(void)
62 60
63/* Return the default security context for the given username */ 61/* Return the default security context for the given username */
64static security_context_t 62static security_context_t
65ssh_selinux_getctxbyname(char *pwname) 63ssh_selinux_getctxbyname(char *pwname, const char *role)
66{ 64{
67 security_context_t sc = NULL; 65 security_context_t sc = NULL;
68 char *sename = NULL, *role = NULL, *lvl = NULL; 66 char *sename = NULL, *lvl = NULL;
69 int r; 67 int r;
70 68
71#ifdef HAVE_GETSEUSERBYNAME 69#ifdef HAVE_GETSEUSERBYNAME
@@ -75,8 +73,6 @@ ssh_selinux_getctxbyname(char *pwname)
75 sename = pwname; 73 sename = pwname;
76 lvl = NULL; 74 lvl = NULL;
77#endif 75#endif
78 if (the_authctxt)
79 role = the_authctxt->role;
80 76
81#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL 77#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
82 if (role != NULL && role[0]) 78 if (role != NULL && role[0])
@@ -119,7 +115,7 @@ ssh_selinux_getctxbyname(char *pwname)
119 115
120/* Set the execution context to the default for the specified user */ 116/* Set the execution context to the default for the specified user */
121void 117void
122ssh_selinux_setup_exec_context(char *pwname) 118ssh_selinux_setup_exec_context(char *pwname, const char *role)
123{ 119{
124 security_context_t user_ctx = NULL; 120 security_context_t user_ctx = NULL;
125 121
@@ -128,7 +124,7 @@ ssh_selinux_setup_exec_context(char *pwname)
128 124
129 debug3("%s: setting execution context", __func__); 125 debug3("%s: setting execution context", __func__);
130 126
131 user_ctx = ssh_selinux_getctxbyname(pwname); 127 user_ctx = ssh_selinux_getctxbyname(pwname, role);
132 if (setexeccon(user_ctx) != 0) { 128 if (setexeccon(user_ctx) != 0) {
133 switch (security_getenforce()) { 129 switch (security_getenforce()) {
134 case -1: 130 case -1:
@@ -150,7 +146,7 @@ ssh_selinux_setup_exec_context(char *pwname)
150 146
151/* Set the TTY context for the specified user */ 147/* Set the TTY context for the specified user */
152void 148void
153ssh_selinux_setup_pty(char *pwname, const char *tty) 149ssh_selinux_setup_pty(char *pwname, const char *tty, const char *role)
154{ 150{
155 security_context_t new_tty_ctx = NULL; 151 security_context_t new_tty_ctx = NULL;
156 security_context_t user_ctx = NULL; 152 security_context_t user_ctx = NULL;
@@ -161,7 +157,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
161 157
162 debug3("%s: setting TTY context on %s", __func__, tty); 158 debug3("%s: setting TTY context on %s", __func__, tty);
163 159
164 user_ctx = ssh_selinux_getctxbyname(pwname); 160 user_ctx = ssh_selinux_getctxbyname(pwname, role);
165 161
166 /* XXX: should these calls fatal() upon failure in enforcing mode? */ 162 /* XXX: should these calls fatal() upon failure in enforcing mode? */
167 163
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-17 19:40:36 +0000