Description: Fix SELinux build failure Origin: backport, http://bazaar.launchpad.net/~vcs-imports/openssh/main/revision/6317 Author: Damien Miller Last-Update: 2011-01-25 Index: b/Makefile.in =================================================================== --- a/Makefile.in +++ b/Makefile.in @@ -48,6 +48,7 @@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ LIBS=@LIBS@ +SSHLIBS=@SSHLIBS@ SSHDLIBS=@SSHDLIBS@ LIBEDIT=@LIBEDIT@ AR=@AR@ @@ -144,7 +145,7 @@ $(RANLIB) $@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) - $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) Index: b/configure.ac =================================================================== --- a/configure.ac +++ b/configure.ac @@ -761,7 +761,6 @@ [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1, [Define if you have Solaris process contracts]) SSHDLIBS="$SSHDLIBS -lcontract" - AC_SUBST(SSHDLIBS) SPC_MSG="yes" ], ) ], ) @@ -772,7 +771,6 @@ [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1, [Define if you have Solaris projects]) SSHDLIBS="$SSHDLIBS -lproject" - AC_SUBST(SSHDLIBS) SP_MSG="yes" ], ) ], ) @@ -3539,11 +3537,14 @@ LIBS="$LIBS -lselinux" ], AC_MSG_ERROR(SELinux support requires libselinux library)) + SSHLIBS="$SSHLIBS $LIBSELINUX" SSHDLIBS="$SSHDLIBS $LIBSELINUX" AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) LIBS="$save_LIBS" fi ] ) +AC_SUBST(SSHLIBS) +AC_SUBST(SSHDLIBS) # Check whether user wants Kerberos 5 support KRB5_MSG="no" @@ -4365,6 +4366,9 @@ if test ! -z "${SSHDLIBS}"; then echo " +for sshd: ${SSHDLIBS}" fi +if test ! -z "${SSHLIBS}"; then +echo " +for ssh: ${SSHLIBS}" +fi echo "" Index: b/configure =================================================================== --- a/configure +++ b/configure @@ -696,7 +696,6 @@ LOGIN_PROGRAM_FALLBACK PATH_PASSWD_PROG LD -SSHDLIBS PKGCONFIG LIBEDIT TEST_SSH_SHA256 @@ -721,6 +720,8 @@ PROG_IPCS PROG_TAIL INSTALL_SSH_PRNG_CMDS +SSHLIBS +SSHDLIBS KRB5CONF PRIVSEP_PATH xauth_path @@ -9047,7 +9048,6 @@ _ACEOF SSHDLIBS="$SSHDLIBS -lcontract" - SPC_MSG="yes" fi @@ -9126,7 +9126,6 @@ _ACEOF SSHDLIBS="$SSHDLIBS -lproject" - SP_MSG="yes" fi @@ -27806,6 +27805,7 @@ { (exit 1); exit 1; }; } fi + SSHLIBS="$SSHLIBS $LIBSELINUX" SSHDLIBS="$SSHDLIBS $LIBSELINUX" @@ -27908,6 +27908,8 @@ fi + + # Check whether user wants Kerberos 5 support KRB5_MSG="no" @@ -31416,7 +31418,6 @@ LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim LD!$LD$ac_delim -SSHDLIBS!$SSHDLIBS$ac_delim PKGCONFIG!$PKGCONFIG$ac_delim LIBEDIT!$LIBEDIT$ac_delim TEST_SSH_SHA256!$TEST_SSH_SHA256$ac_delim @@ -31433,6 +31434,7 @@ PROG_SAR!$PROG_SAR$ac_delim PROG_W!$PROG_W$ac_delim PROG_WHO!$PROG_WHO$ac_delim +PROG_LAST!$PROG_LAST$ac_delim _ACEOF if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then @@ -31474,7 +31476,6 @@ ac_delim='%!_!# ' for ac_last_try in false false false false false :; do cat >conf$$subs.sed <<_ACEOF -PROG_LAST!$PROG_LAST$ac_delim PROG_LASTLOG!$PROG_LASTLOG$ac_delim PROG_DF!$PROG_DF$ac_delim PROG_VMSTAT!$PROG_VMSTAT$ac_delim @@ -31482,6 +31483,8 @@ PROG_IPCS!$PROG_IPCS$ac_delim PROG_TAIL!$PROG_TAIL$ac_delim INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim +SSHLIBS!$SSHLIBS$ac_delim +SSHDLIBS!$SSHDLIBS$ac_delim KRB5CONF!$KRB5CONF$ac_delim PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim xauth_path!$xauth_path$ac_delim @@ -31496,7 +31499,7 @@ LTLIBOBJS!$LTLIBOBJS$ac_delim _ACEOF - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 20; then + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 21; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 @@ -31993,6 +31996,9 @@ if test ! -z "${SSHDLIBS}"; then echo " +for sshd: ${SSHDLIBS}" fi +if test ! -z "${SSHLIBS}"; then +echo " +for ssh: ${SSHLIBS}" +fi echo "" Index: b/openbsd-compat/port-linux.c =================================================================== --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -218,6 +218,20 @@ xfree(oldctx); xfree(newctx); } + +void +ssh_selinux_setfscreatecon(const char *path) +{ + security_context_t context; + + if (path == NULL) { + setfscreatecon(NULL); + return; + } + matchpathcon(path, 0700, &context); + setfscreatecon(context); +} + #endif /* WITH_SELINUX */ #ifdef LINUX_OOM_ADJUST Index: b/openbsd-compat/port-linux.h =================================================================== --- a/openbsd-compat/port-linux.h +++ b/openbsd-compat/port-linux.h @@ -24,6 +24,7 @@ void ssh_selinux_setup_pty(char *, const char *, const char *); void ssh_selinux_setup_exec_context(char *, const char *); void ssh_selinux_change_context(const char *); +void ssh_selinux_setfscreatecon(const char *); #endif #ifdef LINUX_OOM_ADJUST Index: b/ssh.c =================================================================== --- a/ssh.c +++ b/ssh.c @@ -852,15 +852,12 @@ strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { #ifdef WITH_SELINUX - char *scon; - - matchpathcon(buf, 0700, &scon); - setfscreatecon(scon); + ssh_selinux_setfscreatecon(buf); #endif if (mkdir(buf, 0700) < 0) error("Could not create directory '%.200s'.", buf); #ifdef WITH_SELINUX - setfscreatecon(NULL); + ssh_selinux_setfscreatecon(NULL); #endif } /* load options.identity_files */