forked from rpms/openssh
- experimental NSS keys support
- correctly setup context when empty level requested (#234951)
This commit is contained in:
parent
7210c0162a
commit
c3274ccb32
@ -49,15 +49,15 @@
|
|||||||
+ }
|
+ }
|
||||||
+ if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) {
|
+ if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) {
|
||||||
+ error("Error translating default context.");
|
+ error("Error translating default context.");
|
||||||
+ goto out;
|
+ default_raw = NULL;
|
||||||
+ }
|
+ }
|
||||||
+ if (selinux_trans_to_raw_context(selected_context, &selected_raw) < 0) {
|
+ if (selinux_trans_to_raw_context(selected_context, &selected_raw) < 0) {
|
||||||
+ error("Error translating selected context.");
|
+ error("Error translating selected context.");
|
||||||
+ goto out;
|
+ selected_raw = NULL;
|
||||||
+ }
|
+ }
|
||||||
+ if (asprintf(&msg, "sshd: default-context=%s selected-context=%s",
|
+ if (asprintf(&msg, "sshd: default-context=%s selected-context=%s",
|
||||||
+ default_context ? default_raw : "?",
|
+ default_raw ? default_raw : (default_context ? default_context: "?"),
|
||||||
+ selected_context ? selected_raw : "?") < 0) {
|
+ selected_context ? selected_raw : (selected_context ? selected_context :"?")) < 0) {
|
||||||
+ error("Error allocating memory.");
|
+ error("Error allocating memory.");
|
||||||
+ goto out;
|
+ goto out;
|
||||||
+ }
|
+ }
|
||||||
@ -95,7 +95,7 @@
|
|||||||
+get_user_context(const char *sename, const char *role, const char *lvl,
|
+get_user_context(const char *sename, const char *role, const char *lvl,
|
||||||
+ security_context_t *sc) {
|
+ security_context_t *sc) {
|
||||||
+#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
|
+#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
|
||||||
+ if (get_default_context_with_level(sename, lvl, NULL, sc) != 0) {
|
+ if (lvl == NULL || lvl[0] == '\0' || get_default_context_with_level(sename, lvl, NULL, sc) != 0) {
|
||||||
+ /* User may have requested a level completely outside of his
|
+ /* User may have requested a level completely outside of his
|
||||||
+ allowed range. We get a context just for auditing as the
|
+ allowed range. We get a context just for auditing as the
|
||||||
+ range check below will certainly fail for default context. */
|
+ range check below will certainly fail for default context. */
|
||||||
|
1416
openssh-4.5p1-nss-keys.patch
Normal file
1416
openssh-4.5p1-nss-keys.patch
Normal file
File diff suppressed because it is too large
Load Diff
20
openssh.spec
20
openssh.spec
@ -28,6 +28,9 @@
|
|||||||
# Do we want kerberos5 support (1=yes 0=no)
|
# Do we want kerberos5 support (1=yes 0=no)
|
||||||
%define kerberos5 1
|
%define kerberos5 1
|
||||||
|
|
||||||
|
# Do we want NSS tokens support
|
||||||
|
%define nss 1
|
||||||
|
|
||||||
# Whether or not /sbin/nologin exists.
|
# Whether or not /sbin/nologin exists.
|
||||||
%define nologin 1
|
%define nologin 1
|
||||||
|
|
||||||
@ -61,7 +64,7 @@
|
|||||||
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
|
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
|
||||||
Name: openssh
|
Name: openssh
|
||||||
Version: 4.5p1
|
Version: 4.5p1
|
||||||
Release: 6%{?dist}%{?rescue_rel}
|
Release: 7%{?dist}%{?rescue_rel}
|
||||||
URL: http://www.openssh.com/portable.html
|
URL: http://www.openssh.com/portable.html
|
||||||
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||||
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig
|
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig
|
||||||
@ -90,6 +93,7 @@ Patch44: openssh-4.3p2-allow-ip-opts.patch
|
|||||||
Patch48: openssh-4.3p2-pam-session.patch
|
Patch48: openssh-4.3p2-pam-session.patch
|
||||||
Patch49: openssh-4.3p2-gssapi-canohost.patch
|
Patch49: openssh-4.3p2-gssapi-canohost.patch
|
||||||
Patch50: openssh-4.5p1-mls.patch
|
Patch50: openssh-4.5p1-mls.patch
|
||||||
|
Patch51: openssh-4.5p1-nss-keys.patch
|
||||||
License: BSD
|
License: BSD
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
@ -115,7 +119,7 @@ BuildRequires: autoconf, automake, openssl-devel, perl, zlib-devel
|
|||||||
BuildRequires: audit-libs-devel
|
BuildRequires: audit-libs-devel
|
||||||
BuildRequires: util-linux, groff, man
|
BuildRequires: util-linux, groff, man
|
||||||
BuildRequires: pam-devel
|
BuildRequires: pam-devel
|
||||||
BuildRequires: tcp_wrappers-devel
|
#BuildRequires: tcp_wrappers-devel
|
||||||
|
|
||||||
%if %{kerberos5}
|
%if %{kerberos5}
|
||||||
BuildRequires: krb5-devel
|
BuildRequires: krb5-devel
|
||||||
@ -217,6 +221,7 @@ an X11 passphrase dialog for OpenSSH.
|
|||||||
%patch48 -p1 -b .pam-sesssion
|
%patch48 -p1 -b .pam-sesssion
|
||||||
%patch49 -p1 -b .canohost
|
%patch49 -p1 -b .canohost
|
||||||
%patch50 -p1 -b .mls
|
%patch50 -p1 -b .mls
|
||||||
|
%patch51 -p1 -b .nss-keys
|
||||||
|
|
||||||
autoreconf
|
autoreconf
|
||||||
|
|
||||||
@ -259,6 +264,9 @@ fi
|
|||||||
--enable-vendor-patchlevel="FC-%{version}-%{release}" \
|
--enable-vendor-patchlevel="FC-%{version}-%{release}" \
|
||||||
--disable-strip \
|
--disable-strip \
|
||||||
--without-zlib-version-check \
|
--without-zlib-version-check \
|
||||||
|
%if %{nss}
|
||||||
|
--with-nss \
|
||||||
|
%endif
|
||||||
%if %{scard}
|
%if %{scard}
|
||||||
--with-smartcard \
|
--with-smartcard \
|
||||||
%endif
|
%endif
|
||||||
@ -342,6 +350,10 @@ rm -f $RPM_BUILD_ROOT/etc/profile.d/gnome-ssh-askpass.*
|
|||||||
|
|
||||||
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
|
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
|
||||||
|
|
||||||
|
rm -f README.nss.nss-keys
|
||||||
|
%if ! %{nss}
|
||||||
|
rm -f README.nss
|
||||||
|
%endif
|
||||||
%clean
|
%clean
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
@ -460,6 +472,10 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jun 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-7
|
||||||
|
- experimental NSS keys support
|
||||||
|
- correctly setup context when empty level requested (#234951)
|
||||||
|
|
||||||
* Tue Mar 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-6
|
* Tue Mar 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-6
|
||||||
- mls level check must be done with default role same as requested
|
- mls level check must be done with default role same as requested
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user