jonathan/openssh
1
0
Fork 0
forked from rpms/openssh
Code Pull Requests Activity

the private keys may be 640 root:ssh_keys ssh_keysign is sgid

Browse Source
This commit is contained in:
Jan F 2011-04-22 11:32:26 +02:00
parent 71bf983fca
commit e53c593327
1 changed files with 4 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
openssh-5.8p1-pwchange.patch
View File

@ -1,30 +1,12 @@
diff -up openssh-5.8p1/session.c.pwchange openssh-5.8p1/session.c diff -up openssh-5.8p1/session.c.pwchange openssh-5.8p1/session.c
--- openssh-5.8p1/session.c.pwchange 2011-04-20 10:46:50.144658782 +0200 --- openssh-5.8p1/session.c.pwchange 2011-04-22 09:33:52.000000000 +0200
+++ openssh-5.8p1/session.c 2011-04-20 11:36:09.055648048 +0200 +++ openssh-5.8p1/session.c 2011-04-22 09:37:14.090653775 +0200
@@ -1542,11 +1542,27 @@ do_setusercontext(struct passwd *pw) @@ -1547,6 +1547,9 @@ do_pwchange(Session *s)
static void
do_pwchange(Session *s)
{
+#ifdef WITH_SELINUX
+ pid_t pid;
+#endif
+
fflush(NULL);
fprintf(stderr, "WARNING: Your password has expired.\n");
if (s->ttyfd != -1) { if (s->ttyfd != -1) {
fprintf(stderr, fprintf(stderr,
"You must change your password now and login again!\n"); "You must change your password now and login again!\n");
+#ifdef WITH_SELINUX +#ifdef WITH_SELINUX
+ switch (pid = fork()) { + setexeccon(NULL);
+ case -1:
+ fatal("cannot fork");
+ case 0:
+ setexeccon(NULL);
+ break;
+ default:
+ waitpid(pid, NULL, 0);
+ exit(0);
+ }
+#endif +#endif
#ifdef PASSWD_NEEDS_USERNAME #ifdef PASSWD_NEEDS_USERNAME
execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name, execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name,