openssh/openssh-5.2p1-sesftp.patch

68 lines
1.8 KiB
Diff
Raw Normal View History

diff -up openssh-5.2p1/session.c.sesftp openssh-5.2p1/session.c
--- openssh-5.2p1/session.c.sesftp 2009-08-09 10:21:11.586827446 +0200
+++ openssh-5.2p1/session.c 2009-08-09 10:39:30.475622699 +0200
@@ -58,6 +58,9 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif
#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
@@ -101,6 +104,9 @@
c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \
c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t'))
+#ifdef WITH_SELINUX
+#define SFTPD_T "sftpd_t"
+#endif
/* func */
Session *session_new(void);
@@ -1789,6 +1795,10 @@ do_child(Session *s, const char *command
extern int optind, optreset;
int i;
char *p, *args;
+#ifdef WITH_SELINUX
+ int L1, L2;
+ char *c1, *c2, *cx;
+#endif
setproctitle("%s@internal-sftp-server", s->pw->pw_name);
args = xstrdup(command ? command : "sftp-server");
@@ -1798,6 +1808,32 @@ do_child(Session *s, const char *command
argv[i] = NULL;
optind = optreset = 1;
__progname = argv[0];
+#ifdef WITH_SELINUX
+ if (getcon ((security_context_t *) &c1) < 0) {
+ logit("do_child: getcon failed with %s", strerror (errno));
+ } else {
+ L1 = strlen (c1) + sizeof (SFTPD_T);
+ c2 = xmalloc (L1);
+ if (!(cx = index (c1, ':')))
+ goto badcontext;
+ if (!(cx = index (cx + 1, ':'))) {
+badcontext:
+ logit ("do_child: unparseable context %s", c1);
+ } else {
+ L2 = cx - c1 + 1;
+ memcpy (c2, c1, L2);
+ strlcpy (c2 + L2, SFTPD_T, L1);
+ if ((cx = index (cx + 1, ':')))
+ strlcat (c2, cx, L1);
2009-08-26 10:44:57 +00:00
+ if (setcon (c2) < 0)
+ logit("do_child: setcon failed with %s", strerror (errno));
+
+ }
+ xfree (c1);
+ xfree (c2);
+ }
+#endif
+
exit(sftp_server_main(i, argv, s->pw));
}