2009-07-17 07:06:59 +00:00
|
|
|
diff -up openssh-5.2p1/session.c.sesftp openssh-5.2p1/session.c
|
2009-08-28 22:43:53 +00:00
|
|
|
--- openssh-5.2p1/session.c.sesftp 2009-08-09 10:21:11.586827446 +0200
|
|
|
|
+++ openssh-5.2p1/session.c 2009-08-09 10:39:30.475622699 +0200
|
|
|
|
@@ -58,6 +58,9 @@
|
2009-07-17 07:06:59 +00:00
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <unistd.h>
|
2009-08-28 22:43:53 +00:00
|
|
|
+#ifdef WITH_SELINUX
|
2009-07-17 07:06:59 +00:00
|
|
|
+#include <selinux/selinux.h>
|
2009-08-28 22:43:53 +00:00
|
|
|
+#endif
|
2009-07-17 07:06:59 +00:00
|
|
|
|
|
|
|
#include "openbsd-compat/sys-queue.h"
|
|
|
|
#include "xmalloc.h"
|
2009-08-28 22:43:53 +00:00
|
|
|
@@ -101,6 +104,9 @@
|
|
|
|
c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \
|
|
|
|
c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t'))
|
2009-07-22 14:22:03 +00:00
|
|
|
|
2009-08-28 22:43:53 +00:00
|
|
|
+#ifdef WITH_SELINUX
|
|
|
|
+#define SFTPD_T "sftpd_t"
|
|
|
|
+#endif
|
|
|
|
/* func */
|
|
|
|
|
|
|
|
Session *session_new(void);
|
|
|
|
@@ -1789,6 +1795,10 @@ do_child(Session *s, const char *command
|
2009-07-22 14:22:03 +00:00
|
|
|
extern int optind, optreset;
|
2009-08-28 22:43:53 +00:00
|
|
|
int i;
|
|
|
|
char *p, *args;
|
|
|
|
+#ifdef WITH_SELINUX
|
|
|
|
+ int L1, L2;
|
|
|
|
+ char *c1, *c2, *cx;
|
|
|
|
+#endif
|
2009-07-22 14:22:03 +00:00
|
|
|
|
|
|
|
setproctitle("%s@internal-sftp-server", s->pw->pw_name);
|
|
|
|
args = xstrdup(command ? command : "sftp-server");
|
2009-08-28 22:43:53 +00:00
|
|
|
@@ -1798,6 +1808,32 @@ do_child(Session *s, const char *command
|
2009-07-17 07:06:59 +00:00
|
|
|
argv[i] = NULL;
|
|
|
|
optind = optreset = 1;
|
|
|
|
__progname = argv[0];
|
2009-08-28 22:43:53 +00:00
|
|
|
+#ifdef WITH_SELINUX
|
|
|
|
+ if (getcon ((security_context_t *) &c1) < 0) {
|
|
|
|
+ logit("do_child: getcon failed with %s", strerror (errno));
|
2009-07-22 14:22:03 +00:00
|
|
|
+ } else {
|
2009-08-28 22:43:53 +00:00
|
|
|
+ L1 = strlen (c1) + sizeof (SFTPD_T);
|
|
|
|
+ c2 = xmalloc (L1);
|
2009-07-22 14:22:03 +00:00
|
|
|
+ if (!(cx = index (c1, ':')))
|
|
|
|
+ goto badcontext;
|
|
|
|
+ if (!(cx = index (cx + 1, ':'))) {
|
|
|
|
+badcontext:
|
|
|
|
+ logit ("do_child: unparseable context %s", c1);
|
|
|
|
+ } else {
|
2009-08-28 22:43:53 +00:00
|
|
|
+ L2 = cx - c1 + 1;
|
|
|
|
+ memcpy (c2, c1, L2);
|
|
|
|
+ strlcpy (c2 + L2, SFTPD_T, L1);
|
2009-07-22 14:22:03 +00:00
|
|
|
+ if ((cx = index (cx + 1, ':')))
|
2009-08-28 22:43:53 +00:00
|
|
|
+ strlcat (c2, cx, L1);
|
2009-08-26 10:44:57 +00:00
|
|
|
+ if (setcon (c2) < 0)
|
2009-08-28 22:43:53 +00:00
|
|
|
+ logit("do_child: setcon failed with %s", strerror (errno));
|
2009-07-22 14:22:03 +00:00
|
|
|
+
|
|
|
|
+ }
|
2009-08-28 22:43:53 +00:00
|
|
|
+ xfree (c1);
|
|
|
|
+ xfree (c2);
|
2009-07-22 14:22:03 +00:00
|
|
|
+ }
|
2009-08-28 22:43:53 +00:00
|
|
|
+#endif
|
2009-07-21 08:59:16 +00:00
|
|
|
+
|
2009-07-17 07:06:59 +00:00
|
|
|
exit(sftp_server_main(i, argv, s->pw));
|
|
|
|
}
|
|
|
|
|