Make the code build without SELinux and without Audit

2016-09-15 16:36:04 +02:00 · 2016-09-15 16:36:04 +02:00 · 739842b137
commit 739842b137
parent 0a605f4d31
3 changed files with 11 additions and 5 deletions
--- a/openssh-6.6p1-role-mls.patch
+++ b/openssh-6.6p1-role-mls.patch
@ -131,7 +131,7 @@ diff -up openssh/auth2-hostbased.c.role-mls openssh/auth2-hostbased.c
 diff -up openssh/auth2-pubkey.c.role-mls openssh/auth2-pubkey.c
 --- openssh/auth2-pubkey.c.role-mls	2016-07-24 13:50:13.000000000 +0200
 +++ openssh/auth2-pubkey.c	2016-07-26 12:37:48.794593332 +0200
-@@ -151,9 +151,11 @@ userauth_pubkey(Authctxt *authctxt)
+@@ -151,9 +151,15 @@ userauth_pubkey(Authctxt *authctxt)
 		}
 		/* reconstruct packet */
 		buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
@ -140,8 +140,12 @@ diff -up openssh/auth2-pubkey.c.role-mls openssh/auth2-pubkey.c
 		    authctxt->style ? ":" : "",
 -		    authctxt->style ? authctxt->style : "");
 +		    authctxt->style ? authctxt->style : "",
+#ifdef WITH_SELINUX
 +		    authctxt->role ? "/" : "",
 +		    authctxt->role ? authctxt->role : "");
+#else
+		    "", "");
+#endif
 		buffer_put_cstring(&b, userstyle);
 		free(userstyle);
 		buffer_put_cstring(&b,
--- a/openssh-7.2p1-audit.patch
+++ b/openssh-7.2p1-audit.patch
@ -1285,7 +1285,7 @@ diff -up openssh-7.3p1/monitor.c.audit openssh-7.3p1/monitor.c
 	while (waitpid(pmonitor->m_pid, &status, 0) == -1)
 		if (errno != EINTR)
 			exit(1);
-@@ -1908,11 +1956,43 @@ mm_answer_audit_command(int socket, Buff
+@@ -1908,11 +1956,45 @@ mm_answer_audit_command(int socket, Buff
 {
 	u_int len;
 	char *cmd;
@ -1300,7 +1300,9 @@ diff -up openssh-7.3p1/monitor.c.audit openssh-7.3p1/monitor.c
 +	if (s == NULL)
 +		fatal("%s: error allocating a session", __func__);
 +	s->command = cmd;
+#ifdef SSH_AUDIT_EVENTS
 +	s->command_handle = audit_run_command(cmd);
+#endif
 +
 +	buffer_clear(m);
 +	buffer_put_int(m, s->self);
@ -1875,11 +1877,13 @@ diff -up openssh-7.3p1/session.c.audit openssh-7.3p1/session.c
 
 	/* Force a password change */
 	if (s->authctxt->force_pwchange) {
-@@ -1986,6 +2001,7 @@ session_unused(int id)
+@@ -1986,6 +2001,9 @@ session_unused(int id)
 	sessions[id].ttyfd = -1;
 	sessions[id].ptymaster = -1;
 	sessions[id].x11_chanids = NULL;
+#ifdef SSH_AUDIT_EVENTS
 +	sessions[id].command_handle = -1;
+#endif
 	sessions[id].next_unused = sessions_first_unused;
 	sessions_first_unused = id;
 }
--- a/openssh.spec
+++ b/openssh.spec
@ -404,10 +404,8 @@ rm -f $(cat %{SOURCE5})
 popd
 %endif

-%if %{WITH_SELINUX}
 %patch400 -p1 -b .role-mls
 %patch404 -p1 -b .privsep-selinux
-%endif

 %if %{ldap}
 %patch501 -p1 -b .ldap