From c7ffe02211c1dfd81580cf347d545069af87b132 Mon Sep 17 00:00:00 2001 From: Jan F Date: Wed, 20 Apr 2011 21:59:24 +0200 Subject: [PATCH] improving sshd -> passwd transation --- openssh-5.8p1-pwchange.patch | 38 +++++++++++++++++++++++------------- openssh.spec | 5 ++++- 2 files changed, 28 insertions(+), 15 deletions(-) diff --git a/openssh-5.8p1-pwchange.patch b/openssh-5.8p1-pwchange.patch index b35cb64..8cd749d 100644 --- a/openssh-5.8p1-pwchange.patch +++ b/openssh-5.8p1-pwchange.patch @@ -1,21 +1,31 @@ diff -up openssh-5.8p1/session.c.pwchange openssh-5.8p1/session.c ---- openssh-5.8p1/session.c.pwchange 2011-03-31 17:54:18.637695183 +0200 -+++ openssh-5.8p1/session.c 2011-03-31 17:56:12.281684766 +0200 -@@ -1552,12 +1552,17 @@ do_pwchange(Session *s) +--- openssh-5.8p1/session.c.pwchange 2011-04-20 10:46:50.144658782 +0200 ++++ openssh-5.8p1/session.c 2011-04-20 11:36:09.055648048 +0200 +@@ -1542,11 +1542,27 @@ do_setusercontext(struct passwd *pw) + static void + do_pwchange(Session *s) + { ++#ifdef WITH_SELINUX ++ pid_t pid; ++#endif ++ + fflush(NULL); + fprintf(stderr, "WARNING: Your password has expired.\n"); if (s->ttyfd != -1) { fprintf(stderr, "You must change your password now and login again!\n"); -+#ifdef __linux__ -+ execl("/bin/sh", "sh", "-c", _PATH_PASSWD_PROG, s->pw->pw_name, -+ (char *)NULL); -+#else ++#ifdef WITH_SELINUX ++ switch (pid = fork()) { ++ case -1: ++ fatal("cannot fork"); ++ case 0: ++ setexeccon(NULL); ++ break; ++ default: ++ waitpid(pid, NULL, 0); ++ exit(0); ++ } ++#endif #ifdef PASSWD_NEEDS_USERNAME execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name, (char *)NULL); - #else - execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL); - #endif -+#endif - perror("passwd"); - } else { - fprintf(stderr, diff --git a/openssh.spec b/openssh.spec index 59a8f78..c0fc843 100644 --- a/openssh.spec +++ b/openssh.spec @@ -71,7 +71,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %define openssh_ver 5.8p1 -%define openssh_rel 25 +%define openssh_rel 26 %define pam_ssh_agent_ver 0.9.2 %define pam_ssh_agent_rel 30 @@ -661,6 +661,9 @@ fi %endif %changelog +* Wed Apr 20 2011 Jan F. Chadima - 5.8p1-26 + 0.9.2-30 +- improving sshd -> passwd transation + * Tue Apr 5 2011 Jan F. Chadima - 5.8p1-25 + 0.9.2-30 - the intermediate context is set to sshd_sftpd_t - do not crash in packet.c if no connection