improving sshd -> passwd transation

openssh-5.8p1-pwchange.patch

@@ -1,21 +1,31 @@
 diff -up openssh-5.8p1/session.c.pwchange openssh-5.8p1/session.c
---- openssh-5.8p1/session.c.pwchange	2011-03-31 17:54:18.637695183 +0200
+--- openssh-5.8p1/session.c.pwchange	2011-04-20 10:46:50.144658782 +0200
-+++ openssh-5.8p1/session.c	2011-03-31 17:56:12.281684766 +0200
++++ openssh-5.8p1/session.c	2011-04-20 11:36:09.055648048 +0200
-@@ -1552,12 +1552,17 @@ do_pwchange(Session *s)
+@@ -1542,11 +1542,27 @@ do_setusercontext(struct passwd *pw)
+ static void
+ do_pwchange(Session *s)
+ {
++#ifdef WITH_SELINUX
++	pid_t pid;
++#endif
++
+ 	fflush(NULL);
+ 	fprintf(stderr, "WARNING: Your password has expired.\n");
  	if (s->ttyfd != -1) {
  		fprintf(stderr,
  		    "You must change your password now and login again!\n");
-+#ifdef __linux__
++#ifdef WITH_SELINUX
-+		execl("/bin/sh", "sh", "-c", _PATH_PASSWD_PROG, s->pw->pw_name,
++		switch (pid = fork()) {
-+		    (char *)NULL);
++			case -1:
-+#else
++				fatal("cannot fork");
++			case 0:
++				setexeccon(NULL);
++				break;
++			default:
++				waitpid(pid, NULL, 0);
++				exit(0);
++		}
++#endif
  #ifdef PASSWD_NEEDS_USERNAME
  		execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name,
  		    (char *)NULL);
- #else
- 		execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL);
- #endif
-+#endif
- 		perror("passwd");
- 	} else {
- 		fprintf(stderr,

openssh.spec

@@ -71,7 +71,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %define openssh_ver 5.8p1
-%define openssh_rel 25
+%define openssh_rel 26
 %define pam_ssh_agent_ver 0.9.2
 %define pam_ssh_agent_rel 30
 
@@ -661,6 +661,9 @@ fi
 %endif
 
 %changelog
+* Wed Apr 20 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-26 + 0.9.2-30
+- improving sshd -> passwd transation
+
 * Tue Apr  5 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-25 + 0.9.2-30
 - the intermediate context is set to sshd_sftpd_t
 - do not crash in packet.c if no connection