Attachment #1687 for bug #1637

Lines 1796-1801 do_child(Session s, const char command Link Here

(-)session.c (+3 lines)
1796	argv[i] = NULL;	1796	argv[i] = NULL;
1797	optind = optreset = 1;	1797	optind = optreset = 1;
1798	__progname = argv[0];	1798	__progname = argv[0];
		1799	#ifdef WITH_SELINUX
		1800	ssh_selinux_change_context("sftpd_t");
		1801	#endif
1799	exit(sftp_server_main(i, argv, s->pw));	1802	exit(sftp_server_main(i, argv, s->pw));
1800	}	1803	}
1801		1804





#ifdef WITH_SELINUX
#include "log.h"
#include "xmalloc.h"
#include "port-linux.h"

#include <selinux/selinux.h>

		freecon(user_ctx);
	debug3("%s: done", __func__);
}

void
ssh_selinux_change_context(const char *newname)
{
	int len, newlen;
	char *oldctx, *newctx, *cx;

	if (!ssh_selinux_enabled())
		return;

	if (getcon((security_context_t *)&oldctx) < 0) {
		logit("%s: getcon failed with %s", __func__, strerror (errno));
		return;
	}
	if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) == NULL) {
		logit ("%s: unparseable context %s", __func__, oldctx);
		return;
	}

	newlen = strlen(oldctx) + strlen(newname) + 1;
	newctx = xmalloc(newlen);
	len = cx - oldctx + 1;
	memcpy(newctx, oldctx, len);
	strlcpy(newctx + len, newname, newlen - len);
	if ((cx = index(cx + 1, ':')))
		strlcat(newctx, cx, newlen);
	debug3("%s: setting context from '%s' to '%s'", __func__, oldctx, newctx);
	if (setcon(newctx) < 0)
		logit("%s: setcon failed with %s", __func__, strerror (errno));
	xfree(oldctx);
	xfree(newctx);
}
#endif /* WITH_SELINUX */

Lines 23-28 Link Here

(-)openbsd-compat/port-linux.h (+1 lines)
23	int ssh_selinux_enabled(void);	23	int ssh_selinux_enabled(void);
24	void ssh_selinux_setup_pty(char , const char );	24	void ssh_selinux_setup_pty(char , const char );
25	void ssh_selinux_setup_exec_context(char *);	25	void ssh_selinux_setup_exec_context(char *);
		26	void ssh_selinux_change_context(const char *);
26	#endif	27	#endif
27		28
28	#endif /* ! _PORT_LINUX_H */	29	#endif /* ! _PORT_LINUX_H */

Return to bug 1637

Lines 29-34 Link Here

(-)openbsd-compat/port-linux.c (+33 lines)
29		29
30	#ifdef WITH_SELINUX	30	#ifdef WITH_SELINUX
31	#include "log.h"	31	#include "log.h"
		32	#include "xmalloc.h"
32	#include "port-linux.h"	33	#include "port-linux.h"
33		34
34	#include <selinux/selinux.h>	35	#include <selinux/selinux.h>
Lines 168-171 ssh_selinux_setup_pty(char *pwname, cons Link Here
168	freecon(user_ctx);	169	freecon(user_ctx);
169	debug3("%s: done", __func__);	170	debug3("%s: done", __func__);
170	}	171	}
		172
		173	void
		174	ssh_selinux_change_context(const char *newname)
		175	{
		176	int len, newlen;
		177	char oldctx, newctx, *cx;
		178
		179	if (!ssh_selinux_enabled())
		180	return;
		181
		182	if (getcon((security_context_t *)&oldctx) < 0) {
		183	logit("%s: getcon failed with %s", __func__, strerror (errno));
		184	return;
		185	}
		186	if ((cx = index(oldctx, ':')) == NULL \|\| (cx = index(cx + 1, ':')) == NULL) {
		187	logit ("%s: unparseable context %s", __func__, oldctx);
		188	return;
		189	}
		190
		191	newlen = strlen(oldctx) + strlen(newname) + 1;
		192	newctx = xmalloc(newlen);
		193	len = cx - oldctx + 1;
		194	memcpy(newctx, oldctx, len);
		195	strlcpy(newctx + len, newname, newlen - len);
		196	if ((cx = index(cx + 1, ':')))
		197	strlcat(newctx, cx, newlen);
		198	debug3("%s: setting context from '%s' to '%s'", __func__, oldctx, newctx);
		199	if (setcon(newctx) < 0)
		200	logit("%s: setcon failed with %s", __func__, strerror (errno));
		201	xfree(oldctx);
		202	xfree(newctx);
		203	}
171	#endif /* WITH_SELINUX */	204	#endif /* WITH_SELINUX */