Bugzilla – Attachment 919 Details for
Bug 1043
Trusted IRIX Support
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to apply Trusted IRIX changes
diff_openssh-4.0p1_trix (text/plain), 6.27 KB, created by
Jason Ostermann
on 2005-05-21 07:27:26 AEST
(
hide
)
Description:
Patch to apply Trusted IRIX changes
Filename:
MIME Type:
Creator:
Jason Ostermann
Created:
2005-05-21 07:27:26 AEST
Size:
6.27 KB
patch
obsolete
>diff -r -C3 openssh-4.0p1/acconfig.h openssh-4.0p1.trix/acconfig.h >*** openssh-4.0p1/acconfig.h Fri Feb 25 17:07:38 2005 >--- openssh-4.0p1.trix/acconfig.h Thu May 12 10:32:25 2005 >*************** >*** 146,151 **** >--- 146,157 ---- > /* Define if you want IRIX kernel jobs */ > #undef WITH_IRIX_JOBS > >+ /* Define if you want IRIX Capability support */ >+ #undef WITH_IRIX_CAP >+ >+ /* Define if you want IRIX MAC Label support (Trusted IRIX only!) */ >+ #undef WITH_IRIX_MAC >+ > /* Location of PRNGD/EGD random number socket */ > #undef PRNGD_SOCKET >diff -r -C3 openssh-4.0p1/config.h.in openssh-4.0p1.trix/config.h.in >*** openssh-4.0p1/config.h.in Tue Mar 8 22:54:14 2005 >--- openssh-4.0p1.trix/config.h.in Thu May 12 12:56:15 2005 >*************** >*** 146,151 **** >--- 146,157 ---- > /* Define if you want IRIX kernel jobs */ > #undef WITH_IRIX_JOBS > >+ /* Define if you want IRIX Capability support */ >+ #undef WITH_IRIX_CAP >+ >+ /* Define if you want IRIX MAC Label support (Trusted IRIX only!) */ >+ #undef WITH_IRIX_MAC >+ > /* Location of PRNGD/EGD random number socket */ > #undef PRNGD_SOCKET >diff -r -C3 openssh-4.0p1/configure.ac openssh-4.0p1.trix/configure.ac >*** openssh-4.0p1/configure.ac Mon Mar 7 03:21:37 2005 >--- openssh-4.0p1.trix/configure.ac Thu May 12 10:33:58 2005 >*************** >*** 241,246 **** >--- 241,248 ---- > AC_DEFINE(WITH_IRIX_ARRAY) > AC_DEFINE(WITH_IRIX_PROJECT) > AC_DEFINE(WITH_IRIX_AUDIT) >+ AC_DEFINE(WITH_IRIX_CAP) >+ AC_DEFINE(WITH_IRIX_MAC) > AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)]) > AC_DEFINE(BROKEN_INET_NTOA) > AC_DEFINE(SETEUID_BREAKS_SETUID) >diff -r -C3 openssh-4.0p1/openbsd-compat/port-irix.c openssh-4.0p1.trix/openbsd-compat/port-irix.c >*** openssh-4.0p1/openbsd-compat/port-irix.c Sat May 31 22:23:57 2003 >--- openssh-4.0p1.trix/openbsd-compat/port-irix.c Thu May 12 13:01:58 2005 >*************** >*** 38,43 **** >--- 39,51 ---- > #ifdef WITH_IRIX_AUDIT > # include <sat.h> > #endif /* WITH_IRIX_AUDIT */ >+ #ifdef WITH_IRIX_CAP >+ # include <sys/capability.h> >+ #endif /* WITH_IRIX_CAP */ >+ #ifdef WITH_IRIX_MAC >+ # include <sys/mac.h> >+ # include <sys/mac_label.h> >+ #endif /* WITH_IRIX_MAC */ > > void > irix_setusercontext(struct passwd *pw) >*************** >*** 84,86 **** >--- 92,144 ---- > > > #endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ >+ >+ #ifdef WITH_IRIX_CAP >+ void >+ irix_set_cap(const char * cap_string) >+ { >+ cap_t running_cap; >+ if(cap_string == NULL) >+ fatal("irix_set_cap received NULL for input!"); >+ if(sysconf(_SC_CAP) != 0) { >+ debug("irix_set_cap: setting capability to %s",cap_string); >+ running_cap=cap_from_text(cap_string); >+ if(running_cap != NULL) { >+ if(cap_set_proc(running_cap) != 0) >+ fatal("Unable to set the process capability " >+ "set to %s!",cap_string); >+ cap_free(running_cap); >+ } >+ else >+ fatal("Unable to convert %s into a capability set!", >+ cap_string); >+ } >+ } >+ >+ #endif /* WITH_IRIX_CAP */ >+ >+ >+ #ifdef WITH_IRIX_MAC >+ void >+ irix_set_mac(const char * mac_string) >+ { >+ mac_t running_mac; >+ if(mac_string == NULL) >+ fatal("irix_set_mac received NULL for input!"); >+ if(sysconf(_SC_MAC) != 0) { >+ debug("irix_set_mac: setting mac label to %s",mac_string); >+ running_mac=mac_from_text(mac_string); >+ if(running_mac != NULL) { >+ if(mac_set_proc(running_mac) != 0) >+ fatal("Unable to set the process mac label " >+ "to %s!",mac_string); >+ mac_free(running_mac); >+ } >+ else >+ fatal("Unable to convert %s into a mac label!", >+ mac_string); >+ } >+ } >+ >+ #endif /* WITH_IRIX_MAC */ >+ >diff -r -C3 openssh-4.0p1/session.c openssh-4.0p1.trix/session.c >*** openssh-4.0p1/session.c Sun Mar 6 05:38:52 2005 >--- openssh-4.0p1.trix/session.c Thu May 12 13:03:23 2005 >*************** >*** 1554,1559 **** >--- 1554,1583 ---- > #endif > } > >+ #ifdef WITH_IRIX_CAP >+ /* Set the user's capabilities before running their RC files!! >+ Only if we won't use login(1), as login handles setting >+ capabilities itself */ >+ if (!options.use_login) { >+ if(child_get_env(env,"CAP") == NULL) >+ irix_set_cap("all="); >+ else >+ irix_set_cap(child_get_env(env,"CAP")); >+ } >+ #endif /* WITH_IRIX_CAP */ >+ >+ #ifdef WITH_IRIX_MAC >+ /* Set the user's mac label before running their RC files!! >+ Only if we won't use login(1), as login handles setting >+ mac labels itself */ >+ if (!options.use_login) { >+ if(child_get_env(env,"MAC") == NULL) >+ irix_set_mac("all="); >+ else >+ irix_set_mac(child_get_env(env,"MAC")); >+ } >+ #endif /* WITH_IRIX_MAC */ >+ > if (!options.use_login) > do_rc_files(s, shell); >diff -r -C3 openssh-4.0p1/uidswap.c openssh-4.0p1.trix/uidswap.c >*** openssh-4.0p1/uidswap.c Tue Feb 22 00:57:13 2005 >--- openssh-4.0p1.trix/uidswap.c Thu May 12 12:05:00 2005 >*************** >*** 202,207 **** >--- 203,216 ---- > fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); > #endif > >+ #ifdef WITH_IRIX_CAP >+ /* Don't want to perform the following checks on a system >+ that supports capabilities, because they may be valid >+ actions */ >+ if(sysconf(_SC_CAP != 0)) >+ return; >+ #endif /* WITH_IRIX_CAP */ >+ > #ifndef HAVE_CYGWIN > /* Try restoration of GID if changed (test clearing of saved gid) */ > if (old_gid != pw->pw_gid && pw->pw_uid != 0 &&
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=919">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1043
: 919