Attachment #1110 for bug #880

Lines 43-48 LD=@LD@ Link Here

(-)Makefile.in (-1 / +2 lines)
43	CFLAGS=@CFLAGS@	43	CFLAGS=@CFLAGS@
44	CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@	44	CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
45	LIBS=@LIBS@	45	LIBS=@LIBS@
		46	LIBSELINUX=@LIBSELINUX@
46	LIBEDIT=@LIBEDIT@	47	LIBEDIT=@LIBEDIT@
47	LIBPAM=@LIBPAM@	48	LIBPAM=@LIBPAM@
48	LIBWRAP=@LIBWRAP@	49	LIBWRAP=@LIBWRAP@
Lines 136-142 ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS Link Here
136	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)	137	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
137		138
138	sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)	139	sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
139	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS)	140	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(LIBS)
140		141
141	scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o	142	scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
142	$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)	143	$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)




			[#include <arpa/nameser.h>])
	])

# Check whether user wants SELinux support
SELINUX_MSG="no"
LIBSELINUX=""
AC_ARG_WITH(selinux,
	[  --with-selinux   Enable SELinux support],
	[ if test "x$withval" != "xno" ; then
		AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
		SELINUX_MSG="yes"
		AC_CHECK_HEADER([selinux/selinux.h], ,
		    AC_MSG_ERROR(SELinux support requires selinux.h header))
		AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
		    AC_MSG_ERROR(SELinux support requires libselinux library))
		AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
	fi ]
)
AC_SUBST(LIBSELINUX)

# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
AC_ARG_WITH(kerberos5,

echo "                    Manpage format: $MANTYPE"
echo "                       PAM support: $PAM_MSG"
echo "                 KerberosV support: $KRB5_MSG"
echo "                   SELinux support: $SELINUX_MSG"
echo "                 Smartcard support: $SCARD_MSG"
echo "                     S/KEY support: $SKEY_MSG"
echo "              TCP Wrappers support: $TCPW_MSG"

Lines 1352-1357 do_setusercontext(struct passwd *pw) Link Here

(-)session.c (+2 lines)
1352	#endif	1352	#endif
1353	if (getuid() != pw->pw_uid \|\| geteuid() != pw->pw_uid)	1353	if (getuid() != pw->pw_uid \|\| geteuid() != pw->pw_uid)
1354	fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);	1354	fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
		1355
		1356	ssh_selinux_setup_exec_context(pw->pw_name);
1355	}	1357	}
1356		1358
1357	static void	1359	static void

Lines 210-215 pty_setowner(struct passwd *pw, const ch Link Here

(-)sshpty.c (+2 lines)
210	fatal("stat(%.100s) failed: %.100s", tty,	210	fatal("stat(%.100s) failed: %.100s", tty,
211	strerror(errno));	211	strerror(errno));
212		212
		213	ssh_selinux_setup_pty(pw->pw_name, tty);
		214
213	if (st.st_uid != pw->pw_uid \|\| st.st_gid != gid) {	215	if (st.st_uid != pw->pw_uid \|\| st.st_gid != gid) {
214	if (chown(tty, pw->pw_uid, gid) < 0) {	216	if (chown(tty, pw->pw_uid, gid) < 0) {
215	if (errno == EROFS &&	217	if (errno == EROFS &&

Lines 35-40 do_rsa1_keygen() { Link Here

(-)contrib/redhat/sshd.init (+9 lines)
35	if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then	35	if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
36	chmod 600 $RSA1_KEY	36	chmod 600 $RSA1_KEY
37	chmod 644 $RSA1_KEY.pub	37	chmod 644 $RSA1_KEY.pub
		38	if [ -x /sbin/restorecon ]; then
		39	/sbin/restorecon $RSA1_KEY.pub
		40	fi
38	success $"RSA1 key generation"	41	success $"RSA1 key generation"
39	echo	42	echo
40	else	43	else
Lines 51-56 do_rsa_keygen() { Link Here
51	if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then	54	if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
52	chmod 600 $RSA_KEY	55	chmod 600 $RSA_KEY
53	chmod 644 $RSA_KEY.pub	56	chmod 644 $RSA_KEY.pub
		57	if [ -x /sbin/restorecon ]; then
		58	/sbin/restorecon $RSA_KEY.pub
		59	fi
54	success $"RSA key generation"	60	success $"RSA key generation"
55	echo	61	echo
56	else	62	else
Lines 67-72 do_dsa_keygen() { Link Here
67	if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then	73	if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
68	chmod 600 $DSA_KEY	74	chmod 600 $DSA_KEY
69	chmod 644 $DSA_KEY.pub	75	chmod 644 $DSA_KEY.pub
		76	if [ -x /sbin/restorecon ]; then
		77	/sbin/restorecon $DSA_KEY.pub
		78	fi
70	success $"DSA key generation"	79	success $"DSA key generation"
71	echo	80	echo
72	else	81	else

Lines 20-26 OPENBSD=base64.o basename.o bindresvport Link Here

(-)openbsd-compat/Makefile.in (-1 / +1 lines)
20		20
21	COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o	21	COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
22		22
23	PORTS=port-irix.o port-aix.o port-uw.o port-tun.o	23	PORTS=port-irix.o port-linux.o port-aix.o port-uw.o port-tun.o
24		24
25	.c.o:	25	.c.o:
26	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<	26	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<

Lines 185-190 char shadow_pw(struct passwd pw); Link Here

(-)openbsd-compat/openbsd-compat.h (+1 lines)
185	#include "bsd-cray.h"	185	#include "bsd-cray.h"
186	#include "bsd-cygwin_util.h"	186	#include "bsd-cygwin_util.h"
187	#include "port-irix.h"	187	#include "port-irix.h"
		188	#include "port-linux.h"
188	#include "port-aix.h"	189	#include "port-aix.h"
189	#include "port-uw.h"	190	#include "port-uw.h"
190	#include "port-tun.h"	191	#include "port-tun.h"




/* $Id$ */

/*
 * Copyright (c) 2006 Damien Miller <djm@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/*
 * Linux-specified portability code - just SELinux support at present
 * 
 * SELinux support based on patch from Daniel Walsh <dwalsh AT redhat.com>
 * http://bugzilla.mindrot.org/show_bug.cgi?id=880
 */

#include "includes.h"

#ifdef WITH_SELINUX
#include "log.h"
#include "port-linux.h"

#include <selinux/selinux.h>
#include <selinux/flask.h>
#include <selinux/get_context_list.h>

/* Wrapper around is_selinux_enabled() to log its return value once only */
static int
ssh_selinux_enabled(void)
{
	static int enabled = -1;

	if (enabled == -1) {
		enabled = is_selinux_enabled();
		debug("SELinux support %s", enabled ? "enabled" : "disabled");
	}

	return (enabled);
}

/* Return the default security context for the given username */
static security_context_t
ssh_selinux_getctxbyname(char *pwname)
{
	security_context_t sc;
	char *sename = NULL, *lvl = NULL;

#ifdef HAVE_GETSEUSERBYNAME
	if (getseuserbyname(pwname, &sename, &lvl) != 0)
		return NULL;
#else
	sename = pwname;
	lvl = NULL;
#endif

#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
	if (get_default_context_with_level(sename, lvl, NULL, &sc) != 0) {
#else
	if (get_default_context(sename, NULL, &sc) != 0) {
#endif
		switch (security_getenforce()) {
		case -1:
			fatal("%s: ssh_selinux_getctxbyname: "
			    "security_getenforce() failed", __func__);
		case 0:
			error("%s: Failed to get default SELinux security "
			    "context for %s", __func__, pwname);
		default:
			fatal("%s: Failed to get default SELinux security "
			    "context for %s (in enforcing mode)",
			    __func__, pwname);
		}
	}

#ifdef HAVE_GETSEUSERBYNAME
	if (sename != NULL)
		xfree(sename);
	if (lvl != NULL)
		xfree(lvl);
#endif

	return (sc);
}

/* Set the execution context to the default for the specified user */
void
ssh_selinux_setup_exec_context(char *pwname)
{
	security_context_t user_ctx = NULL;

	if (!ssh_selinux_enabled())
		return;

	debug3("%s: setting execution context", __func__);

	user_ctx = ssh_selinux_getctxbyname(pwname);
	if (setexeccon(user_ctx) != 0) {
		switch (security_getenforce()) {
		case -1:
			fatal("%s: security_getenforce() failed", __func__);
		case 0:
			error("%s: Failed to set SELinux execution "
			    "context for %s", __func__, pwname);
		default:
			fatal("%s: Failed to set SELinux execution context "
			    "for %s (in enforcing mode)", __func__, pwname);
		}
	}
	if (user_ctx != NULL)
		freecon(user_ctx);

	debug3("%s: done", __func__);
}

/* Set the TTY context for the specified user */
void
ssh_selinux_setup_pty(char *pwname, const char *tty)
{
	security_context_t new_tty_ctx = NULL;
	security_context_t user_ctx = NULL;
	security_context_t old_tty_ctx = NULL;

	if (!ssh_selinux_enabled())
		return;

	debug3("%s: setting TTY context on %s", __func__, tty);

	user_ctx = ssh_selinux_getctxbyname(pwname);

	/* XXX: should these calls fatal() upon failure in enforcing mode? */

	if (getfilecon(tty, &old_tty_ctx) == -1) {
		error("%s: getfilecon: %s", __func__, strerror(errno));
		goto out;
	}

	if (security_compute_relabel(user_ctx, old_tty_ctx,
	    SECCLASS_CHR_FILE, &new_tty_ctx) != 0) {
		error("%s: security_compute_relabel: %s",
		    __func__, strerror(errno));
		goto out;
	}

	if (setfilecon(tty, new_tty_ctx) != 0)
		error("%s: setfilecon: %s", __func__, strerror(errno));
 out:
	if (new_tty_ctx != NULL)
		freecon(new_tty_ctx);
	if (old_tty_ctx != NULL)
		freecon(old_tty_ctx);
	if (user_ctx != NULL)
		freecon(user_ctx);
	debug3("%s: done", __func__);
}
#endif /* WITH_SELINUX */




/* $Id$ */

/*
 * Copyright (c) 2006 Damien Miller <djm@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#ifndef _PORT_LINUX_H
#define _PORT_LINUX_H

#ifdef WITH_SELINUX
void ssh_selinux_setup_pty(char *, const char *);
void ssh_selinux_setup_exec_context(char *);
#else
# define ssh_selinux_setup_pty(a, b)
# define ssh_selinux_setup_exec_context(a)
#endif

#endif /* ! _PORT_LINUX_H */

Return to bug 880

Lines 3000-3005 int main() Link Here

(-)configure.ac (+18 lines)
3000	[#include <arpa/nameser.h>])	3000	[#include <arpa/nameser.h>])
3001	])	3001	])
3002		3002
		3003	# Check whether user wants SELinux support
		3004	SELINUX_MSG="no"
		3005	LIBSELINUX=""
		3006	AC_ARG_WITH(selinux,
		3007	[ --with-selinux Enable SELinux support],
		3008	[ if test "x$withval" != "xno" ; then
		3009	AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
		3010	SELINUX_MSG="yes"
		3011	AC_CHECK_HEADER([selinux/selinux.h], ,
		3012	AC_MSG_ERROR(SELinux support requires selinux.h header))
		3013	AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
		3014	AC_MSG_ERROR(SELinux support requires libselinux library))
		3015	AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
		3016	fi ]
		3017	)
		3018	AC_SUBST(LIBSELINUX)
		3019
3003	# Check whether user wants Kerberos 5 support	3020	# Check whether user wants Kerberos 5 support
3004	KRB5_MSG="no"	3021	KRB5_MSG="no"
3005	AC_ARG_WITH(kerberos5,	3022	AC_ARG_WITH(kerberos5,
Lines 3818-3823 fi Link Here
3818	echo " Manpage format: $MANTYPE"	3835	echo " Manpage format: $MANTYPE"
3819	echo " PAM support: $PAM_MSG"	3836	echo " PAM support: $PAM_MSG"
3820	echo " KerberosV support: $KRB5_MSG"	3837	echo " KerberosV support: $KRB5_MSG"
		3838	echo " SELinux support: $SELINUX_MSG"
3821	echo " Smartcard support: $SCARD_MSG"	3839	echo " Smartcard support: $SCARD_MSG"
3822	echo " S/KEY support: $SKEY_MSG"	3840	echo " S/KEY support: $SKEY_MSG"
3823	echo " TCP Wrappers support: $TCPW_MSG"	3841	echo " TCP Wrappers support: $TCPW_MSG"

Added Link Here

(-)openbsd-compat/port-linux.c (+164 lines)
1	/* $Id$ */
2
3	/*
4	* Copyright (c) 2006 Damien Miller <djm@openbsd.org>
5	*
6	* Permission to use, copy, modify, and distribute this software for any
7	* purpose with or without fee is hereby granted, provided that the above
8	* copyright notice and this permission notice appear in all copies.
9	*
10	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17	*/
18
19	/*
20	* Linux-specified portability code - just SELinux support at present
21	*
22	* SELinux support based on patch from Daniel Walsh <dwalsh AT redhat.com>
23	* http://bugzilla.mindrot.org/show_bug.cgi?id=880
24	*/
25
26	#include "includes.h"
27
28	#ifdef WITH_SELINUX
29	#include "log.h"
30	#include "port-linux.h"
31
32	#include <selinux/selinux.h>
33	#include <selinux/flask.h>
34	#include <selinux/get_context_list.h>
35
36	/* Wrapper around is_selinux_enabled() to log its return value once only */
37	static int
38	ssh_selinux_enabled(void)
39	{
40	static int enabled = -1;
41
42	if (enabled == -1) {
43	enabled = is_selinux_enabled();
44	debug("SELinux support %s", enabled ? "enabled" : "disabled");
45	}
46
47	return (enabled);
48	}
49
50	/* Return the default security context for the given username */
51	static security_context_t
52	ssh_selinux_getctxbyname(char *pwname)
53	{
54	security_context_t sc;
55	char sename = NULL, lvl = NULL;
56
57	#ifdef HAVE_GETSEUSERBYNAME
58	if (getseuserbyname(pwname, &sename, &lvl) != 0)
59	return NULL;
60	#else
61	sename = pwname;
62	lvl = NULL;
63	#endif
64
65	#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
66	if (get_default_context_with_level(sename, lvl, NULL, &sc) != 0) {
67	#else
68	if (get_default_context(sename, NULL, &sc) != 0) {
69	#endif
70	switch (security_getenforce()) {
71	case -1:
72	fatal("%s: ssh_selinux_getctxbyname: "
73	"security_getenforce() failed", __func__);
74	case 0:
75	error("%s: Failed to get default SELinux security "
76	"context for %s", __func__, pwname);
77	default:
78	fatal("%s: Failed to get default SELinux security "
79	"context for %s (in enforcing mode)",
80	__func__, pwname);
81	}
82	}
83
84	#ifdef HAVE_GETSEUSERBYNAME
85	if (sename != NULL)
86	xfree(sename);
87	if (lvl != NULL)
88	xfree(lvl);
89	#endif
90
91	return (sc);
92	}
93
94	/* Set the execution context to the default for the specified user */
95	void
96	ssh_selinux_setup_exec_context(char *pwname)
97	{
98	security_context_t user_ctx = NULL;
99
100	if (!ssh_selinux_enabled())
101	return;
102
103	debug3("%s: setting execution context", __func__);
104
105	user_ctx = ssh_selinux_getctxbyname(pwname);
106	if (setexeccon(user_ctx) != 0) {
107	switch (security_getenforce()) {
108	case -1:
109	fatal("%s: security_getenforce() failed", __func__);
110	case 0:
111	error("%s: Failed to set SELinux execution "
112	"context for %s", __func__, pwname);
113	default:
114	fatal("%s: Failed to set SELinux execution context "
115	"for %s (in enforcing mode)", __func__, pwname);
116	}
117	}
118	if (user_ctx != NULL)
119	freecon(user_ctx);
120
121	debug3("%s: done", __func__);
122	}
123
124	/* Set the TTY context for the specified user */
125	void
126	ssh_selinux_setup_pty(char pwname, const char tty)
127	{
128	security_context_t new_tty_ctx = NULL;
129	security_context_t user_ctx = NULL;
130	security_context_t old_tty_ctx = NULL;
131
132	if (!ssh_selinux_enabled())
133	return;
134
135	debug3("%s: setting TTY context on %s", __func__, tty);
136
137	user_ctx = ssh_selinux_getctxbyname(pwname);
138
139	/* XXX: should these calls fatal() upon failure in enforcing mode? */
140
141	if (getfilecon(tty, &old_tty_ctx) == -1) {
142	error("%s: getfilecon: %s", __func__, strerror(errno));
143	goto out;
144	}
145
146	if (security_compute_relabel(user_ctx, old_tty_ctx,
147	SECCLASS_CHR_FILE, &new_tty_ctx) != 0) {
148	error("%s: security_compute_relabel: %s",
149	__func__, strerror(errno));
150	goto out;
151	}
152
153	if (setfilecon(tty, new_tty_ctx) != 0)
154	error("%s: setfilecon: %s", __func__, strerror(errno));
155	out:
156	if (new_tty_ctx != NULL)
157	freecon(new_tty_ctx);
158	if (old_tty_ctx != NULL)
159	freecon(old_tty_ctx);
160	if (user_ctx != NULL)
161	freecon(user_ctx);
162	debug3("%s: done", __func__);
163	}
164	#endif /* WITH_SELINUX */

Added Link Here

(-)openbsd-compat/port-linux.h (+30 lines)
1	/* $Id$ */
2
3	/*
4	* Copyright (c) 2006 Damien Miller <djm@openbsd.org>
5	*
6	* Permission to use, copy, modify, and distribute this software for any
7	* purpose with or without fee is hereby granted, provided that the above
8	* copyright notice and this permission notice appear in all copies.
9	*
10	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17	*/
18
19	#ifndef _PORT_LINUX_H
20	#define _PORT_LINUX_H
21
22	#ifdef WITH_SELINUX
23	void ssh_selinux_setup_pty(char , const char );
24	void ssh_selinux_setup_exec_context(char *);
25	#else
26	# define ssh_selinux_setup_pty(a, b)
27	# define ssh_selinux_setup_exec_context(a)
28	#endif
29
30	#endif /* ! _PORT_LINUX_H */