Bugzilla – Attachment 1683 Details for
Bug 1637
Change the context when starting internal-sftp
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch version 2
sesftp-v2.patch (text/plain), 1.76 KB, created by
jchadima
on 2009-08-31 15:55:45 AEST
(
hide
)
Description:
patch version 2
Filename:
MIME Type:
Creator:
jchadima
Created:
2009-08-31 15:55:45 AEST
Size:
1.76 KB
patch
obsolete
>diff -up openssh-5.2p1/session.c.sesftp openssh-5.2p1/session.c >--- openssh-5.2p1/session.c.sesftp 2009-08-09 10:21:11.586827446 +0200 >+++ openssh-5.2p1/session.c 2009-08-09 10:39:30.475622699 +0200 >@@ -58,6 +58,9 @@ > #include <stdlib.h> > #include <string.h> > #include <unistd.h> >+#ifdef WITH_SELINUX >+#include <selinux/selinux.h> >+#endif > > #include "openbsd-compat/sys-queue.h" > #include "xmalloc.h" >@@ -101,6 +104,9 @@ > c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \ > c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t')) > >+#ifdef WITH_SELINUX >+#define SFTPD_T "sftpd_t" >+#endif > /* func */ > > Session *session_new(void); >@@ -1789,6 +1795,10 @@ do_child(Session *s, const char *command > extern int optind, optreset; > int i; > char *p, *args; >+#ifdef WITH_SELINUX >+ int L1, L2; >+ char *c1, *c2, *cx; >+#endif > > setproctitle("%s@internal-sftp-server", s->pw->pw_name); > args = xstrdup(command ? command : "sftp-server"); >@@ -1798,6 +1808,32 @@ do_child(Session *s, const char *command > argv[i] = NULL; > optind = optreset = 1; > __progname = argv[0]; >+#ifdef WITH_SELINUX >+ if (getcon ((security_context_t *) &c1) < 0) { >+ logit("do_child: getcon failed with %s", strerror (errno)); >+ } else { >+ L1 = strlen (c1) + sizeof (SFTPD_T); >+ c2 = xmalloc (L1); >+ if (!(cx = index (c1, ':'))) >+ goto badcontext; >+ if (!(cx = index (cx + 1, ':'))) { >+badcontext: >+ logit ("do_child: unparseable context %s", c1); >+ } else { >+ L2 = cx - c1 + 1; >+ memcpy (c2, c1, L2); >+ strlcpy (c2 + L2, SFTPD_T, L1); >+ if ((cx = index (cx + 1, ':'))) >+ strlcat (c2, cx, L1); >+ if (setcon (c2) < 0) >+ logit("do_child: setcon failed with %s", strerror (errno)); >+ >+ } >+ xfree (c1); >+ xfree (c2); >+ } >+#endif >+ > exit(sftp_server_main(i, argv, s->pw)); > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1683">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1637
:
1681
|
1683
|
1687