rpms/openssh/devel openssh-selinux.patch, 1.16, 1.17 openssh.spec, 1.69, 1.70
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Oct 18 20:58:01 UTC 2005
- Previous message (by thread): rpms/wireless-tools/FC-4 sources, 1.10, 1.11 wireless-tools.spec, 1.22, 1.23
- Next message (by thread): rpms/kernel/devel patch-2.6.14-rc4-git6.bz2.sign, NONE, 1.1 .cvsignore, 1.251, 1.252 kernel-2.6.spec, 1.1616, 1.1617 sources, 1.193, 1.194 upstream, 1.180, 1.181 patch-2.6.14-rc4-git5.bz2.sign, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/openssh/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv13800
Modified Files:
openssh-selinux.patch openssh.spec
Log Message:
Update selinux patch to use rolelevel call
openssh-selinux.patch:
Makefile.in | 5 +-
auth.h | 1
auth1.c | 10 +++++
auth2.c | 10 ++++-
configure.ac | 15 ++++++++
contrib/redhat/sshd.init | 9 +++++
monitor.c | 20 +++++++++++
monitor.h | 2 -
monitor_wrap.c | 17 +++++++++
monitor_wrap.h | 1
selinux.c | 84 +++++++++++++++++++++++++++++++++++++++++++++++
selinux.h | 10 +++++
session.c | 4 ++
sshpty.c | 4 ++
14 files changed, 186 insertions(+), 6 deletions(-)
Index: openssh-selinux.patch
===================================================================
RCS file: /cvs/dist/rpms/openssh/devel/openssh-selinux.patch,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- openssh-selinux.patch 13 Oct 2005 21:14:36 -0000 1.16
+++ openssh-selinux.patch 18 Oct 2005 20:57:58 -0000 1.17
@@ -1,6 +1,6 @@
---- /dev/null 2005-10-12 22:08:48.027521250 -0400
-+++ openssh-4.2p1/selinux.c 2005-10-13 15:53:09.000000000 -0400
-@@ -0,0 +1,85 @@
+--- /dev/null 2005-10-16 17:38:47.999906500 -0400
++++ openssh-4.2p1/selinux.c 2005-10-18 15:52:16.000000000 -0400
+@@ -0,0 +1,84 @@
+#include "includes.h"
+#include "auth.h"
+#include "log.h"
@@ -16,21 +16,20 @@
+static const security_context_t selinux_get_user_context(const char *name) {
+ security_context_t user_context=NULL;
+ char *role=NULL;
-+ int ret=0;
++ int ret=-1;
+ char *seuser=NULL;
+ char *level=NULL;
+
+ if (the_authctxt)
+ role=the_authctxt->role;
-+ if (role != NULL && role[0])
-+ ret=get_default_context_with_role(name,role,NULL,&user_context);
-+ else
-+ if (getseuserbyname(name, &seuser, &level)==0)
++
++ if (getseuserbyname(name, &seuser, &level)==0) {
++ if (role != NULL && role[0])
++ ret=get_default_context_with_rolelevel(seuser, role, level,NULL,&user_context);
++ else
+ ret=get_default_context_with_level(seuser, level, NULL,&user_context);
-+
-+ else
-+ ret=get_default_context(name,NULL,&user_context);
-+
++ }
++
+ if ( ret < 0 ) {
+ if (security_getenforce() > 0)
+ fatal("Failed to get default security context for %s.", name);
@@ -87,7 +86,7 @@
+
+#endif /* WITH_SELINUX */
--- openssh-4.2p1/monitor.h.selinux 2005-02-02 08:20:53.000000000 -0500
-+++ openssh-4.2p1/monitor.h 2005-10-13 15:53:00.000000000 -0400
++++ openssh-4.2p1/monitor.h 2005-10-18 15:50:12.000000000 -0400
@@ -30,7 +30,7 @@
enum monitor_reqtype {
@@ -97,8 +96,8 @@
MONITOR_REQ_SIGN, MONITOR_ANS_SIGN,
MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM,
MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER,
---- openssh-4.2p1/contrib/redhat/sshd.init.selinux 2005-10-13 15:53:00.000000000 -0400
-+++ openssh-4.2p1/contrib/redhat/sshd.init 2005-10-13 15:53:00.000000000 -0400
+--- openssh-4.2p1/contrib/redhat/sshd.init.selinux 2005-10-18 15:50:12.000000000 -0400
++++ openssh-4.2p1/contrib/redhat/sshd.init 2005-10-18 15:50:12.000000000 -0400
@@ -35,6 +35,9 @@
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA1_KEY
@@ -130,7 +129,7 @@
echo
else
--- openssh-4.2p1/monitor.c.selinux 2005-07-17 03:53:31.000000000 -0400
-+++ openssh-4.2p1/monitor.c 2005-10-13 15:53:00.000000000 -0400
++++ openssh-4.2p1/monitor.c 2005-10-18 15:50:12.000000000 -0400
@@ -111,6 +111,7 @@
int mm_answer_pwnamallow(int, Buffer *);
int mm_answer_auth2_read_banner(int, Buffer *);
@@ -180,7 +179,7 @@
{
static int call_count;
--- openssh-4.2p1/monitor_wrap.c.selinux 2005-07-17 03:53:31.000000000 -0400
-+++ openssh-4.2p1/monitor_wrap.c 2005-10-13 15:53:00.000000000 -0400
++++ openssh-4.2p1/monitor_wrap.c 2005-10-18 15:50:12.000000000 -0400
@@ -272,6 +272,23 @@
buffer_free(&m);
}
@@ -206,7 +205,7 @@
int
mm_auth_password(Authctxt *authctxt, char *password)
--- openssh-4.2p1/Makefile.in.selinux 2005-05-29 03:22:29.000000000 -0400
-+++ openssh-4.2p1/Makefile.in 2005-10-13 15:53:00.000000000 -0400
++++ openssh-4.2p1/Makefile.in 2005-10-18 15:50:12.000000000 -0400
@@ -43,6 +43,7 @@
CFLAGS=@CFLAGS@
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
@@ -234,7 +233,7 @@
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
$(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
--- openssh-4.2p1/auth2.c.selinux 2005-07-17 03:26:44.000000000 -0400
-+++ openssh-4.2p1/auth2.c 2005-10-13 15:53:00.000000000 -0400
++++ openssh-4.2p1/auth2.c 2005-10-18 15:50:12.000000000 -0400
@@ -134,7 +134,7 @@
{
Authctxt *authctxt = ctxt;
@@ -267,8 +266,8 @@
} else if (strcmp(user, authctxt->user) != 0 ||
strcmp(service, authctxt->service) != 0) {
packet_disconnect("Change of username or service not allowed: "
---- openssh-4.2p1/auth1.c.selinux 2005-10-13 15:53:00.000000000 -0400
-+++ openssh-4.2p1/auth1.c 2005-10-13 15:53:00.000000000 -0400
+--- openssh-4.2p1/auth1.c.selinux 2005-10-18 15:50:12.000000000 -0400
++++ openssh-4.2p1/auth1.c 2005-10-18 15:50:12.000000000 -0400
@@ -370,7 +370,7 @@
do_authentication(Authctxt *authctxt)
{
@@ -299,7 +298,7 @@
/* Verify that the user is a valid user. */
if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
--- openssh-4.2p1/sshpty.c.selinux 2005-05-27 07:13:41.000000000 -0400
-+++ openssh-4.2p1/sshpty.c 2005-10-13 15:53:00.000000000 -0400
++++ openssh-4.2p1/sshpty.c 2005-10-18 15:50:12.000000000 -0400
@@ -22,6 +22,8 @@
#include "log.h"
#include "misc.h"
@@ -318,8 +317,8 @@
if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
if (chown(tty, pw->pw_uid, gid) < 0) {
if (errno == EROFS &&
---- openssh-4.2p1/configure.ac.selinux 2005-10-13 15:53:00.000000000 -0400
-+++ openssh-4.2p1/configure.ac 2005-10-13 15:53:00.000000000 -0400
+--- openssh-4.2p1/configure.ac.selinux 2005-10-18 15:50:12.000000000 -0400
++++ openssh-4.2p1/configure.ac 2005-10-18 15:50:12.000000000 -0400
@@ -2667,6 +2667,20 @@
[#include <arpa/nameser.h>])
])
@@ -350,7 +349,7 @@
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
--- openssh-4.2p1/session.c.selinux 2005-08-31 12:59:49.000000000 -0400
-+++ openssh-4.2p1/session.c 2005-10-13 15:53:00.000000000 -0400
++++ openssh-4.2p1/session.c 2005-10-18 15:50:12.000000000 -0400
@@ -59,6 +59,8 @@
#include "kex.h"
#include "monitor_wrap.h"
@@ -370,7 +369,7 @@
static void
--- openssh-4.2p1/auth.h.selinux 2005-07-06 21:50:20.000000000 -0400
-+++ openssh-4.2p1/auth.h 2005-10-13 15:53:00.000000000 -0400
++++ openssh-4.2p1/auth.h 2005-10-18 15:50:12.000000000 -0400
@@ -58,6 +58,7 @@
char *service;
struct passwd *pw; /* set if 'valid' */
@@ -380,7 +379,7 @@
#ifdef BSD_AUTH
auth_session_t *as;
--- openssh-4.2p1/monitor_wrap.h.selinux 2005-02-08 05:52:48.000000000 -0500
-+++ openssh-4.2p1/monitor_wrap.h 2005-10-13 15:53:00.000000000 -0400
++++ openssh-4.2p1/monitor_wrap.h 2005-10-18 15:50:12.000000000 -0400
@@ -44,6 +44,7 @@
DH *mm_choose_dh(int, int, int);
int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);
@@ -389,8 +388,8 @@
struct passwd *mm_getpwnamallow(const char *);
char *mm_auth2_read_banner(void);
int mm_auth_password(struct Authctxt *, char *);
---- /dev/null 2005-10-12 22:08:48.027521250 -0400
-+++ openssh-4.2p1/selinux.h 2005-10-13 15:53:00.000000000 -0400
+--- /dev/null 2005-10-16 17:38:47.999906500 -0400
++++ openssh-4.2p1/selinux.h 2005-10-18 15:50:12.000000000 -0400
@@ -0,0 +1,10 @@
+#ifndef __SELINUX_H_
+#define __SELINUX_H_
Index: openssh.spec
===================================================================
RCS file: /cvs/dist/rpms/openssh/devel/openssh.spec,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -r1.69 -r1.70
--- openssh.spec 13 Oct 2005 21:14:36 -0000 1.69
+++ openssh.spec 18 Oct 2005 20:57:59 -0000 1.70
@@ -71,7 +71,7 @@
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
Name: openssh
Version: 4.2p1
-%define rel 3
+%define rel 4
%if %{rescue}
Release: %{rel}rescue
%else
@@ -514,6 +514,9 @@
%endif
%changelog
+* Tue Oct 18 2005 Dan Walsh <dwalsh at redhat.com> 4.2p1-4
+- Change selinux patch to use get_default_context_with_rolelevel in libselinux.
+
* Thu Oct 13 2005 Tomas Mraz <tmraz at redhat.com> 4.2p1-3
- Update selinux patch to use getseuserbyname
- Previous message (by thread): rpms/wireless-tools/FC-4 sources, 1.10, 1.11 wireless-tools.spec, 1.22, 1.23
- Next message (by thread): rpms/kernel/devel patch-2.6.14-rc4-git6.bz2.sign, NONE, 1.1 .cvsignore, 1.251, 1.252 kernel-2.6.spec, 1.1616, 1.1617 sources, 1.193, 1.194 upstream, 1.180, 1.181 patch-2.6.14-rc4-git5.bz2.sign, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list