rpms/openssh/devel openssh-5.2p1-sesftp.patch,1.2,1.3

Jan F. Chadima jfch2222 at fedoraproject.org
Wed Jul 22 14:22:04 UTC 2009 

Author: jfch2222

Update of /cvs/pkgs/rpms/openssh/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14058

Modified Files:
	openssh-5.2p1-sesftp.patch 
Log Message:
changed internal-sftp context to sftpd_t


openssh-5.2p1-sesftp.patch:
 session.c |   26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

Index: openssh-5.2p1-sesftp.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh-5.2p1-sesftp.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- openssh-5.2p1-sesftp.patch	21 Jul 2009 08:59:16 -0000	1.2
+++ openssh-5.2p1-sesftp.patch	22 Jul 2009 14:22:03 -0000	1.3
@@ -1,6 +1,6 @@
 diff -up openssh-5.2p1/session.c.sesftp openssh-5.2p1/session.c
---- openssh-5.2p1/session.c.sesftp	2009-07-10 20:32:04.348435048 +0200
-+++ openssh-5.2p1/session.c	2009-07-10 21:10:42.247557847 +0200
+--- openssh-5.2p1/session.c.sesftp	2009-07-22 15:18:17.156499945 +0200
++++ openssh-5.2p1/session.c	2009-07-22 15:20:09.950319644 +0200
 @@ -58,6 +58,7 @@
  #include <stdlib.h>
  #include <string.h>
@@ -9,12 +9,41 @@ diff -up openssh-5.2p1/session.c.sesftp 
  
  #include "openbsd-compat/sys-queue.h"
  #include "xmalloc.h"
-@@ -1816,6 +1817,9 @@ do_child(Session *s, const char *command
+@@ -1805,8 +1806,8 @@ do_child(Session *s, const char *command
+ 
+ 	if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
+ 		extern int optind, optreset;
+-		int i;
+-		char *p, *args;
++		int i, l;
++		char *p, *args, *c1, *c2, *cx;
+ 
+ 		setproctitle("%s at internal-sftp-server", s->pw->pw_name);
+ 		args = xstrdup(command ? command : "sftp-server");
+@@ -1816,6 +1817,27 @@ do_child(Session *s, const char *command
  		argv[i] = NULL;
  		optind = optreset = 1;
  		__progname = argv[0];
-+		if (setcon ("unconfined_u:system_r:sftpd_t:s0-s0:c0.c1023") < 0) 
-+			logit("do_child: setcon failed witch %s", strerror (errno));
++		if (getcon (&c1) < 0) {
++			logit("do_child: getcon failed witch %s", strerror (errno));
++		} else {
++			c2 = xmalloc (strlen (c1) + 8);
++			if (!(cx = index (c1, ':')))
++				goto badcontext;
++			if (!(cx = index (cx + 1, ':'))) {
++badcontext:
++				logit ("do_child: unparseable context %s", c1);
++			} else {
++				l = cx - c1 + 1;
++				memcpy (c2, c1, l);
++				strcpy (c2 + l, "sftpd_t");
++				if ((cx = index (cx + 1, ':')))
++					strcat (c2, cx);
++logit ("<= %s", c1); logit ("=> %s", c2);				if (setcon ("system_u:system_r:sftpd_t:s0-s0:c0.c1023") < 0) 
++					logit("do_child: setcon failed witch %s", strerror (errno));
++			
++			}
++		}		
 +			
  		exit(sftp_server_main(i, argv, s->pw));
  	}

More information about the fedora-extras-commits mailing list