- (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c

   openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
   port-linux.c to avoid compilation errors. Add -lselinux to ssh when
   building with SELinux support to avoid linking failure; report from
   amk AT spamfence.net; ok dtucker

diff --git a/ChangeLog b/ChangeLog
index 0356a33c5d11cace6ede1d700739ce971bd3a27a..6d2375a3376a47d398f98fc82eb3ce53eb0ae84f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+20110125
+ - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
+   openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
+   port-linux.c to avoid compilation errors. Add -lselinux to ssh when
+   building with SELinux support to avoid linking failure; report from
+   amk AT spamfence.net; ok dtucker
+
 20110122
  - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
    RSA_get_default_method() for the benefit of openssl versions that don't

diff --git a/Makefile.in b/Makefile.in
index 77a78aa61295f3c6cf5460ebe288bb5bbfbf171c..d0263779b01037e5b8ff72abe4b2e95f49be5cf7 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.320 2011/01/17 10:15:29 dtucker Exp $
+# $Id: Makefile.in,v 1.321 2011/01/25 01:16:16 djm Exp $
 
 # uncomment if you run a non bourne compatable shell. Ie. csh
 #SHELL = @SH@
@@ -46,6 +46,7 @@ LD=@LD@
 CFLAGS=@CFLAGS@
 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
 LIBS=@LIBS@
+SSHLIBS=@SSHLIBS@
 SSHDLIBS=@SSHDLIBS@
 LIBEDIT=@LIBEDIT@
 AR=@AR@
@@ -142,7 +143,7 @@ libssh.a: $(LIBSSH_OBJS)
        $(RANLIB) $@
 
 ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
-       $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+       $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
 
 sshd$(EXEEXT): libssh.a        $(LIBCOMPAT) $(SSHDOBJS)
        $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)

diff --git a/configure.ac b/configure.ac
index 769e83594fee3d4322f4592e726be1254978cdea..0c46aebeba686b754ef1713802b64aabe1a5bb64 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $
+# $Id: configure.ac,v 1.470 2011/01/25 01:16:17 djm Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.469 $)
+AC_REVISION($Revision: 1.470 $)
 AC_CONFIG_SRCDIR([ssh.c])
 
 # local macros
@@ -737,7 +737,6 @@ mips-sony-bsd|mips-sony-newsos4)
                        [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
                                [Define if you have Solaris process contracts])
                          SSHDLIBS="$SSHDLIBS -lcontract"
-                         AC_SUBST(SSHDLIBS)
                          SPC_MSG="yes" ], )
                ],
        )
@@ -748,7 +747,6 @@ mips-sony-bsd|mips-sony-newsos4)
                        [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
                                [Define if you have Solaris projects])
                        SSHDLIBS="$SSHDLIBS -lproject"
-                       AC_SUBST(SSHDLIBS)
                        SP_MSG="yes" ], )
                ],
        )
@@ -3515,11 +3513,14 @@ AC_ARG_WITH(selinux,
                          LIBS="$LIBS -lselinux"
                        ],
                        AC_MSG_ERROR(SELinux support requires libselinux library))
+               SSHLIBS="$SSHLIBS $LIBSELINUX"
                SSHDLIBS="$SSHDLIBS $LIBSELINUX"
                AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
                LIBS="$save_LIBS"
        fi ]
 )
+AC_SUBST(SSHLIBS)
+AC_SUBST(SSHDLIBS)
 
 # Check whether user wants Kerberos 5 support
 KRB5_MSG="no"
@@ -4341,6 +4342,9 @@ echo "         Libraries: ${LIBS}"
 if test ! -z "${SSHDLIBS}"; then
 echo "         +for sshd: ${SSHDLIBS}"
 fi
+if test ! -z "${SSHLIBS}"; then
+echo "          +for ssh: ${SSHLIBS}"
+fi
 
 echo ""
 

diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 5b1cf402c81715959ccad62ef2c799aa966d547f..b152efc2955bb02f18272ea89783788208330ea8 100644 (file)
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -1,4 +1,4 @@
-/* $Id: port-linux.c,v 1.11 2011/01/17 07:50:24 dtucker Exp $ */
+/* $Id: port-linux.c,v 1.12 2011/01/25 01:16:18 djm Exp $ */
 
 /*
  * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@@ -205,6 +205,20 @@ ssh_selinux_change_context(const char *newname)
        xfree(oldctx);
        xfree(newctx);
 }
+
+void
+ssh_selinux_setfscreatecon(const char *path)
+{
+               security_context_t context;
+
+               if (path == NULL) {
+                       setfscreatecon(NULL);
+                       return;
+               }
+               matchpathcon(path, 0700, &context);
+               setfscreatecon(context);
+}
+
 #endif /* WITH_SELINUX */
 
 #ifdef LINUX_OOM_ADJUST

diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
index 209d9a7a2495d075c1dfa2ea8136d668903fa4b7..e3d1004aadd9d8ca8a4199984c9f60bc4d0b14b4 100644 (file)
--- a/openbsd-compat/port-linux.h
+++ b/openbsd-compat/port-linux.h
@@ -1,4 +1,4 @@
-/* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */
+/* $Id: port-linux.h,v 1.5 2011/01/25 01:16:18 djm Exp $ */
 
 /*
  * Copyright (c) 2006 Damien Miller <djm@openbsd.org>
@@ -24,6 +24,7 @@ int ssh_selinux_enabled(void);
 void ssh_selinux_setup_pty(char *, const char *);
 void ssh_selinux_setup_exec_context(char *);
 void ssh_selinux_change_context(const char *);
+void ssh_selinux_setfscreatecon(const char *);
 #endif
 
 #ifdef LINUX_OOM_ADJUST

diff --git a/ssh.c b/ssh.c
index 9409fa713d73a2ad535aa37c57bb8193d670adaf..d32ef78b0d150d09ca558e9ab606f0ea5939a75b 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -852,15 +852,12 @@ main(int ac, char **av)
            strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
        if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
 #ifdef WITH_SELINUX
-               char *scon;
-
-               matchpathcon(buf, 0700, &scon);
-               setfscreatecon(scon);
+               ssh_selinux_setfscreatecon(buf);
 #endif
                if (mkdir(buf, 0700) < 0)
                        error("Could not create directory '%.200s'.", buf);
 #ifdef WITH_SELINUX
-               setfscreatecon(NULL);
+               ssh_selinux_setfscreatecon(NULL);
 #endif
        }
        /* load options.identity_files */