From 920612e45ae8183226e8841ff27cdc54a8287ba2 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Fri, 5 Nov 2010 12:36:15 +1100
Subject:  - (dtucker) [platform.c platform.h session.c] Add a platform hook to
 run    after the user's groups are established and move the selinux calls
 into it.

---
 platform.c | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

(limited to 'platform.c')

diff --git a/platform.c b/platform.c
index c894190b..730e7b71 100644
--- a/platform.c
+++ b/platform.c
@@ -1,4 +1,4 @@
-/* $Id: platform.c,v 1.4 2010/11/05 01:03:05 dtucker Exp $ */
+/* $Id: platform.c,v 1.5 2010/11/05 01:36:15 dtucker Exp $ */
 
 /*
  * Copyright (c) 2006 Darren Tucker.  All rights reserved.
@@ -57,9 +57,18 @@ platform_post_fork_child(void)
 #endif
 }
 
+/*
+ * This gets called before switching UIDs, and is called even when sshd is
+ * not running as root.
+ */
 void
 platform_setusercontext(struct passwd *pw)
 {
+#ifdef WITH_SELINUX
+	/* Cache selinux status for later use */
+	(void)ssh_selinux_enabled();
+#endif
+
 #ifdef USE_SOLARIS_PROJECTS
 	/* if solaris projects were detected, set the default now */
 	if (getuid() == 0 || geteuid() == 0)
@@ -67,6 +76,18 @@ platform_setusercontext(struct passwd *pw)
 #endif
 }
 
+/*
+ * This gets called after we've established the user's groups, and is only
+ * called if sshd is running as root.
+ */
+void
+platform_setusercontext_post_groups(struct passwd *pw)
+{
+#ifdef WITH_SELINUX
+	ssh_selinux_setup_exec_context(pw->pw_name);
+#endif
+}
+
 char *
 platform_krb5_get_principal_name(const char *pw_name)
 {
-- 
cgit v1.2.1