From 97528353c2b4f27169ea9b81e5c4420c734ceea2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2010 12:03:05 +1100 Subject: [PATCH] - (dtucker) [configure.ac platform.{c,h} session.c openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. Patch from cory.erickson at csu mnscu edu with a bit of rework from me. ok djm@ --- ChangeLog | 4 ++++ configure.ac | 17 +++++++++++++++-- openbsd-compat/port-solaris.c | 32 +++++++++++++++++++++++++++++++- openbsd-compat/port-solaris.h | 5 ++++- platform.c | 12 +++++++++++- platform.h | 5 ++++- session.c | 2 ++ 7 files changed, 71 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 636e4d3dc..9622f1944 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,10 @@ [sftp-server.c] umask should be parsed as octal. reported by candland AT xmission.com; ok markus@ + - (dtucker) [configure.ac platform.{c,h} session.c + openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. + Patch from cory.erickson at csu mnscu edu with a bit of rework from me. + ok djm@ 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/configure.ac b/configure.ac index 2b57e8e06..39b68c70a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.455 2010/10/11 11:35:23 djm Exp $ +# $Id: configure.ac,v 1.456 2010/11/05 01:03:05 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.455 $) +AC_REVISION($Revision: 1.456 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -333,6 +333,7 @@ AC_CHECK_HEADERS(sys/mount.h, [], [], [ # Messages for features tested for in target-specific section SIA_MSG="no" SPC_MSG="no" +SP_MSG="no" # Check for some target-specific stuff case "$host" in @@ -704,6 +705,17 @@ mips-sony-bsd|mips-sony-newsos4) SPC_MSG="yes" ], ) ], ) + AC_ARG_WITH(solaris-projects, + [ --with-solaris-projects Enable Solaris projects (experimental)], + [ + AC_CHECK_LIB(project, setproject, + [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1, + [Define if you have Solaris projects]) + SSHDLIBS="$SSHDLIBS -lproject" + AC_SUBST(SSHDLIBS) + SP_MSG="yes" ], ) + ], + ) ;; *-*-sunos4*) CPPFLAGS="$CPPFLAGS -DSUNOS4" @@ -4236,6 +4248,7 @@ echo " TCP Wrappers support: $TCPW_MSG" echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" echo " Solaris process contract support: $SPC_MSG" +echo " Solaris project support: $SP_MSG" echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " BSD Auth support: $BSD_AUTH_MSG" diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c index 2ab64d487..25382f1c9 100644 --- a/openbsd-compat/port-solaris.c +++ b/openbsd-compat/port-solaris.c @@ -1,4 +1,4 @@ -/* $Id: port-solaris.c,v 1.3 2006/10/31 23:28:49 dtucker Exp $ */ +/* $Id: port-solaris.c,v 1.4 2010/11/05 01:03:05 dtucker Exp $ */ /* * Copyright (c) 2006 Chad Mynhier. @@ -197,3 +197,33 @@ solaris_contract_post_fork_parent(pid_t pid) close(ctl_fd); } #endif + +#ifdef USE_SOLARIS_PROJECTS +#include +#include + +/* + * Get/set solaris default project. + * If we fail, just run along gracefully. + */ +void +solaris_set_default_project(struct passwd *pw) +{ + struct project *defaultproject; + struct project tempproject; + char buf[1024]; + + /* get default project, if we fail just return gracefully */ + if ((defaultproject = getdefaultproj(pw->pw_name, &tempproject, &buf, + sizeof(buf))) > 0) { + /* set default project */ + if (setproject(defaultproject->pj_name, pw->pw_name, + TASK_NORMAL) != 0) + debug("setproject(%s): %s", defaultproject->pj_name, + strerror(errno)); + } else { + /* debug on getdefaultproj() error */ + debug("getdefaultproj(%s): %s", pw->pw_name, strerror(errno)); + } +} +#endif /* USE_SOLARIS_PROJECTS */ diff --git a/openbsd-compat/port-solaris.h b/openbsd-compat/port-solaris.h index 4c324871e..cd442e78b 100644 --- a/openbsd-compat/port-solaris.h +++ b/openbsd-compat/port-solaris.h @@ -1,4 +1,4 @@ -/* $Id: port-solaris.h,v 1.1 2006/08/30 17:24:42 djm Exp $ */ +/* $Id: port-solaris.h,v 1.2 2010/11/05 01:03:05 dtucker Exp $ */ /* * Copyright (c) 2006 Chad Mynhier. @@ -20,8 +20,11 @@ #include +#include + void solaris_contract_pre_fork(void); void solaris_contract_post_fork_child(void); void solaris_contract_post_fork_parent(pid_t pid); +void solaris_set_default_project(struct passwd *); #endif diff --git a/platform.c b/platform.c index e3a428aaa..c894190b2 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.3 2009/12/20 23:49:22 dtucker Exp $ */ +/* $Id: platform.c,v 1.4 2010/11/05 01:03:05 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -57,6 +57,16 @@ platform_post_fork_child(void) #endif } +void +platform_setusercontext(struct passwd *pw) +{ +#ifdef USE_SOLARIS_PROJECTS + /* if solaris projects were detected, set the default now */ + if (getuid() == 0 || geteuid() == 0) + solaris_set_default_project(pw); +#endif +} + char * platform_krb5_get_principal_name(const char *pw_name) { diff --git a/platform.h b/platform.h index 30a1d2259..f0cdd8037 100644 --- a/platform.h +++ b/platform.h @@ -1,4 +1,4 @@ -/* $Id: platform.h,v 1.4 2010/01/14 01:44:16 djm Exp $ */ +/* $Id: platform.h,v 1.5 2010/11/05 01:03:05 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -18,10 +18,13 @@ #include +#include + void platform_pre_listen(void); void platform_pre_fork(void); void platform_post_fork_parent(pid_t child_pid); void platform_post_fork_child(void); +void platform_setusercontext(struct passwd *); char *platform_get_krb5_client(const char *); char *platform_krb5_get_principal_name(const char *); diff --git a/session.c b/session.c index 71e4fbe7c..ab32bb55f 100644 --- a/session.c +++ b/session.c @@ -1469,6 +1469,8 @@ do_setusercontext(struct passwd *pw) { char *chroot_path, *tmp; + platform_setusercontext(pw); + #ifdef WITH_SELINUX /* Cache selinux status for later use */ (void)ssh_selinux_enabled();