- (dtucker) [platform.c platform.h session.c] Add a platform hook to run
after the user's groups are established and move the selinux calls into it.
diff --git a/platform.c b/platform.c
index c894190..730e7b7 100644
--- a/platform.c
+++ b/platform.c
@@ -1,4 +1,4 @@
-/* $Id: platform.c,v 1.4 2010/11/05 01:03:05 dtucker Exp $ */
+/* $Id: platform.c,v 1.5 2010/11/05 01:36:15 dtucker Exp $ */
/*
* Copyright (c) 2006 Darren Tucker. All rights reserved.
@@ -57,9 +57,18 @@
#endif
}
+/*
+ * This gets called before switching UIDs, and is called even when sshd is
+ * not running as root.
+ */
void
platform_setusercontext(struct passwd *pw)
{
+#ifdef WITH_SELINUX
+ /* Cache selinux status for later use */
+ (void)ssh_selinux_enabled();
+#endif
+
#ifdef USE_SOLARIS_PROJECTS
/* if solaris projects were detected, set the default now */
if (getuid() == 0 || geteuid() == 0)
@@ -67,6 +76,18 @@
#endif
}
+/*
+ * This gets called after we've established the user's groups, and is only
+ * called if sshd is running as root.
+ */
+void
+platform_setusercontext_post_groups(struct passwd *pw)
+{
+#ifdef WITH_SELINUX
+ ssh_selinux_setup_exec_context(pw->pw_name);
+#endif
+}
+
char *
platform_krb5_get_principal_name(const char *pw_name)
{