diff --git a/Makefile.am b/Makefile.am index b4b86d6..290575b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -20,7 +20,9 @@ dist_doc_DATA = AUTHORS \ shellinabox/black-on-white.css \ shellinabox/monochrome.css \ shellinabox/color.css -EXTRA_DIST = demo/beep.wav \ +EXTRA_DIST = INSTALL.Debian \ + README.Fedora \ + demo/beep.wav \ demo/favicon.ico \ demo/demo.html \ demo/demo.js \ @@ -34,6 +36,7 @@ EXTRA_DIST = demo/beep.wav \ demo/usercss-1.css \ demo/usercss-2.css \ demo/usercss-3.css \ + etc-pam.d-shellinabox-example \ shellinabox/shellinaboxd.man.in \ shellinabox/shell_in_a_box.js \ shellinabox/vt100.js \ diff --git a/Makefile.in b/Makefile.in index f20b28e..f33706a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -279,7 +279,9 @@ dist_doc_DATA = AUTHORS \ shellinabox/monochrome.css \ shellinabox/color.css -EXTRA_DIST = demo/beep.wav \ +EXTRA_DIST = INSTALL.Debian \ + README.Fedora \ + demo/beep.wav \ demo/favicon.ico \ demo/demo.html \ demo/demo.js \ @@ -293,6 +295,7 @@ EXTRA_DIST = demo/beep.wav \ demo/usercss-1.css \ demo/usercss-2.css \ demo/usercss-3.css \ + etc-pam.d-shellinabox-example \ shellinabox/shellinaboxd.man.in \ shellinabox/shell_in_a_box.js \ shellinabox/vt100.js \ diff --git a/README.Fedora b/README.Fedora new file mode 100644 index 0000000..decc5be --- /dev/null +++ b/README.Fedora @@ -0,0 +1,27 @@ +When running in SELinux mode on Fedora, some operations don't work out of the +box. + +Until somebody contributes a complete SELinux policy for ShellInABox, here are +some tips on getting things working: + +- avoid using the default "LOGIN" service. Calling /bin/login does not do + the right thing. + The "LOGIN" service is the default service when running "shellinaboxd" as + "root". This means, you will most likely see all logins failing, whenever + you start the daemon as "root". + To fix this problem, consider explicitly specifying a service definition. + One of these two should work: + --service /:AUTH:HOME:/bin/bash + or + --service /:SSH + The latter requires that you have a locally running "sshd" daemon. + +- On Fedora, PAM authentication does not work for shellinabox until you + explicitly configure it. This means, using "AUTH" in the service definition + will not allow you to log in. + You can fix this by defining a proper "/etc/pam.d/shellinabox" file. Take a + look at "etc-pam.d-shellinabox-example" for a working example. + Make sure you assign the correct SELinux labels to this file when copying + it into "/etc/pam.d": + cp -Z system_u:object_r:etc_t:s0 etc-pam.d-shellinabox-example /etc/pam.d/ + diff --git a/config.h b/config.h index 1fe2831..a7284bd 100644 --- a/config.h +++ b/config.h @@ -138,7 +138,7 @@ #define STDC_HEADERS 1 /* Most recent revision number in the version control system */ -#define VCS_REVISION "187" +#define VCS_REVISION "188" /* Version number of package */ #define VERSION "2.10" diff --git a/configure b/configure index 3dfd081..0bd626e 100755 --- a/configure +++ b/configure @@ -2319,7 +2319,7 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu -VCS_REVISION=187 +VCS_REVISION=188 cat >>confdefs.h <<_ACEOF diff --git a/configure.ac b/configure.ac index 11226d6..b8486ef 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ AC_PREREQ(2.57) dnl This is the one location where the authoritative version number is stored AC_INIT(shellinabox, 2.10, markus@shellinabox.com) -VCS_REVISION=187 +VCS_REVISION=188 AC_SUBST(VCS_REVISION) AC_DEFINE_UNQUOTED(VCS_REVISION, "${VCS_REVISION}", [Most recent revision number in the version control system]) diff --git a/demo/vt100.js b/demo/vt100.js index 23cb4ed..63797a2 100644 --- a/demo/vt100.js +++ b/demo/vt100.js @@ -1901,7 +1901,7 @@ VT100.prototype.toggleBell = function() { }; VT100.prototype.about = function() { - alert("VT100 Terminal Emulator " + "2.10 (revision 187)" + + alert("VT100 Terminal Emulator " + "2.10 (revision 188)" + "\nCopyright 2008-2009 by Markus Gutschke\n" + "For more information check http://shellinabox.com"); }; diff --git a/etc-pam.d-shellinabox-example b/etc-pam.d-shellinabox-example new file mode 100644 index 0000000..bf775a3 --- /dev/null +++ b/etc-pam.d-shellinabox-example @@ -0,0 +1,13 @@ +#%PAM-1.0 +auth required pam_sepermit.so +auth include password-auth +account required pam_nologin.so +account include password-auth +password include password-auth +# pam_selinux.so close should be the first session rule +session required pam_selinux.so close +session required pam_loginuid.so +# pam_selinux.so open should only be followed by sessions to be executed in the user context +session required pam_selinux.so open env_params +session optional pam_keyinit.so force revoke +session include password-auth diff --git a/shellinabox/shell_in_a_box.js b/shellinabox/shell_in_a_box.js index ca5904e..3310af4 100644 --- a/shellinabox/shell_in_a_box.js +++ b/shellinabox/shell_in_a_box.js @@ -358,7 +358,7 @@ ShellInABox.prototype.extendContextMenu = function(entries, actions) { }; ShellInABox.prototype.about = function() { - alert("Shell In A Box version " + "2.10 (revision 187)" + + alert("Shell In A Box version " + "2.10 (revision 188)" + "\nCopyright 2008-2009 by Markus Gutschke\n" + "For more information check http://shellinabox.com" + (typeof serverSupportsSSL != 'undefined' && serverSupportsSSL ? diff --git a/shellinabox/vt100.js b/shellinabox/vt100.js index 23cb4ed..63797a2 100644 --- a/shellinabox/vt100.js +++ b/shellinabox/vt100.js @@ -1901,7 +1901,7 @@ VT100.prototype.toggleBell = function() { }; VT100.prototype.about = function() { - alert("VT100 Terminal Emulator " + "2.10 (revision 187)" + + alert("VT100 Terminal Emulator " + "2.10 (revision 188)" + "\nCopyright 2008-2009 by Markus Gutschke\n" + "For more information check http://shellinabox.com"); };