shellinabox/black-on-white.css \
shellinabox/monochrome.css \
shellinabox/color.css
-EXTRA_DIST = demo/beep.wav \
+EXTRA_DIST = INSTALL.Debian \
+ README.Fedora \
+ demo/beep.wav \
demo/favicon.ico \
demo/demo.html \
demo/demo.js \
demo/usercss-1.css \
demo/usercss-2.css \
demo/usercss-3.css \
+ etc-pam.d-shellinabox-example \
shellinabox/shellinaboxd.man.in \
shellinabox/shell_in_a_box.js \
shellinabox/vt100.js \
shellinabox/monochrome.css \
shellinabox/color.css
-EXTRA_DIST = demo/beep.wav \
+EXTRA_DIST = INSTALL.Debian \
+ README.Fedora \
+ demo/beep.wav \
demo/favicon.ico \
demo/demo.html \
demo/demo.js \
demo/usercss-1.css \
demo/usercss-2.css \
demo/usercss-3.css \
+ etc-pam.d-shellinabox-example \
shellinabox/shellinaboxd.man.in \
shellinabox/shell_in_a_box.js \
shellinabox/vt100.js \
--- /dev/null
+When running in SELinux mode on Fedora, some operations don't work out of the
+box.
+
+Until somebody contributes a complete SELinux policy for ShellInABox, here are
+some tips on getting things working:
+
+- avoid using the default "LOGIN" service. Calling /bin/login does not do
+ the right thing.
+ The "LOGIN" service is the default service when running "shellinaboxd" as
+ "root". This means, you will most likely see all logins failing, whenever
+ you start the daemon as "root".
+ To fix this problem, consider explicitly specifying a service definition.
+ One of these two should work:
+ --service /:AUTH:HOME:/bin/bash
+ or
+ --service /:SSH
+ The latter requires that you have a locally running "sshd" daemon.
+
+- On Fedora, PAM authentication does not work for shellinabox until you
+ explicitly configure it. This means, using "AUTH" in the service definition
+ will not allow you to log in.
+ You can fix this by defining a proper "/etc/pam.d/shellinabox" file. Take a
+ look at "etc-pam.d-shellinabox-example" for a working example.
+ Make sure you assign the correct SELinux labels to this file when copying
+ it into "/etc/pam.d":
+ cp -Z system_u:object_r:etc_t:s0 etc-pam.d-shellinabox-example /etc/pam.d/
+
#define STDC_HEADERS 1
/* Most recent revision number in the version control system */
-#define VCS_REVISION "187"
+#define VCS_REVISION "188"
/* Version number of package */
#define VERSION "2.10"
ac_compiler_gnu=$ac_cv_c_compiler_gnu
-VCS_REVISION=187
+VCS_REVISION=188
cat >>confdefs.h <<_ACEOF
dnl This is the one location where the authoritative version number is stored
AC_INIT(shellinabox, 2.10, markus@shellinabox.com)
-VCS_REVISION=187
+VCS_REVISION=188
AC_SUBST(VCS_REVISION)
AC_DEFINE_UNQUOTED(VCS_REVISION, "${VCS_REVISION}",
[Most recent revision number in the version control system])
};
VT100.prototype.about = function() {
- alert("VT100 Terminal Emulator " + "2.10 (revision 187)" +
+ alert("VT100 Terminal Emulator " + "2.10 (revision 188)" +
"\nCopyright 2008-2009 by Markus Gutschke\n" +
"For more information check http://shellinabox.com");
};
--- /dev/null
+#%PAM-1.0
+auth required pam_sepermit.so
+auth include password-auth
+account required pam_nologin.so
+account include password-auth
+password include password-auth
+# pam_selinux.so close should be the first session rule
+session required pam_selinux.so close
+session required pam_loginuid.so
+# pam_selinux.so open should only be followed by sessions to be executed in the user context
+session required pam_selinux.so open env_params
+session optional pam_keyinit.so force revoke
+session include password-auth
};
ShellInABox.prototype.about = function() {
- alert("Shell In A Box version " + "2.10 (revision 187)" +
+ alert("Shell In A Box version " + "2.10 (revision 188)" +
"\nCopyright 2008-2009 by Markus Gutschke\n" +
"For more information check http://shellinabox.com" +
(typeof serverSupportsSSL != 'undefined' && serverSupportsSSL ?
};
VT100.prototype.about = function() {
- alert("VT100 Terminal Emulator " + "2.10 (revision 187)" +
+ alert("VT100 Terminal Emulator " + "2.10 (revision 188)" +
"\nCopyright 2008-2009 by Markus Gutschke\n" +
"For more information check http://shellinabox.com");
};