--- openssh-2.9p1/session.c	Thu Oct 18 10:58:38 2001
+++ openssh-2.9p1-selinux/session.c	Thu Oct 18 10:58:52 2001
@@ -68,6 +68,12 @@
 #include <sat.h>
 #endif /* WITH_IRIX_AUDIT */
 
+#ifdef WITH_SELINUX
+#include <flask_util.h>
+#include <get_user_sid.h>
+#include <proc_secure.h>
+#endif
+
 #if defined(HAVE_USERSEC_H)
 #include <usersec.h>
 #endif
@@ -1060,6 +1066,25 @@
 #endif /* WITH_IRIX_ARRAY */
 #endif /* WITH_IRIX_JOBS */
 
+#ifdef WITH_SELINUX
+       int flask_enabled;
+       security_context_t scontext = NULL;
+       security_id_t sid;
+
+       flask_enabled = is_flask_enabled();
+       if (flask_enabled) {
+               if (!get_default_user_sid(pw->pw_name, 
+                                         strlen(pw->pw_name),
+                                         &scontext,
+                                         &sid)) {
+                       fprintf(stderr, "Could not obtain SID for user %s\n",
+                               pw->pw_name);
+                       exit(1);
+               }
+       } 
+#endif
+
+
 	/* remove hostkey from the child's memory */
 	destroy_sensitive_data();
 
@@ -1497,6 +1522,7 @@
 						printf("You have new mail.\n");
 				}
 			}
+
 			/* Start the shell.  Set initial character to '-'. */
 			buf[0] = '-';
 			strncpy(buf + 1, cp, sizeof(buf) - 1);
@@ -1505,6 +1531,11 @@
 			/* Execute the shell. */
 			argv[0] = buf;
 			argv[1] = NULL;
+#ifdef WITH_SELINUX
+                        if (flask_enabled) 
+                                execve_secure(shell, argv, env, sid);
+                        else 
+#endif
 			execve(shell, argv, env);
 
 			/* Executing the shell failed. */
@@ -1531,6 +1562,11 @@
 	argv[1] = "-c";
 	argv[2] = (char *) command;
 	argv[3] = NULL;
+#ifdef WITH_SELINUX
+        if (flask_enabled) 
+                execve_secure(shell, argv, env, sid);
+        else 
+#endif
 	execve(shell, argv, env);
 	perror(shell);
 	exit(1);