diff options
author | Manoj Srivastava <srivasta@debian.org> | 2014-02-09 16:09:49 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2014-03-19 16:40:05 +0000 |
commit | 7afb9ad9307191397a3ccf3d7cc90dfe474b09e8 (patch) | |
tree | 967f2f81e8a07f299e132b82f949a3c5d202125a | |
parent | 429c595dbaff7f7c2b3a53fe4235211f6d788025 (diff) |
Handle SELinux authorisation roles
Rejected upstream due to discomfort with magic usernames; a better approach
will need an SSH protocol change. In the meantime, this came from Debian's
SELinux maintainer, so we'll keep it until we have something better.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Bug-Debian: http://bugs.debian.org/394795
Last-Update: 2013-09-14
Patch-Name: selinux-role.patch
-rw-r--r-- | auth.h | 1 | ||||
-rw-r--r-- | auth1.c | 8 | ||||
-rw-r--r-- | auth2.c | 10 | ||||
-rw-r--r-- | monitor.c | 32 | ||||
-rw-r--r-- | monitor.h | 2 | ||||
-rw-r--r-- | monitor_wrap.c | 22 | ||||
-rw-r--r-- | monitor_wrap.h | 3 | ||||
-rw-r--r-- | openbsd-compat/port-linux.c | 27 | ||||
-rw-r--r-- | openbsd-compat/port-linux.h | 4 | ||||
-rw-r--r-- | platform.c | 4 | ||||
-rw-r--r-- | platform.h | 2 | ||||
-rw-r--r-- | session.c | 10 | ||||
-rw-r--r-- | session.h | 2 | ||||
-rw-r--r-- | sshd.c | 2 | ||||
-rw-r--r-- | sshpty.c | 4 | ||||
-rw-r--r-- | sshpty.h | 2 |
16 files changed, 104 insertions, 31 deletions
@@ -59,6 +59,7 @@ struct Authctxt { | |||
59 | char *service; | 59 | char *service; |
60 | struct passwd *pw; /* set if 'valid' */ | 60 | struct passwd *pw; /* set if 'valid' */ |
61 | char *style; | 61 | char *style; |
62 | char *role; | ||
62 | void *kbdintctxt; | 63 | void *kbdintctxt; |
63 | char *info; /* Extra info for next auth_log */ | 64 | char *info; /* Extra info for next auth_log */ |
64 | void *jpake_ctx; | 65 | void *jpake_ctx; |
@@ -380,7 +380,7 @@ void | |||
380 | do_authentication(Authctxt *authctxt) | 380 | do_authentication(Authctxt *authctxt) |
381 | { | 381 | { |
382 | u_int ulen; | 382 | u_int ulen; |
383 | char *user, *style = NULL; | 383 | char *user, *style = NULL, *role = NULL; |
384 | 384 | ||
385 | /* Get the name of the user that we wish to log in as. */ | 385 | /* Get the name of the user that we wish to log in as. */ |
386 | packet_read_expect(SSH_CMSG_USER); | 386 | packet_read_expect(SSH_CMSG_USER); |
@@ -389,11 +389,17 @@ do_authentication(Authctxt *authctxt) | |||
389 | user = packet_get_cstring(&ulen); | 389 | user = packet_get_cstring(&ulen); |
390 | packet_check_eom(); | 390 | packet_check_eom(); |
391 | 391 | ||
392 | if ((role = strchr(user, '/')) != NULL) | ||
393 | *role++ = '\0'; | ||
394 | |||
392 | if ((style = strchr(user, ':')) != NULL) | 395 | if ((style = strchr(user, ':')) != NULL) |
393 | *style++ = '\0'; | 396 | *style++ = '\0'; |
397 | else if (role && (style = strchr(role, ':')) != NULL) | ||
398 | *style++ = '\0'; | ||
394 | 399 | ||
395 | authctxt->user = user; | 400 | authctxt->user = user; |
396 | authctxt->style = style; | 401 | authctxt->style = style; |
402 | authctxt->role = role; | ||
397 | 403 | ||
398 | /* Verify that the user is a valid user. */ | 404 | /* Verify that the user is a valid user. */ |
399 | if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) | 405 | if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) |
@@ -222,7 +222,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | |||
222 | { | 222 | { |
223 | Authctxt *authctxt = ctxt; | 223 | Authctxt *authctxt = ctxt; |
224 | Authmethod *m = NULL; | 224 | Authmethod *m = NULL; |
225 | char *user, *service, *method, *style = NULL; | 225 | char *user, *service, *method, *style = NULL, *role = NULL; |
226 | int authenticated = 0; | 226 | int authenticated = 0; |
227 | 227 | ||
228 | if (authctxt == NULL) | 228 | if (authctxt == NULL) |
@@ -234,8 +234,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | |||
234 | debug("userauth-request for user %s service %s method %s", user, service, method); | 234 | debug("userauth-request for user %s service %s method %s", user, service, method); |
235 | debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); | 235 | debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); |
236 | 236 | ||
237 | if ((role = strchr(user, '/')) != NULL) | ||
238 | *role++ = 0; | ||
239 | |||
237 | if ((style = strchr(user, ':')) != NULL) | 240 | if ((style = strchr(user, ':')) != NULL) |
238 | *style++ = 0; | 241 | *style++ = 0; |
242 | else if (role && (style = strchr(role, ':')) != NULL) | ||
243 | *style++ = '\0'; | ||
239 | 244 | ||
240 | if (authctxt->attempt++ == 0) { | 245 | if (authctxt->attempt++ == 0) { |
241 | /* setup auth context */ | 246 | /* setup auth context */ |
@@ -259,8 +264,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | |||
259 | use_privsep ? " [net]" : ""); | 264 | use_privsep ? " [net]" : ""); |
260 | authctxt->service = xstrdup(service); | 265 | authctxt->service = xstrdup(service); |
261 | authctxt->style = style ? xstrdup(style) : NULL; | 266 | authctxt->style = style ? xstrdup(style) : NULL; |
267 | authctxt->role = role ? xstrdup(role) : NULL; | ||
262 | if (use_privsep) | 268 | if (use_privsep) |
263 | mm_inform_authserv(service, style); | 269 | mm_inform_authserv(service, style, role); |
264 | userauth_banner(); | 270 | userauth_banner(); |
265 | if (auth2_setup_methods_lists(authctxt) != 0) | 271 | if (auth2_setup_methods_lists(authctxt) != 0) |
266 | packet_disconnect("no authentication methods enabled"); | 272 | packet_disconnect("no authentication methods enabled"); |
@@ -146,6 +146,7 @@ int mm_answer_sign(int, Buffer *); | |||
146 | int mm_answer_pwnamallow(int, Buffer *); | 146 | int mm_answer_pwnamallow(int, Buffer *); |
147 | int mm_answer_auth2_read_banner(int, Buffer *); | 147 | int mm_answer_auth2_read_banner(int, Buffer *); |
148 | int mm_answer_authserv(int, Buffer *); | 148 | int mm_answer_authserv(int, Buffer *); |
149 | int mm_answer_authrole(int, Buffer *); | ||
149 | int mm_answer_authpassword(int, Buffer *); | 150 | int mm_answer_authpassword(int, Buffer *); |
150 | int mm_answer_bsdauthquery(int, Buffer *); | 151 | int mm_answer_bsdauthquery(int, Buffer *); |
151 | int mm_answer_bsdauthrespond(int, Buffer *); | 152 | int mm_answer_bsdauthrespond(int, Buffer *); |
@@ -227,6 +228,7 @@ struct mon_table mon_dispatch_proto20[] = { | |||
227 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, | 228 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, |
228 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | 229 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
229 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, | 230 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, |
231 | {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole}, | ||
230 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, | 232 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, |
231 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | 233 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
232 | #ifdef USE_PAM | 234 | #ifdef USE_PAM |
@@ -844,6 +846,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) | |||
844 | else { | 846 | else { |
845 | /* Allow service/style information on the auth context */ | 847 | /* Allow service/style information on the auth context */ |
846 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); | 848 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); |
849 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1); | ||
847 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); | 850 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); |
848 | } | 851 | } |
849 | #ifdef USE_PAM | 852 | #ifdef USE_PAM |
@@ -874,14 +877,37 @@ mm_answer_authserv(int sock, Buffer *m) | |||
874 | 877 | ||
875 | authctxt->service = buffer_get_string(m, NULL); | 878 | authctxt->service = buffer_get_string(m, NULL); |
876 | authctxt->style = buffer_get_string(m, NULL); | 879 | authctxt->style = buffer_get_string(m, NULL); |
877 | debug3("%s: service=%s, style=%s", | 880 | authctxt->role = buffer_get_string(m, NULL); |
878 | __func__, authctxt->service, authctxt->style); | 881 | debug3("%s: service=%s, style=%s, role=%s", |
882 | __func__, authctxt->service, authctxt->style, authctxt->role); | ||
879 | 883 | ||
880 | if (strlen(authctxt->style) == 0) { | 884 | if (strlen(authctxt->style) == 0) { |
881 | free(authctxt->style); | 885 | free(authctxt->style); |
882 | authctxt->style = NULL; | 886 | authctxt->style = NULL; |
883 | } | 887 | } |
884 | 888 | ||
889 | if (strlen(authctxt->role) == 0) { | ||
890 | free(authctxt->role); | ||
891 | authctxt->role = NULL; | ||
892 | } | ||
893 | |||
894 | return (0); | ||
895 | } | ||
896 | |||
897 | int | ||
898 | mm_answer_authrole(int sock, Buffer *m) | ||
899 | { | ||
900 | monitor_permit_authentications(1); | ||
901 | |||
902 | authctxt->role = buffer_get_string(m, NULL); | ||
903 | debug3("%s: role=%s", | ||
904 | __func__, authctxt->role); | ||
905 | |||
906 | if (strlen(authctxt->role) == 0) { | ||
907 | free(authctxt->role); | ||
908 | authctxt->role = NULL; | ||
909 | } | ||
910 | |||
885 | return (0); | 911 | return (0); |
886 | } | 912 | } |
887 | 913 | ||
@@ -1486,7 +1512,7 @@ mm_answer_pty(int sock, Buffer *m) | |||
1486 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); | 1512 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); |
1487 | if (res == 0) | 1513 | if (res == 0) |
1488 | goto error; | 1514 | goto error; |
1489 | pty_setowner(authctxt->pw, s->tty); | 1515 | pty_setowner(authctxt->pw, s->tty, authctxt->role); |
1490 | 1516 | ||
1491 | buffer_put_int(m, 1); | 1517 | buffer_put_int(m, 1); |
1492 | buffer_put_cstring(m, s->tty); | 1518 | buffer_put_cstring(m, s->tty); |
@@ -73,6 +73,8 @@ enum monitor_reqtype { | |||
73 | MONITOR_REQ_GSSSIGN = 150, MONITOR_ANS_GSSSIGN = 151, | 73 | MONITOR_REQ_GSSSIGN = 150, MONITOR_ANS_GSSSIGN = 151, |
74 | MONITOR_REQ_GSSUPCREDS = 152, MONITOR_ANS_GSSUPCREDS = 153, | 74 | MONITOR_REQ_GSSUPCREDS = 152, MONITOR_ANS_GSSUPCREDS = 153, |
75 | 75 | ||
76 | MONITOR_REQ_AUTHROLE = 154, | ||
77 | |||
76 | }; | 78 | }; |
77 | 79 | ||
78 | struct mm_master; | 80 | struct mm_master; |
diff --git a/monitor_wrap.c b/monitor_wrap.c index 44019f32a..69bc324b5 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -320,10 +320,10 @@ mm_auth2_read_banner(void) | |||
320 | return (banner); | 320 | return (banner); |
321 | } | 321 | } |
322 | 322 | ||
323 | /* Inform the privileged process about service and style */ | 323 | /* Inform the privileged process about service, style, and role */ |
324 | 324 | ||
325 | void | 325 | void |
326 | mm_inform_authserv(char *service, char *style) | 326 | mm_inform_authserv(char *service, char *style, char *role) |
327 | { | 327 | { |
328 | Buffer m; | 328 | Buffer m; |
329 | 329 | ||
@@ -332,12 +332,30 @@ mm_inform_authserv(char *service, char *style) | |||
332 | buffer_init(&m); | 332 | buffer_init(&m); |
333 | buffer_put_cstring(&m, service); | 333 | buffer_put_cstring(&m, service); |
334 | buffer_put_cstring(&m, style ? style : ""); | 334 | buffer_put_cstring(&m, style ? style : ""); |
335 | buffer_put_cstring(&m, role ? role : ""); | ||
335 | 336 | ||
336 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m); | 337 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m); |
337 | 338 | ||
338 | buffer_free(&m); | 339 | buffer_free(&m); |
339 | } | 340 | } |
340 | 341 | ||
342 | /* Inform the privileged process about role */ | ||
343 | |||
344 | void | ||
345 | mm_inform_authrole(char *role) | ||
346 | { | ||
347 | Buffer m; | ||
348 | |||
349 | debug3("%s entering", __func__); | ||
350 | |||
351 | buffer_init(&m); | ||
352 | buffer_put_cstring(&m, role ? role : ""); | ||
353 | |||
354 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, &m); | ||
355 | |||
356 | buffer_free(&m); | ||
357 | } | ||
358 | |||
341 | /* Do the password authentication */ | 359 | /* Do the password authentication */ |
342 | int | 360 | int |
343 | mm_auth_password(Authctxt *authctxt, char *password) | 361 | mm_auth_password(Authctxt *authctxt, char *password) |
diff --git a/monitor_wrap.h b/monitor_wrap.h index ec9b9b1c3..4d12e2956 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h | |||
@@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char *, void *); | |||
41 | int mm_is_monitor(void); | 41 | int mm_is_monitor(void); |
42 | DH *mm_choose_dh(int, int, int); | 42 | DH *mm_choose_dh(int, int, int); |
43 | int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int); | 43 | int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int); |
44 | void mm_inform_authserv(char *, char *); | 44 | void mm_inform_authserv(char *, char *, char *); |
45 | void mm_inform_authrole(char *); | ||
45 | struct passwd *mm_getpwnamallow(const char *); | 46 | struct passwd *mm_getpwnamallow(const char *); |
46 | char *mm_auth2_read_banner(void); | 47 | char *mm_auth2_read_banner(void); |
47 | int mm_auth_password(struct Authctxt *, char *); | 48 | int mm_auth_password(struct Authctxt *, char *); |
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index 4637a7a3e..de6ad3fd7 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c | |||
@@ -29,6 +29,12 @@ | |||
29 | #include <string.h> | 29 | #include <string.h> |
30 | #include <stdio.h> | 30 | #include <stdio.h> |
31 | 31 | ||
32 | #ifdef WITH_SELINUX | ||
33 | #include "key.h" | ||
34 | #include "hostfile.h" | ||
35 | #include "auth.h" | ||
36 | #endif | ||
37 | |||
32 | #include "log.h" | 38 | #include "log.h" |
33 | #include "xmalloc.h" | 39 | #include "xmalloc.h" |
34 | #include "port-linux.h" | 40 | #include "port-linux.h" |
@@ -58,7 +64,7 @@ ssh_selinux_enabled(void) | |||
58 | 64 | ||
59 | /* Return the default security context for the given username */ | 65 | /* Return the default security context for the given username */ |
60 | static security_context_t | 66 | static security_context_t |
61 | ssh_selinux_getctxbyname(char *pwname) | 67 | ssh_selinux_getctxbyname(char *pwname, const char *role) |
62 | { | 68 | { |
63 | security_context_t sc = NULL; | 69 | security_context_t sc = NULL; |
64 | char *sename = NULL, *lvl = NULL; | 70 | char *sename = NULL, *lvl = NULL; |
@@ -73,9 +79,16 @@ ssh_selinux_getctxbyname(char *pwname) | |||
73 | #endif | 79 | #endif |
74 | 80 | ||
75 | #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL | 81 | #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL |
76 | r = get_default_context_with_level(sename, lvl, NULL, &sc); | 82 | if (role != NULL && role[0]) |
83 | r = get_default_context_with_rolelevel(sename, role, lvl, NULL, | ||
84 | &sc); | ||
85 | else | ||
86 | r = get_default_context_with_level(sename, lvl, NULL, &sc); | ||
77 | #else | 87 | #else |
78 | r = get_default_context(sename, NULL, &sc); | 88 | if (role != NULL && role[0]) |
89 | r = get_default_context_with_role(sename, role, NULL, &sc); | ||
90 | else | ||
91 | r = get_default_context(sename, NULL, &sc); | ||
79 | #endif | 92 | #endif |
80 | 93 | ||
81 | if (r != 0) { | 94 | if (r != 0) { |
@@ -105,7 +118,7 @@ ssh_selinux_getctxbyname(char *pwname) | |||
105 | 118 | ||
106 | /* Set the execution context to the default for the specified user */ | 119 | /* Set the execution context to the default for the specified user */ |
107 | void | 120 | void |
108 | ssh_selinux_setup_exec_context(char *pwname) | 121 | ssh_selinux_setup_exec_context(char *pwname, const char *role) |
109 | { | 122 | { |
110 | security_context_t user_ctx = NULL; | 123 | security_context_t user_ctx = NULL; |
111 | 124 | ||
@@ -114,7 +127,7 @@ ssh_selinux_setup_exec_context(char *pwname) | |||
114 | 127 | ||
115 | debug3("%s: setting execution context", __func__); | 128 | debug3("%s: setting execution context", __func__); |
116 | 129 | ||
117 | user_ctx = ssh_selinux_getctxbyname(pwname); | 130 | user_ctx = ssh_selinux_getctxbyname(pwname, role); |
118 | if (setexeccon(user_ctx) != 0) { | 131 | if (setexeccon(user_ctx) != 0) { |
119 | switch (security_getenforce()) { | 132 | switch (security_getenforce()) { |
120 | case -1: | 133 | case -1: |
@@ -136,7 +149,7 @@ ssh_selinux_setup_exec_context(char *pwname) | |||
136 | 149 | ||
137 | /* Set the TTY context for the specified user */ | 150 | /* Set the TTY context for the specified user */ |
138 | void | 151 | void |
139 | ssh_selinux_setup_pty(char *pwname, const char *tty) | 152 | ssh_selinux_setup_pty(char *pwname, const char *tty, const char *role) |
140 | { | 153 | { |
141 | security_context_t new_tty_ctx = NULL; | 154 | security_context_t new_tty_ctx = NULL; |
142 | security_context_t user_ctx = NULL; | 155 | security_context_t user_ctx = NULL; |
@@ -147,7 +160,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty) | |||
147 | 160 | ||
148 | debug3("%s: setting TTY context on %s", __func__, tty); | 161 | debug3("%s: setting TTY context on %s", __func__, tty); |
149 | 162 | ||
150 | user_ctx = ssh_selinux_getctxbyname(pwname); | 163 | user_ctx = ssh_selinux_getctxbyname(pwname, role); |
151 | 164 | ||
152 | /* XXX: should these calls fatal() upon failure in enforcing mode? */ | 165 | /* XXX: should these calls fatal() upon failure in enforcing mode? */ |
153 | 166 | ||
diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h index e3d1004aa..80ce13ad9 100644 --- a/openbsd-compat/port-linux.h +++ b/openbsd-compat/port-linux.h | |||
@@ -21,8 +21,8 @@ | |||
21 | 21 | ||
22 | #ifdef WITH_SELINUX | 22 | #ifdef WITH_SELINUX |
23 | int ssh_selinux_enabled(void); | 23 | int ssh_selinux_enabled(void); |
24 | void ssh_selinux_setup_pty(char *, const char *); | 24 | void ssh_selinux_setup_pty(char *, const char *, const char *); |
25 | void ssh_selinux_setup_exec_context(char *); | 25 | void ssh_selinux_setup_exec_context(char *, const char *); |
26 | void ssh_selinux_change_context(const char *); | 26 | void ssh_selinux_change_context(const char *); |
27 | void ssh_selinux_setfscreatecon(const char *); | 27 | void ssh_selinux_setfscreatecon(const char *); |
28 | #endif | 28 | #endif |
diff --git a/platform.c b/platform.c index 30fc60909..4aab9a9cd 100644 --- a/platform.c +++ b/platform.c | |||
@@ -142,7 +142,7 @@ platform_setusercontext(struct passwd *pw) | |||
142 | * called if sshd is running as root. | 142 | * called if sshd is running as root. |
143 | */ | 143 | */ |
144 | void | 144 | void |
145 | platform_setusercontext_post_groups(struct passwd *pw) | 145 | platform_setusercontext_post_groups(struct passwd *pw, const char *role) |
146 | { | 146 | { |
147 | #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) | 147 | #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) |
148 | /* | 148 | /* |
@@ -183,7 +183,7 @@ platform_setusercontext_post_groups(struct passwd *pw) | |||
183 | } | 183 | } |
184 | #endif /* HAVE_SETPCRED */ | 184 | #endif /* HAVE_SETPCRED */ |
185 | #ifdef WITH_SELINUX | 185 | #ifdef WITH_SELINUX |
186 | ssh_selinux_setup_exec_context(pw->pw_name); | 186 | ssh_selinux_setup_exec_context(pw->pw_name, role); |
187 | #endif | 187 | #endif |
188 | } | 188 | } |
189 | 189 | ||
diff --git a/platform.h b/platform.h index 1c7a45d8f..436ae7c4f 100644 --- a/platform.h +++ b/platform.h | |||
@@ -27,7 +27,7 @@ void platform_post_fork_parent(pid_t child_pid); | |||
27 | void platform_post_fork_child(void); | 27 | void platform_post_fork_child(void); |
28 | int platform_privileged_uidswap(void); | 28 | int platform_privileged_uidswap(void); |
29 | void platform_setusercontext(struct passwd *); | 29 | void platform_setusercontext(struct passwd *); |
30 | void platform_setusercontext_post_groups(struct passwd *); | 30 | void platform_setusercontext_post_groups(struct passwd *, const char *); |
31 | char *platform_get_krb5_client(const char *); | 31 | char *platform_get_krb5_client(const char *); |
32 | char *platform_krb5_get_principal_name(const char *); | 32 | char *platform_krb5_get_principal_name(const char *); |
33 | int platform_sys_dir_uid(uid_t); | 33 | int platform_sys_dir_uid(uid_t); |
@@ -1497,7 +1497,7 @@ safely_chroot(const char *path, uid_t uid) | |||
1497 | 1497 | ||
1498 | /* Set login name, uid, gid, and groups. */ | 1498 | /* Set login name, uid, gid, and groups. */ |
1499 | void | 1499 | void |
1500 | do_setusercontext(struct passwd *pw) | 1500 | do_setusercontext(struct passwd *pw, const char *role) |
1501 | { | 1501 | { |
1502 | char *chroot_path, *tmp; | 1502 | char *chroot_path, *tmp; |
1503 | 1503 | ||
@@ -1525,7 +1525,7 @@ do_setusercontext(struct passwd *pw) | |||
1525 | endgrent(); | 1525 | endgrent(); |
1526 | #endif | 1526 | #endif |
1527 | 1527 | ||
1528 | platform_setusercontext_post_groups(pw); | 1528 | platform_setusercontext_post_groups(pw, role); |
1529 | 1529 | ||
1530 | if (options.chroot_directory != NULL && | 1530 | if (options.chroot_directory != NULL && |
1531 | strcasecmp(options.chroot_directory, "none") != 0) { | 1531 | strcasecmp(options.chroot_directory, "none") != 0) { |
@@ -1674,7 +1674,7 @@ do_child(Session *s, const char *command) | |||
1674 | 1674 | ||
1675 | /* Force a password change */ | 1675 | /* Force a password change */ |
1676 | if (s->authctxt->force_pwchange) { | 1676 | if (s->authctxt->force_pwchange) { |
1677 | do_setusercontext(pw); | 1677 | do_setusercontext(pw, s->authctxt->role); |
1678 | child_close_fds(); | 1678 | child_close_fds(); |
1679 | do_pwchange(s); | 1679 | do_pwchange(s); |
1680 | exit(1); | 1680 | exit(1); |
@@ -1701,7 +1701,7 @@ do_child(Session *s, const char *command) | |||
1701 | /* When PAM is enabled we rely on it to do the nologin check */ | 1701 | /* When PAM is enabled we rely on it to do the nologin check */ |
1702 | if (!options.use_pam) | 1702 | if (!options.use_pam) |
1703 | do_nologin(pw); | 1703 | do_nologin(pw); |
1704 | do_setusercontext(pw); | 1704 | do_setusercontext(pw, s->authctxt->role); |
1705 | /* | 1705 | /* |
1706 | * PAM session modules in do_setusercontext may have | 1706 | * PAM session modules in do_setusercontext may have |
1707 | * generated messages, so if this in an interactive | 1707 | * generated messages, so if this in an interactive |
@@ -2112,7 +2112,7 @@ session_pty_req(Session *s) | |||
2112 | tty_parse_modes(s->ttyfd, &n_bytes); | 2112 | tty_parse_modes(s->ttyfd, &n_bytes); |
2113 | 2113 | ||
2114 | if (!use_privsep) | 2114 | if (!use_privsep) |
2115 | pty_setowner(s->pw, s->tty); | 2115 | pty_setowner(s->pw, s->tty, s->authctxt->role); |
2116 | 2116 | ||
2117 | /* Set window size from the packet. */ | 2117 | /* Set window size from the packet. */ |
2118 | pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); | 2118 | pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); |
@@ -77,7 +77,7 @@ void session_pty_cleanup2(Session *); | |||
77 | Session *session_new(void); | 77 | Session *session_new(void); |
78 | Session *session_by_tty(char *); | 78 | Session *session_by_tty(char *); |
79 | void session_close(Session *); | 79 | void session_close(Session *); |
80 | void do_setusercontext(struct passwd *); | 80 | void do_setusercontext(struct passwd *, const char *); |
81 | void child_set_env(char ***envp, u_int *envsizep, const char *name, | 81 | void child_set_env(char ***envp, u_int *envsizep, const char *name, |
82 | const char *value); | 82 | const char *value); |
83 | 83 | ||
@@ -763,7 +763,7 @@ privsep_postauth(Authctxt *authctxt) | |||
763 | bzero(rnd, sizeof(rnd)); | 763 | bzero(rnd, sizeof(rnd)); |
764 | 764 | ||
765 | /* Drop privileges */ | 765 | /* Drop privileges */ |
766 | do_setusercontext(authctxt->pw); | 766 | do_setusercontext(authctxt->pw, authctxt->role); |
767 | 767 | ||
768 | skip: | 768 | skip: |
769 | /* It is safe now to apply the key state */ | 769 | /* It is safe now to apply the key state */ |
@@ -200,7 +200,7 @@ pty_change_window_size(int ptyfd, u_int row, u_int col, | |||
200 | } | 200 | } |
201 | 201 | ||
202 | void | 202 | void |
203 | pty_setowner(struct passwd *pw, const char *tty) | 203 | pty_setowner(struct passwd *pw, const char *tty, const char *role) |
204 | { | 204 | { |
205 | struct group *grp; | 205 | struct group *grp; |
206 | gid_t gid; | 206 | gid_t gid; |
@@ -227,7 +227,7 @@ pty_setowner(struct passwd *pw, const char *tty) | |||
227 | strerror(errno)); | 227 | strerror(errno)); |
228 | 228 | ||
229 | #ifdef WITH_SELINUX | 229 | #ifdef WITH_SELINUX |
230 | ssh_selinux_setup_pty(pw->pw_name, tty); | 230 | ssh_selinux_setup_pty(pw->pw_name, tty, role); |
231 | #endif | 231 | #endif |
232 | 232 | ||
233 | if (st.st_uid != pw->pw_uid || st.st_gid != gid) { | 233 | if (st.st_uid != pw->pw_uid || st.st_gid != gid) { |
@@ -24,4 +24,4 @@ int pty_allocate(int *, int *, char *, size_t); | |||
24 | void pty_release(const char *); | 24 | void pty_release(const char *); |
25 | void pty_make_controlling_tty(int *, const char *); | 25 | void pty_make_controlling_tty(int *, const char *); |
26 | void pty_change_window_size(int, u_int, u_int, u_int, u_int); | 26 | void pty_change_window_size(int, u_int, u_int, u_int, u_int); |
27 | void pty_setowner(struct passwd *, const char *); | 27 | void pty_setowner(struct passwd *, const char *, const char *); |