Handle SELinux authorisation roles

Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2015-08-19 Patch-Name: selinux-role.patch
author: Manoj Srivastava <srivasta@debian.org> 2014-02-09 16:09:49 +0000
committer: Colin Watson <cjwatson@debian.org> 2015-08-19 16:33:31 +0100
commit: b9e97e15e25e4c836cb550213e3ee59b19096f9d (patch)
tree: d8870e17816f6fcc95f02abcbf136aac19440939 /auth1.c
parent: 7df209aed8ded9a6cab34e704576998786bdc890 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/auth1.c b/auth1.c
index 5073c49bb..dd0064832 100644
--- a/auth1.c
+++ b/auth1.c
@@ -383,7 +383,7 @@ void
 do_authentication(Authctxt *authctxt)
 {
        u_int ulen;
-        char *user, *style = NULL;
+        char *user, *style = NULL, *role = NULL;
        /* Get the name of the user that we wish to log in as. */
        packet_read_expect(SSH_CMSG_USER);
@@ -392,11 +392,17 @@ do_authentication(Authctxt *authctxt)
        user = packet_get_cstring(&ulen);
        packet_check_eom();
+        if ((role = strchr(user, '/')) != NULL)
+                *role++ = '\0';
        if ((style = strchr(user, ':')) != NULL)
                *style++ = '\0';
+        else if (role && (style = strchr(role, ':')) != NULL)
+                *style++ = '\0';
        authctxt->user = user;
        authctxt->style = style;
+        authctxt->role = role;
        /* Verify that the user is a valid user. */
        if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
author	Manoj Srivastava <srivasta@debian.org>	2014-02-09 16:09:49 +0000
committer	Colin Watson <cjwatson@debian.org>	2015-08-19 16:33:31 +0100
commit	b9e97e15e25e4c836cb550213e3ee59b19096f9d (patch)
tree	d8870e17816f6fcc95f02abcbf136aac19440939 /auth1.c
parent	7df209aed8ded9a6cab34e704576998786bdc890 (diff)