New upstream release (7.4p1).

1 files changed, 60 insertions, 91 deletions

diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index bcb61480d..9ab9394b3 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -1,4 +1,4 @@
-From 7a7851c903e5dbb58a85014deb2c88cb718068c9 Mon Sep 17 00:00:00 2001
+From 5e4ebd6472d995738a2c67d618c4bd1ee2c00968 Mon Sep 17 00:00:00 2001
 From: Manoj Srivastava <srivasta@debian.org>
 Date: Sun, 9 Feb 2014 16:09:49 +0000
 Subject: Handle SELinux authorisation roles
@@ -14,7 +14,6 @@ Last-Update: 2015-08-19
 Patch-Name: selinux-role.patch
 ---
  auth.h                      |  1 +
- auth1.c                     |  8 +++++++-
  auth2.c                     | 10 ++++++++--
  monitor.c                   | 32 +++++++++++++++++++++++++++++---
  monitor.h                   |  2 ++
@@ -29,10 +28,10 @@ Patch-Name: selinux-role.patch
  sshd.c                      |  2 +-
  sshpty.c                    |  4 ++--
  sshpty.h                    |  2 +-
- 16 files changed, 104 insertions(+), 31 deletions(-)
+ 15 files changed, 97 insertions(+), 30 deletions(-)
 
 diff --git a/auth.h b/auth.h
-index 55170af..50baeaa 100644
+index 338a62da..8c658d16 100644
 --- a/auth.h
 +++ b/auth.h
 @@ -62,6 +62,7 @@ struct Authctxt {
@@ -43,39 +42,8 @@ index 55170af..50baeaa 100644
         void            *kbdintctxt;
         char            *info;          /* Extra info for next auth_log */
  #ifdef BSD_AUTH
-diff --git a/auth1.c b/auth1.c
-index 5073c49..dd00648 100644
---- a/auth1.c
-+++ b/auth1.c
-@@ -383,7 +383,7 @@ void
- do_authentication(Authctxt *authctxt)
- {
-        u_int ulen;
--       char *user, *style = NULL;
-+       char *user, *style = NULL, *role = NULL;
- 
-        /* Get the name of the user that we wish to log in as. */
-        packet_read_expect(SSH_CMSG_USER);
-@@ -392,11 +392,17 @@ do_authentication(Authctxt *authctxt)
-        user = packet_get_cstring(&ulen);
-        packet_check_eom();
- 
-+       if ((role = strchr(user, '/')) != NULL)
-+               *role++ = '\0';
-+
-        if ((style = strchr(user, ':')) != NULL)
-                *style++ = '\0';
-+       else if (role && (style = strchr(role, ':')) != NULL)
-+               *style++ = '\0';
- 
-        authctxt->user = user;
-        authctxt->style = style;
-+       authctxt->role = role;
- 
-        /* Verify that the user is a valid user. */
-        if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
 diff --git a/auth2.c b/auth2.c
-index ce0d376..461311b 100644
+index ce0d3760..461311bd 100644
 --- a/auth2.c
 +++ b/auth2.c
 @@ -216,7 +216,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
@@ -113,10 +81,10 @@ index ce0d376..461311b 100644
                 if (auth2_setup_methods_lists(authctxt) != 0)
                         packet_disconnect("no authentication methods enabled");
 diff --git a/monitor.c b/monitor.c
-index 05bb48a..e91054e 100644
+index 76d9e346..64286a12 100644
 --- a/monitor.c
 +++ b/monitor.c
-@@ -128,6 +128,7 @@ int mm_answer_sign(int, Buffer *);
+@@ -127,6 +127,7 @@ int mm_answer_sign(int, Buffer *);
  int mm_answer_pwnamallow(int, Buffer *);
  int mm_answer_auth2_read_banner(int, Buffer *);
  int mm_answer_authserv(int, Buffer *);
@@ -124,7 +92,7 @@ index 05bb48a..e91054e 100644
  int mm_answer_authpassword(int, Buffer *);
  int mm_answer_bsdauthquery(int, Buffer *);
  int mm_answer_bsdauthrespond(int, Buffer *);
-@@ -209,6 +210,7 @@ struct mon_table mon_dispatch_proto20[] = {
+@@ -204,6 +205,7 @@ struct mon_table mon_dispatch_proto20[] = {
      {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
      {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
      {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -132,15 +100,15 @@ index 05bb48a..e91054e 100644
      {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
      {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
  #ifdef USE_PAM
-@@ -880,6 +882,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
-        else {
-                /* Allow service/style information on the auth context */
-                monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
-+               monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
-                monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
-        }
+@@ -786,6 +788,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
+ 
+        /* Allow service/style information on the auth context */
+        monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
++       monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
+        monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
+ 
  #ifdef USE_PAM
-@@ -910,14 +913,37 @@ mm_answer_authserv(int sock, Buffer *m)
+@@ -816,14 +819,37 @@ mm_answer_authserv(int sock, Buffer *m)
  
         authctxt->service = buffer_get_string(m, NULL);
         authctxt->style = buffer_get_string(m, NULL);
@@ -180,7 +148,7 @@ index 05bb48a..e91054e 100644
         return (0);
  }
  
-@@ -1553,7 +1579,7 @@ mm_answer_pty(int sock, Buffer *m)
+@@ -1458,7 +1484,7 @@ mm_answer_pty(int sock, Buffer *m)
         res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
         if (res == 0)
                 goto error;
@@ -190,7 +158,7 @@ index 05bb48a..e91054e 100644
         buffer_put_int(m, 1);
         buffer_put_cstring(m, s->tty);
 diff --git a/monitor.h b/monitor.h
-index bc50ade..2d82b8b 100644
+index ec41404c..4c7955d7 100644
 --- a/monitor.h
 +++ b/monitor.h
 @@ -68,6 +68,8 @@ enum monitor_reqtype {
@@ -201,12 +169,12 @@ index bc50ade..2d82b8b 100644
 +
  };
  
- struct mm_master;
+ struct monitor {
 diff --git a/monitor_wrap.c b/monitor_wrap.c
-index 5a9f1b5..11e3a69 100644
+index d5cb640a..2ff8064a 100644
 --- a/monitor_wrap.c
 +++ b/monitor_wrap.c
-@@ -328,10 +328,10 @@ mm_auth2_read_banner(void)
+@@ -327,10 +327,10 @@ mm_auth2_read_banner(void)
         return (banner);
  }
  
@@ -219,7 +187,7 @@ index 5a9f1b5..11e3a69 100644
  {
         Buffer m;
  
-@@ -340,12 +340,30 @@ mm_inform_authserv(char *service, char *style)
+@@ -339,12 +339,30 @@ mm_inform_authserv(char *service, char *style)
         buffer_init(&m);
         buffer_put_cstring(&m, service);
         buffer_put_cstring(&m, style ? style : "");
@@ -251,7 +219,7 @@ index 5a9f1b5..11e3a69 100644
  int
  mm_auth_password(Authctxt *authctxt, char *password)
 diff --git a/monitor_wrap.h b/monitor_wrap.h
-index b5414c2..d5b3334 100644
+index 8f9dd896..3e75867c 100644
 --- a/monitor_wrap.h
 +++ b/monitor_wrap.h
 @@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char *, void *);
@@ -265,10 +233,10 @@ index b5414c2..d5b3334 100644
  char *mm_auth2_read_banner(void);
  int mm_auth_password(struct Authctxt *, char *);
 diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
-index f36999d..f9cdc15 100644
+index e4c5d1b7..e26faf08 100644
 --- a/openbsd-compat/port-linux.c
 +++ b/openbsd-compat/port-linux.c
-@@ -29,6 +29,12 @@
+@@ -27,6 +27,12 @@
  #include <string.h>
  #include <stdio.h>
  
@@ -281,7 +249,7 @@ index f36999d..f9cdc15 100644
  #include "log.h"
  #include "xmalloc.h"
  #include "port-linux.h"
-@@ -58,7 +64,7 @@ ssh_selinux_enabled(void)
+@@ -56,7 +62,7 @@ ssh_selinux_enabled(void)
  
  /* Return the default security context for the given username */
  static security_context_t
@@ -290,7 +258,7 @@ index f36999d..f9cdc15 100644
  {
         security_context_t sc = NULL;
         char *sename = NULL, *lvl = NULL;
-@@ -73,9 +79,16 @@ ssh_selinux_getctxbyname(char *pwname)
+@@ -71,9 +77,16 @@ ssh_selinux_getctxbyname(char *pwname)
  #endif
  
  #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
@@ -309,7 +277,7 @@ index f36999d..f9cdc15 100644
  #endif
  
         if (r != 0) {
-@@ -105,7 +118,7 @@ ssh_selinux_getctxbyname(char *pwname)
+@@ -103,7 +116,7 @@ ssh_selinux_getctxbyname(char *pwname)
  
  /* Set the execution context to the default for the specified user */
  void
@@ -318,7 +286,7 @@ index f36999d..f9cdc15 100644
  {
         security_context_t user_ctx = NULL;
  
-@@ -114,7 +127,7 @@ ssh_selinux_setup_exec_context(char *pwname)
+@@ -112,7 +125,7 @@ ssh_selinux_setup_exec_context(char *pwname)
  
         debug3("%s: setting execution context", __func__);
  
@@ -327,7 +295,7 @@ index f36999d..f9cdc15 100644
         if (setexeccon(user_ctx) != 0) {
                 switch (security_getenforce()) {
                 case -1:
-@@ -136,7 +149,7 @@ ssh_selinux_setup_exec_context(char *pwname)
+@@ -134,7 +147,7 @@ ssh_selinux_setup_exec_context(char *pwname)
  
  /* Set the TTY context for the specified user */
  void
@@ -336,7 +304,7 @@ index f36999d..f9cdc15 100644
  {
         security_context_t new_tty_ctx = NULL;
         security_context_t user_ctx = NULL;
-@@ -147,7 +160,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
+@@ -145,7 +158,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
  
         debug3("%s: setting TTY context on %s", __func__, tty);
  
@@ -346,10 +314,10 @@ index f36999d..f9cdc15 100644
         /* XXX: should these calls fatal() upon failure in enforcing mode? */
  
 diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
-index e3d1004..80ce13a 100644
+index 3c22a854..c8812942 100644
 --- a/openbsd-compat/port-linux.h
 +++ b/openbsd-compat/port-linux.h
-@@ -21,8 +21,8 @@
+@@ -19,8 +19,8 @@
  
  #ifdef WITH_SELINUX
  int ssh_selinux_enabled(void);
@@ -361,10 +329,10 @@ index e3d1004..80ce13a 100644
  void ssh_selinux_setfscreatecon(const char *);
  #endif
 diff --git a/platform.c b/platform.c
-index acf8554..4831706 100644
+index 973a63e4..cd7bf566 100644
 --- a/platform.c
 +++ b/platform.c
-@@ -145,7 +145,7 @@ platform_setusercontext(struct passwd *pw)
+@@ -143,7 +143,7 @@ platform_setusercontext(struct passwd *pw)
   * called if sshd is running as root.
   */
  void
@@ -373,7 +341,7 @@ index acf8554..4831706 100644
  {
  #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
         /*
-@@ -186,7 +186,7 @@ platform_setusercontext_post_groups(struct passwd *pw)
+@@ -184,7 +184,7 @@ platform_setusercontext_post_groups(struct passwd *pw)
         }
  #endif /* HAVE_SETPCRED */
  #ifdef WITH_SELINUX
@@ -383,10 +351,10 @@ index acf8554..4831706 100644
  }
  
 diff --git a/platform.h b/platform.h
-index e97ecd9..5b72304 100644
+index ea4f9c58..60d72ffe 100644
 --- a/platform.h
 +++ b/platform.h
-@@ -27,7 +27,7 @@ void platform_post_fork_parent(pid_t child_pid);
+@@ -25,7 +25,7 @@ void platform_post_fork_parent(pid_t child_pid);
  void platform_post_fork_child(void);
  int  platform_privileged_uidswap(void);
  void platform_setusercontext(struct passwd *);
@@ -396,10 +364,10 @@ index e97ecd9..5b72304 100644
  char *platform_krb5_get_principal_name(const char *);
  int platform_sys_dir_uid(uid_t);
 diff --git a/session.c b/session.c
-index 2235f26..6dfcf84 100644
+index a08aa69d..ea3871eb 100644
 --- a/session.c
 +++ b/session.c
-@@ -1517,7 +1517,7 @@ safely_chroot(const char *path, uid_t uid)
+@@ -1325,7 +1325,7 @@ safely_chroot(const char *path, uid_t uid)
  
  /* Set login name, uid, gid, and groups. */
  void
@@ -408,7 +376,7 @@ index 2235f26..6dfcf84 100644
  {
         char *chroot_path, *tmp;
  
-@@ -1545,7 +1545,7 @@ do_setusercontext(struct passwd *pw)
+@@ -1353,7 +1353,7 @@ do_setusercontext(struct passwd *pw)
                 endgrent();
  #endif
  
@@ -417,7 +385,7 @@ index 2235f26..6dfcf84 100644
  
                 if (!in_chroot && options.chroot_directory != NULL &&
                     strcasecmp(options.chroot_directory, "none") != 0) {
-@@ -1703,7 +1703,7 @@ do_child(Session *s, const char *command)
+@@ -1489,7 +1489,7 @@ do_child(Session *s, const char *command)
  
         /* Force a password change */
         if (s->authctxt->force_pwchange) {
@@ -426,16 +394,16 @@ index 2235f26..6dfcf84 100644
                 child_close_fds();
                 do_pwchange(s);
                 exit(1);
-@@ -1730,7 +1730,7 @@ do_child(Session *s, const char *command)
-                /* When PAM is enabled we rely on it to do the nologin check */
-                if (!options.use_pam)
-                        do_nologin(pw);
--               do_setusercontext(pw);
-+               do_setusercontext(pw, s->authctxt->role);
-                /*
-                 * PAM session modules in do_setusercontext may have
-                 * generated messages, so if this in an interactive
-@@ -2141,7 +2141,7 @@ session_pty_req(Session *s)
+@@ -1511,7 +1511,7 @@ do_child(Session *s, const char *command)
+        /* When PAM is enabled we rely on it to do the nologin check */
+        if (!options.use_pam)
+                do_nologin(pw);
+-       do_setusercontext(pw);
++       do_setusercontext(pw, s->authctxt->role);
+        /*
+         * PAM session modules in do_setusercontext may have
+         * generated messages, so if this in an interactive
+@@ -1903,7 +1903,7 @@ session_pty_req(Session *s)
         tty_parse_modes(s->ttyfd, &n_bytes);
  
         if (!use_privsep)
@@ -445,10 +413,10 @@ index 2235f26..6dfcf84 100644
         /* Set window size from the packet. */
         pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
 diff --git a/session.h b/session.h
-index f18eaf3..2b7d939 100644
+index 98e1dafe..0a31dce4 100644
 --- a/session.h
 +++ b/session.h
-@@ -77,7 +77,7 @@ void   session_pty_cleanup2(Session *);
+@@ -76,7 +76,7 @@ void   session_pty_cleanup2(Session *);
  Session        *session_new(void);
  Session        *session_by_tty(char *);
  void    session_close(Session *);
@@ -458,11 +426,11 @@ index f18eaf3..2b7d939 100644
                        const char *value);
  
 diff --git a/sshd.c b/sshd.c
-index 982e545..76306da 100644
+index 4f791b92..5a3f796d 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -787,7 +787,7 @@ privsep_postauth(Authctxt *authctxt)
-        explicit_bzero(rnd, sizeof(rnd));
+@@ -678,7 +678,7 @@ privsep_postauth(Authctxt *authctxt)
+        reseed_prngs();
  
         /* Drop privileges */
 -       do_setusercontext(authctxt->pw);
@@ -471,7 +439,7 @@ index 982e545..76306da 100644
   skip:
         /* It is safe now to apply the key state */
 diff --git a/sshpty.c b/sshpty.c
-index 15da8c6..e89efb7 100644
+index fe2fb5aa..feb22b06 100644
 --- a/sshpty.c
 +++ b/sshpty.c
 @@ -187,7 +187,7 @@ pty_change_window_size(int ptyfd, u_int row, u_int col,
@@ -493,12 +461,13 @@ index 15da8c6..e89efb7 100644
  
         if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
 diff --git a/sshpty.h b/sshpty.h
-index cfa3224..edf2436 100644
+index 9ec7e9a1..de7e000a 100644
 --- a/sshpty.h
 +++ b/sshpty.h
-@@ -24,4 +24,4 @@ int    pty_allocate(int *, int *, char *, size_t);
+@@ -24,5 +24,5 @@ int    pty_allocate(int *, int *, char *, size_t);
  void    pty_release(const char *);
  void    pty_make_controlling_tty(int *, const char *);
  void    pty_change_window_size(int, u_int, u_int, u_int, u_int);
 -void    pty_setowner(struct passwd *, const char *);
 +void    pty_setowner(struct passwd *, const char *, const char *);
+ void    disconnect_controlling_tty(void);