New upstream release (7.8p1)

Closes: #907534
author: Colin Watson <cjwatson@debian.org> 2018-08-24 12:49:36 +0100
committer: Colin Watson <cjwatson@debian.org> 2018-08-30 00:57:27 +0100
commit: 816386e17654ca36834bebbf351419e460fad8f6 (patch)
tree: 3dc79d831cb73bc25b92f5a4d18f8e328c0c570a /debian/patches/selinux-role.patch
parent: 3e6f76c7039d3df22b1d0a3a5f30150efb09b69d (diff)
parent: 16a47fc4b04977a14f44dd433c8da1499fa80671 (diff)
1 files changed, 88 insertions, 89 deletions
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index 5c0bad093..95d582067 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -1,4 +1,4 @@
-From 7da968d97beba5fb80a5488516563ea1376db907 Mon Sep 17 00:00:00 2001
+From 03979f2e0768e146d179c66f2d2e33afe61c1be3 Mon Sep 17 00:00:00 2001
 From: Manoj Srivastava <srivasta@debian.org>
 Date: Sun, 9 Feb 2014 16:09:49 +0000
 Subject: Handle SELinux authorisation roles
@@ -9,17 +9,17 @@ SELinux maintainer, so we'll keep it until we have something better.
 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
 Bug-Debian: http://bugs.debian.org/394795
-Last-Update: 2017-10-04
+Last-Update: 2018-08-24
 Patch-Name: selinux-role.patch
 ---
 auth.h                      |  1 +
 auth2.c                     | 10 ++++++++--
- monitor.c                   | 32 +++++++++++++++++++++++++++++---
+ monitor.c                   | 37 +++++++++++++++++++++++++++++++++----
 monitor.h                   |  2 ++
- monitor_wrap.c              | 22 ++++++++++++++++++++--
+ monitor_wrap.c              | 27 ++++++++++++++++++++++++---
 monitor_wrap.h              |  3 ++-
- openbsd-compat/port-linux.c | 27 ++++++++++++++++++++-------
+ openbsd-compat/port-linux.c | 21 ++++++++++++++-------
 openbsd-compat/port-linux.h |  4 ++--
 platform.c                  |  4 ++--
 platform.h                  |  2 +-
@@ -28,10 +28,10 @@ Patch-Name: selinux-role.patch
 sshd.c                      |  2 +-
 sshpty.c                    |  4 ++--
 sshpty.h                    |  2 +-
- 15 files changed, 97 insertions(+), 30 deletions(-)
+ 15 files changed, 99 insertions(+), 32 deletions(-)
 diff --git a/auth.h b/auth.h
-index 23ce67caf..15ba7073e 100644
+index 977562f0a..90802a5eb 100644
 --- a/auth.h
 +++ b/auth.h
 @@ -65,6 +65,7 @@ struct Authctxt {
@@ -43,19 +43,19 @@ index 23ce67caf..15ba7073e 100644
        /* Method lists for multiple authentication */
        char            **auth_methods; /* modified from server config */
 diff --git a/auth2.c b/auth2.c
-index c34f58c45..be5e9f15f 100644
+index 96efe164c..90a247c1c 100644
 --- a/auth2.c
 +++ b/auth2.c
-@@ -218,7 +218,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
+@@ -257,7 +257,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
 {
        Authctxt *authctxt = ssh->authctxt;
        Authmethod *m = NULL;
 -       char *user, *service, *method, *style = NULL;
 +       char *user, *service, *method, *style = NULL, *role = NULL;
        int authenticated = 0;
+        double tstart = monotime_double();
 
-        if (authctxt == NULL)
+@@ -270,8 +270,13 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
-@@ -230,8 +230,13 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
        debug("userauth-request for user %s service %s method %s", user, service, method);
        debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
 
@@ -69,7 +69,7 @@ index c34f58c45..be5e9f15f 100644
 
        if (authctxt->attempt++ == 0) {
                /* setup auth context */
-@@ -258,8 +263,9 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
+@@ -298,8 +303,9 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
                    use_privsep ? " [net]" : "");
                authctxt->service = xstrdup(service);
                authctxt->style = style ? xstrdup(style) : NULL;
@@ -81,18 +81,18 @@ index c34f58c45..be5e9f15f 100644
                if (auth2_setup_methods_lists(authctxt) != 0)
                        packet_disconnect("no authentication methods enabled");
 diff --git a/monitor.c b/monitor.c
-index 868fb0d2d..ed37458fb 100644
+index 4e574a2ae..c1e7e9b80 100644
 --- a/monitor.c
 +++ b/monitor.c
-@@ -128,6 +128,7 @@ int mm_answer_sign(int, Buffer *);
+@@ -115,6 +115,7 @@ int mm_answer_sign(int, struct sshbuf *);
- int mm_answer_pwnamallow(int, Buffer *);
+ int mm_answer_pwnamallow(int, struct sshbuf *);
- int mm_answer_auth2_read_banner(int, Buffer *);
+ int mm_answer_auth2_read_banner(int, struct sshbuf *);
- int mm_answer_authserv(int, Buffer *);
+ int mm_answer_authserv(int, struct sshbuf *);
-+int mm_answer_authrole(int, Buffer *);
+int mm_answer_authrole(int, struct sshbuf *);
- int mm_answer_authpassword(int, Buffer *);
+ int mm_answer_authpassword(int, struct sshbuf *);
- int mm_answer_bsdauthquery(int, Buffer *);
+ int mm_answer_bsdauthquery(int, struct sshbuf *);
- int mm_answer_bsdauthrespond(int, Buffer *);
+ int mm_answer_bsdauthrespond(int, struct sshbuf *);
-@@ -206,6 +207,7 @@ struct mon_table mon_dispatch_proto20[] = {
+@@ -191,6 +192,7 @@ struct mon_table mon_dispatch_proto20[] = {
     {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
     {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -100,7 +100,7 @@ index 868fb0d2d..ed37458fb 100644
     {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
     {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
 #ifdef USE_PAM
-@@ -806,6 +808,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
+@@ -813,6 +815,7 @@ mm_answer_pwnamallow(int sock, struct sshbuf *m)
 
        /* Allow service/style information on the auth context */
        monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@@ -108,13 +108,16 @@ index 868fb0d2d..ed37458fb 100644
        monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
 
 #ifdef USE_PAM
-@@ -836,14 +839,37 @@ mm_answer_authserv(int sock, Buffer *m)
+@@ -846,16 +849,42 @@ mm_answer_authserv(int sock, struct sshbuf *m)
- 
+        monitor_permit_authentications(1);
-        authctxt->service = buffer_get_string(m, NULL);
+ 
-        authctxt->style = buffer_get_string(m, NULL);
+        if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 ||
+-           (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0)
+           (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0 ||
+           (r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
 -       debug3("%s: service=%s, style=%s",
 -           __func__, authctxt->service, authctxt->style);
-+       authctxt->role = buffer_get_string(m, NULL);
 +       debug3("%s: service=%s, style=%s, role=%s",
 +           __func__, authctxt->service, authctxt->style, authctxt->role);
 
@@ -132,11 +135,14 @@ index 868fb0d2d..ed37458fb 100644
 +}
 +
 +int
-+mm_answer_authrole(int sock, Buffer *m)
+mm_answer_authrole(int sock, struct sshbuf *m)
 +{
+       int r;
+
 +       monitor_permit_authentications(1);
 +
-+       authctxt->role = buffer_get_string(m, NULL);
+       if ((r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0)
+               fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +       debug3("%s: role=%s",
 +           __func__, authctxt->role);
 +
@@ -148,20 +154,20 @@ index 868fb0d2d..ed37458fb 100644
        return (0);
 }
 
-@@ -1497,7 +1523,7 @@ mm_answer_pty(int sock, Buffer *m)
+@@ -1497,7 +1526,7 @@ mm_answer_pty(int sock, struct sshbuf *m)
        res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
        if (res == 0)
                goto error;
 -       pty_setowner(authctxt->pw, s->tty);
 +       pty_setowner(authctxt->pw, s->tty, authctxt->role);
 
-        buffer_put_int(m, 1);
+        if ((r = sshbuf_put_u32(m, 1)) != 0 ||
-        buffer_put_cstring(m, s->tty);
+            (r = sshbuf_put_cstring(m, s->tty)) != 0)
 diff --git a/monitor.h b/monitor.h
-index ec41404c7..4c7955d7a 100644
+index 44fbed589..8f65e684d 100644
 --- a/monitor.h
 +++ b/monitor.h
-@@ -68,6 +68,8 @@ enum monitor_reqtype {
+@@ -66,6 +66,8 @@ enum monitor_reqtype {
        MONITOR_REQ_GSSSIGN = 150, MONITOR_ANS_GSSSIGN = 151,
        MONITOR_REQ_GSSUPCREDS = 152, MONITOR_ANS_GSSUPCREDS = 153,
 
@@ -171,10 +177,10 @@ index ec41404c7..4c7955d7a 100644
 
 struct monitor {
 diff --git a/monitor_wrap.c b/monitor_wrap.c
-index e749efc18..7b2d06c65 100644
+index 1865a122a..fd4d7eb3b 100644
 --- a/monitor_wrap.c
 +++ b/monitor_wrap.c
-@@ -331,10 +331,10 @@ mm_auth2_read_banner(void)
+@@ -369,10 +369,10 @@ mm_auth2_read_banner(void)
        return (banner);
 }
 
@@ -185,17 +191,20 @@ index e749efc18..7b2d06c65 100644
 -mm_inform_authserv(char *service, char *style)
 +mm_inform_authserv(char *service, char *style, char *role)
 {
-        Buffer m;
+        struct sshbuf *m;
- 
+        int r;
-@@ -343,12 +343,30 @@ mm_inform_authserv(char *service, char *style)
+@@ -382,7 +382,8 @@ mm_inform_authserv(char *service, char *style)
-        buffer_init(&m);
+        if ((m = sshbuf_new()) == NULL)
-        buffer_put_cstring(&m, service);
+                fatal("%s: sshbuf_new failed", __func__);
-        buffer_put_cstring(&m, style ? style : "");
+        if ((r = sshbuf_put_cstring(m, service)) != 0 ||
-+       buffer_put_cstring(&m, role ? role : "");
+-           (r = sshbuf_put_cstring(m, style ? style : "")) != 0)
- 
+           (r = sshbuf_put_cstring(m, style ? style : "")) != 0 ||
-        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
+           (r = sshbuf_put_cstring(m, role ? role : "")) != 0)
- 
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
-        buffer_free(&m);
+ 
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, m);
+@@ -390,6 +391,26 @@ mm_inform_authserv(char *service, char *style)
+        sshbuf_free(m);
 }
 
 +/* Inform the privileged process about role */
@@ -203,29 +212,32 @@ index e749efc18..7b2d06c65 100644
 +void
 +mm_inform_authrole(char *role)
 +{
-+       Buffer m;
+       struct sshbuf *m;
+       int r;
 +
 +       debug3("%s entering", __func__);
 +
-+       buffer_init(&m);
+       if ((m = sshbuf_new()) == NULL)
-+       buffer_put_cstring(&m, role ? role : "");
+               fatal("%s: sshbuf_new failed", __func__);
+       if ((r = sshbuf_put_cstring(m, role ? role : "")) != 0)
+               fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +
-+       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, &m);
+       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, m);
 +
-+       buffer_free(&m);
+       sshbuf_free(m);
 +}
 +
 /* Do the password authentication */
 int
 mm_auth_password(struct ssh *ssh, char *password)
 diff --git a/monitor_wrap.h b/monitor_wrap.h
-index 0970d1f87..492de5c85 100644
+index 7f93144ff..79e78cc90 100644
 --- a/monitor_wrap.h
 +++ b/monitor_wrap.h
 @@ -43,7 +43,8 @@ int mm_is_monitor(void);
 DH *mm_choose_dh(int, int, int);
- int mm_key_sign(struct sshkey *, u_char **, u_int *, const u_char *, u_int,
+ int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t,
-     const char *);
+     const char *, u_int compat);
 -void mm_inform_authserv(char *, char *);
 +void mm_inform_authserv(char *, char *, char *);
 +void mm_inform_authrole(char *);
@@ -233,23 +245,10 @@ index 0970d1f87..492de5c85 100644
 char *mm_auth2_read_banner(void);
 int mm_auth_password(struct ssh *, char *);
 diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
-index 8c5325cc3..8a3e5c68d 100644
+index 8c5325cc3..9fdda664f 100644
 --- a/openbsd-compat/port-linux.c
 +++ b/openbsd-compat/port-linux.c
-@@ -27,6 +27,12 @@
+@@ -55,7 +55,7 @@ ssh_selinux_enabled(void)
- #include <string.h>
- #include <stdio.h>
- 
-+#ifdef WITH_SELINUX
-+#include "key.h"
-+#include "hostfile.h"
-+#include "auth.h"
-+#endif
-+
- #include "log.h"
- #include "xmalloc.h"
- #include "port-linux.h"
-@@ -55,7 +61,7 @@ ssh_selinux_enabled(void)
 
 /* Return the default security context for the given username */
 static security_context_t
@@ -258,7 +257,7 @@ index 8c5325cc3..8a3e5c68d 100644
 {
        security_context_t sc = NULL;
        char *sename = NULL, *lvl = NULL;
-@@ -70,9 +76,16 @@ ssh_selinux_getctxbyname(char *pwname)
+@@ -70,9 +70,16 @@ ssh_selinux_getctxbyname(char *pwname)
 #endif
 
 #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
@@ -277,7 +276,7 @@ index 8c5325cc3..8a3e5c68d 100644
 #endif
 
        if (r != 0) {
-@@ -102,7 +115,7 @@ ssh_selinux_getctxbyname(char *pwname)
+@@ -102,7 +109,7 @@ ssh_selinux_getctxbyname(char *pwname)
 
 /* Set the execution context to the default for the specified user */
 void
@@ -286,7 +285,7 @@ index 8c5325cc3..8a3e5c68d 100644
 {
        security_context_t user_ctx = NULL;
 
-@@ -111,7 +124,7 @@ ssh_selinux_setup_exec_context(char *pwname)
+@@ -111,7 +118,7 @@ ssh_selinux_setup_exec_context(char *pwname)
 
        debug3("%s: setting execution context", __func__);
 
@@ -295,7 +294,7 @@ index 8c5325cc3..8a3e5c68d 100644
        if (setexeccon(user_ctx) != 0) {
                switch (security_getenforce()) {
                case -1:
-@@ -133,7 +146,7 @@ ssh_selinux_setup_exec_context(char *pwname)
+@@ -133,7 +140,7 @@ ssh_selinux_setup_exec_context(char *pwname)
 
 /* Set the TTY context for the specified user */
 void
@@ -304,7 +303,7 @@ index 8c5325cc3..8a3e5c68d 100644
 {
        security_context_t new_tty_ctx = NULL;
        security_context_t user_ctx = NULL;
-@@ -145,7 +158,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
+@@ -145,7 +152,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
 
        debug3("%s: setting TTY context on %s", __func__, tty);
 
@@ -329,10 +328,10 @@ index 3c22a854d..c88129428 100644
 void ssh_selinux_setfscreatecon(const char *);
 #endif
 diff --git a/platform.c b/platform.c
-index 18c7751de..380ee3a41 100644
+index 41acc9370..35654ea51 100644
 --- a/platform.c
 +++ b/platform.c
-@@ -143,7 +143,7 @@ platform_setusercontext(struct passwd *pw)
+@@ -142,7 +142,7 @@ platform_setusercontext(struct passwd *pw)
  * called if sshd is running as root.
  */
 void
@@ -341,7 +340,7 @@ index 18c7751de..380ee3a41 100644
 {
 #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
        /*
-@@ -184,7 +184,7 @@ platform_setusercontext_post_groups(struct passwd *pw)
+@@ -183,7 +183,7 @@ platform_setusercontext_post_groups(struct passwd *pw)
        }
 #endif /* HAVE_SETPCRED */
 #ifdef WITH_SELINUX
@@ -364,19 +363,19 @@ index ea4f9c584..60d72ffe7 100644
 char *platform_krb5_get_principal_name(const char *);
 int platform_sys_dir_uid(uid_t);
 diff --git a/session.c b/session.c
-index 58826db16..ff301c983 100644
+index f2cf52006..d5d2e94b0 100644
 --- a/session.c
 +++ b/session.c
-@@ -1322,7 +1322,7 @@ safely_chroot(const char *path, uid_t uid)
+@@ -1378,7 +1378,7 @@ safely_chroot(const char *path, uid_t uid)
 
 /* Set login name, uid, gid, and groups. */
 void
 -do_setusercontext(struct passwd *pw)
 +do_setusercontext(struct passwd *pw, const char *role)
 {
-        char *chroot_path, *tmp;
+        char uidstr[32], *chroot_path, *tmp;
 
-@@ -1350,7 +1350,7 @@ do_setusercontext(struct passwd *pw)
+@@ -1406,7 +1406,7 @@ do_setusercontext(struct passwd *pw)
                endgrent();
 #endif
 
@@ -385,7 +384,7 @@ index 58826db16..ff301c983 100644
 
                if (!in_chroot && options.chroot_directory != NULL &&
                    strcasecmp(options.chroot_directory, "none") != 0) {
-@@ -1487,7 +1487,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
+@@ -1545,7 +1545,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
 
        /* Force a password change */
        if (s->authctxt->force_pwchange) {
@@ -394,7 +393,7 @@ index 58826db16..ff301c983 100644
                child_close_fds(ssh);
                do_pwchange(s);
                exit(1);
-@@ -1505,7 +1505,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
+@@ -1563,7 +1563,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
        /* When PAM is enabled we rely on it to do the nologin check */
        if (!options.use_pam)
                do_nologin(pw);
@@ -403,8 +402,8 @@ index 58826db16..ff301c983 100644
        /*
         * PAM session modules in do_setusercontext may have
         * generated messages, so if this in an interactive
-@@ -1897,7 +1897,7 @@ session_pty_req(struct ssh *ssh, Session *s)
+@@ -1953,7 +1953,7 @@ session_pty_req(struct ssh *ssh, Session *s)
-        tty_parse_modes(s->ttyfd, &n_bytes);
+        ssh_tty_parse_modes(ssh, s->ttyfd);
 
        if (!use_privsep)
 -               pty_setowner(s->pw, s->tty);
@@ -426,10 +425,10 @@ index 54dd1f0ca..8535ebcef 100644
 const char     *session_get_remote_name_or_ip(struct ssh *, u_int, int);
 
 diff --git a/sshd.c b/sshd.c
-index 4ed0364f2..6d911c19a 100644
+index 71c360da0..92d15c82d 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -679,7 +679,7 @@ privsep_postauth(Authctxt *authctxt)
+@@ -684,7 +684,7 @@ privsep_postauth(Authctxt *authctxt)
        reseed_prngs();
 
        /* Drop privileges */
author	Colin Watson <cjwatson@debian.org>	2018-08-24 12:49:36 +0100
committer	Colin Watson <cjwatson@debian.org>	2018-08-30 00:57:27 +0100
commit	816386e17654ca36834bebbf351419e460fad8f6 (patch)
tree	3dc79d831cb73bc25b92f5a4d18f8e328c0c570a /debian/patches/selinux-role.patch
parent	3e6f76c7039d3df22b1d0a3a5f30150efb09b69d (diff)
parent	16a47fc4b04977a14f44dd433c8da1499fa80671 (diff)