diff options
author | Manoj Srivastava <srivasta@debian.org> | 2014-02-09 16:09:49 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2018-08-24 17:49:07 +0100 |
commit | 03979f2e0768e146d179c66f2d2e33afe61c1be3 (patch) | |
tree | 624add62ece0fb72400966a483aa5af060fb0a77 /monitor.c | |
parent | 84a7a1b1c767056c80add9f0e15c9f9ec23ec94d (diff) |
Handle SELinux authorisation roles
Rejected upstream due to discomfort with magic usernames; a better approach
will need an SSH protocol change. In the meantime, this came from Debian's
SELinux maintainer, so we'll keep it until we have something better.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Bug-Debian: http://bugs.debian.org/394795
Last-Update: 2018-08-24
Patch-Name: selinux-role.patch
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 37 |
1 files changed, 33 insertions, 4 deletions
@@ -115,6 +115,7 @@ int mm_answer_sign(int, struct sshbuf *); | |||
115 | int mm_answer_pwnamallow(int, struct sshbuf *); | 115 | int mm_answer_pwnamallow(int, struct sshbuf *); |
116 | int mm_answer_auth2_read_banner(int, struct sshbuf *); | 116 | int mm_answer_auth2_read_banner(int, struct sshbuf *); |
117 | int mm_answer_authserv(int, struct sshbuf *); | 117 | int mm_answer_authserv(int, struct sshbuf *); |
118 | int mm_answer_authrole(int, struct sshbuf *); | ||
118 | int mm_answer_authpassword(int, struct sshbuf *); | 119 | int mm_answer_authpassword(int, struct sshbuf *); |
119 | int mm_answer_bsdauthquery(int, struct sshbuf *); | 120 | int mm_answer_bsdauthquery(int, struct sshbuf *); |
120 | int mm_answer_bsdauthrespond(int, struct sshbuf *); | 121 | int mm_answer_bsdauthrespond(int, struct sshbuf *); |
@@ -191,6 +192,7 @@ struct mon_table mon_dispatch_proto20[] = { | |||
191 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, | 192 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, |
192 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | 193 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
193 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, | 194 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, |
195 | {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole}, | ||
194 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, | 196 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, |
195 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | 197 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
196 | #ifdef USE_PAM | 198 | #ifdef USE_PAM |
@@ -813,6 +815,7 @@ mm_answer_pwnamallow(int sock, struct sshbuf *m) | |||
813 | 815 | ||
814 | /* Allow service/style information on the auth context */ | 816 | /* Allow service/style information on the auth context */ |
815 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); | 817 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); |
818 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1); | ||
816 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); | 819 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); |
817 | 820 | ||
818 | #ifdef USE_PAM | 821 | #ifdef USE_PAM |
@@ -846,16 +849,42 @@ mm_answer_authserv(int sock, struct sshbuf *m) | |||
846 | monitor_permit_authentications(1); | 849 | monitor_permit_authentications(1); |
847 | 850 | ||
848 | if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 || | 851 | if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 || |
849 | (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0) | 852 | (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0 || |
853 | (r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0) | ||
850 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 854 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
851 | debug3("%s: service=%s, style=%s", | 855 | debug3("%s: service=%s, style=%s, role=%s", |
852 | __func__, authctxt->service, authctxt->style); | 856 | __func__, authctxt->service, authctxt->style, authctxt->role); |
853 | 857 | ||
854 | if (strlen(authctxt->style) == 0) { | 858 | if (strlen(authctxt->style) == 0) { |
855 | free(authctxt->style); | 859 | free(authctxt->style); |
856 | authctxt->style = NULL; | 860 | authctxt->style = NULL; |
857 | } | 861 | } |
858 | 862 | ||
863 | if (strlen(authctxt->role) == 0) { | ||
864 | free(authctxt->role); | ||
865 | authctxt->role = NULL; | ||
866 | } | ||
867 | |||
868 | return (0); | ||
869 | } | ||
870 | |||
871 | int | ||
872 | mm_answer_authrole(int sock, struct sshbuf *m) | ||
873 | { | ||
874 | int r; | ||
875 | |||
876 | monitor_permit_authentications(1); | ||
877 | |||
878 | if ((r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0) | ||
879 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
880 | debug3("%s: role=%s", | ||
881 | __func__, authctxt->role); | ||
882 | |||
883 | if (strlen(authctxt->role) == 0) { | ||
884 | free(authctxt->role); | ||
885 | authctxt->role = NULL; | ||
886 | } | ||
887 | |||
859 | return (0); | 888 | return (0); |
860 | } | 889 | } |
861 | 890 | ||
@@ -1497,7 +1526,7 @@ mm_answer_pty(int sock, struct sshbuf *m) | |||
1497 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); | 1526 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); |
1498 | if (res == 0) | 1527 | if (res == 0) |
1499 | goto error; | 1528 | goto error; |
1500 | pty_setowner(authctxt->pw, s->tty); | 1529 | pty_setowner(authctxt->pw, s->tty, authctxt->role); |
1501 | 1530 | ||
1502 | if ((r = sshbuf_put_u32(m, 1)) != 0 || | 1531 | if ((r = sshbuf_put_u32(m, 1)) != 0 || |
1503 | (r = sshbuf_put_cstring(m, s->tty)) != 0) | 1532 | (r = sshbuf_put_cstring(m, s->tty)) != 0) |