summaryrefslogtreecommitdiff
path: root/monitor_wrap.c
diff options
context:
space:
mode:
authorManoj Srivastava <srivasta@debian.org>2014-02-09 16:09:49 +0000
committerColin Watson <cjwatson@debian.org>2014-02-09 16:17:20 +0000
commit07f2a771c490bd68cd5c5ea9c535705e93bd94f3 (patch)
tree3e2ead17b4c91699c13b0417d46bfd750a04e0b8 /monitor_wrap.c
parent950be7e1b1a01ee9b25e2a72726a6370b8acacb6 (diff)
Handle SELinux authorisation roles
Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2013-09-14 Patch-Name: selinux-role.patch
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r--monitor_wrap.c22
1 files changed, 20 insertions, 2 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 44019f32a..69bc324b5 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -320,10 +320,10 @@ mm_auth2_read_banner(void)
320 return (banner); 320 return (banner);
321} 321}
322 322
323/* Inform the privileged process about service and style */ 323/* Inform the privileged process about service, style, and role */
324 324
325void 325void
326mm_inform_authserv(char *service, char *style) 326mm_inform_authserv(char *service, char *style, char *role)
327{ 327{
328 Buffer m; 328 Buffer m;
329 329
@@ -332,12 +332,30 @@ mm_inform_authserv(char *service, char *style)
332 buffer_init(&m); 332 buffer_init(&m);
333 buffer_put_cstring(&m, service); 333 buffer_put_cstring(&m, service);
334 buffer_put_cstring(&m, style ? style : ""); 334 buffer_put_cstring(&m, style ? style : "");
335 buffer_put_cstring(&m, role ? role : "");
335 336
336 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m); 337 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
337 338
338 buffer_free(&m); 339 buffer_free(&m);
339} 340}
340 341
342/* Inform the privileged process about role */
343
344void
345mm_inform_authrole(char *role)
346{
347 Buffer m;
348
349 debug3("%s entering", __func__);
350
351 buffer_init(&m);
352 buffer_put_cstring(&m, role ? role : "");
353
354 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, &m);
355
356 buffer_free(&m);
357}
358
341/* Do the password authentication */ 359/* Do the password authentication */
342int 360int
343mm_auth_password(Authctxt *authctxt, char *password) 361mm_auth_password(Authctxt *authctxt, char *password)