summaryrefslogtreecommitdiff
path: root/monitor_wrap.c
diff options
context:
space:
mode:
authorManoj Srivastava <srivasta@debian.org>2014-02-09 16:09:49 +0000
committerColin Watson <cjwatson@debian.org>2014-10-07 14:26:47 +0100
commitc9638aa44d787849cea1ae273f0908c6313fd19b (patch)
tree6b8681822821aad0dcc92575411f0e6fdfb994bf /monitor_wrap.c
parentb25d6dd3b6b5a2cb93723586c56d6fa0277ea56a (diff)
Handle SELinux authorisation roles
Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2013-09-14 Patch-Name: selinux-role.patch
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r--monitor_wrap.c22
1 files changed, 20 insertions, 2 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index e476f0dbc..6dc890a77 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -324,10 +324,10 @@ mm_auth2_read_banner(void)
324 return (banner); 324 return (banner);
325} 325}
326 326
327/* Inform the privileged process about service and style */ 327/* Inform the privileged process about service, style, and role */
328 328
329void 329void
330mm_inform_authserv(char *service, char *style) 330mm_inform_authserv(char *service, char *style, char *role)
331{ 331{
332 Buffer m; 332 Buffer m;
333 333
@@ -336,12 +336,30 @@ mm_inform_authserv(char *service, char *style)
336 buffer_init(&m); 336 buffer_init(&m);
337 buffer_put_cstring(&m, service); 337 buffer_put_cstring(&m, service);
338 buffer_put_cstring(&m, style ? style : ""); 338 buffer_put_cstring(&m, style ? style : "");
339 buffer_put_cstring(&m, role ? role : "");
339 340
340 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m); 341 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
341 342
342 buffer_free(&m); 343 buffer_free(&m);
343} 344}
344 345
346/* Inform the privileged process about role */
347
348void
349mm_inform_authrole(char *role)
350{
351 Buffer m;
352
353 debug3("%s entering", __func__);
354
355 buffer_init(&m);
356 buffer_put_cstring(&m, role ? role : "");
357
358 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, &m);
359
360 buffer_free(&m);
361}
362
345/* Do the password authentication */ 363/* Do the password authentication */
346int 364int
347mm_auth_password(Authctxt *authctxt, char *password) 365mm_auth_password(Authctxt *authctxt, char *password)