summaryrefslogtreecommitdiff
path: root/monitor_wrap.c
diff options
context:
space:
mode:
authorManoj Srivastava <srivasta@debian.org>2014-02-09 16:09:49 +0000
committerColin Watson <cjwatson@debian.org>2017-03-29 01:38:38 +0100
commite5d3ea2ca423a54b1d53d45252cb7173a15600eb (patch)
treef62cc47e5d58909724339ee922845c3c2b881cd6 /monitor_wrap.c
parent9d91ede3c03c99b6584038aa07d095d7c277ad3a (diff)
Handle SELinux authorisation roles
Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2015-08-19 Patch-Name: selinux-role.patch
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r--monitor_wrap.c22
1 files changed, 20 insertions, 2 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index d5cb640af..2ff8064a0 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -327,10 +327,10 @@ mm_auth2_read_banner(void)
327 return (banner); 327 return (banner);
328} 328}
329 329
330/* Inform the privileged process about service and style */ 330/* Inform the privileged process about service, style, and role */
331 331
332void 332void
333mm_inform_authserv(char *service, char *style) 333mm_inform_authserv(char *service, char *style, char *role)
334{ 334{
335 Buffer m; 335 Buffer m;
336 336
@@ -339,12 +339,30 @@ mm_inform_authserv(char *service, char *style)
339 buffer_init(&m); 339 buffer_init(&m);
340 buffer_put_cstring(&m, service); 340 buffer_put_cstring(&m, service);
341 buffer_put_cstring(&m, style ? style : ""); 341 buffer_put_cstring(&m, style ? style : "");
342 buffer_put_cstring(&m, role ? role : "");
342 343
343 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m); 344 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
344 345
345 buffer_free(&m); 346 buffer_free(&m);
346} 347}
347 348
349/* Inform the privileged process about role */
350
351void
352mm_inform_authrole(char *role)
353{
354 Buffer m;
355
356 debug3("%s entering", __func__);
357
358 buffer_init(&m);
359 buffer_put_cstring(&m, role ? role : "");
360
361 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, &m);
362
363 buffer_free(&m);
364}
365
348/* Do the password authentication */ 366/* Do the password authentication */
349int 367int
350mm_auth_password(Authctxt *authctxt, char *password) 368mm_auth_password(Authctxt *authctxt, char *password)