diff options
author | Manoj Srivastava <srivasta@debian.org> | 2014-02-09 16:09:49 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2017-03-29 01:38:38 +0100 |
commit | e5d3ea2ca423a54b1d53d45252cb7173a15600eb (patch) | |
tree | f62cc47e5d58909724339ee922845c3c2b881cd6 /monitor_wrap.c | |
parent | 9d91ede3c03c99b6584038aa07d095d7c277ad3a (diff) |
Handle SELinux authorisation roles
Rejected upstream due to discomfort with magic usernames; a better approach
will need an SSH protocol change. In the meantime, this came from Debian's
SELinux maintainer, so we'll keep it until we have something better.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Bug-Debian: http://bugs.debian.org/394795
Last-Update: 2015-08-19
Patch-Name: selinux-role.patch
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r-- | monitor_wrap.c | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c index d5cb640af..2ff8064a0 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -327,10 +327,10 @@ mm_auth2_read_banner(void) | |||
327 | return (banner); | 327 | return (banner); |
328 | } | 328 | } |
329 | 329 | ||
330 | /* Inform the privileged process about service and style */ | 330 | /* Inform the privileged process about service, style, and role */ |
331 | 331 | ||
332 | void | 332 | void |
333 | mm_inform_authserv(char *service, char *style) | 333 | mm_inform_authserv(char *service, char *style, char *role) |
334 | { | 334 | { |
335 | Buffer m; | 335 | Buffer m; |
336 | 336 | ||
@@ -339,12 +339,30 @@ mm_inform_authserv(char *service, char *style) | |||
339 | buffer_init(&m); | 339 | buffer_init(&m); |
340 | buffer_put_cstring(&m, service); | 340 | buffer_put_cstring(&m, service); |
341 | buffer_put_cstring(&m, style ? style : ""); | 341 | buffer_put_cstring(&m, style ? style : ""); |
342 | buffer_put_cstring(&m, role ? role : ""); | ||
342 | 343 | ||
343 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m); | 344 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m); |
344 | 345 | ||
345 | buffer_free(&m); | 346 | buffer_free(&m); |
346 | } | 347 | } |
347 | 348 | ||
349 | /* Inform the privileged process about role */ | ||
350 | |||
351 | void | ||
352 | mm_inform_authrole(char *role) | ||
353 | { | ||
354 | Buffer m; | ||
355 | |||
356 | debug3("%s entering", __func__); | ||
357 | |||
358 | buffer_init(&m); | ||
359 | buffer_put_cstring(&m, role ? role : ""); | ||
360 | |||
361 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, &m); | ||
362 | |||
363 | buffer_free(&m); | ||
364 | } | ||
365 | |||
348 | /* Do the password authentication */ | 366 | /* Do the password authentication */ |
349 | int | 367 | int |
350 | mm_auth_password(Authctxt *authctxt, char *password) | 368 | mm_auth_password(Authctxt *authctxt, char *password) |