* New upstream release (LP: #535029).

  - After a transition period of about 10 years, this release disables SSH
    protocol 1 by default.  Clients and servers that need to use the
    legacy protocol must explicitly enable it in ssh_config / sshd_config
    or on the command-line.
  - Remove the libsectok/OpenSC-based smartcard code and add support for
    PKCS#11 tokens.  This support is enabled by default in the Debian
    packaging, since it now doesn't involve additional library
    dependencies (closes: #231472, LP: #16918).
  - Add support for certificate authentication of users and hosts using a
    new, minimal OpenSSH certificate format (closes: #482806).
  - Added a 'netcat mode' to ssh(1): "ssh -W host:port ...".
  - Add the ability to revoke keys in sshd(8) and ssh(1).  (For the Debian
    package, this overlaps with the key blacklisting facility added in
    openssh 1:4.7p1-9, but with different file formats and slightly
    different scopes; for the moment, I've roughly merged the two.)
  - Various multiplexing improvements, including support for requesting
    port-forwardings via the multiplex protocol (closes: #360151).
  - Allow setting an explicit umask on the sftp-server(8) commandline to
    override whatever default the user has (closes: #496843).
  - Many sftp client improvements, including tab-completion, more options,
    and recursive transfer support for get/put (LP: #33378).  The old
    mget/mput commands never worked properly and have been removed
    (closes: #270399, #428082).
  - Do not prompt for a passphrase if we fail to open a keyfile, and log
    the reason why the open failed to debug (closes: #431538).
  - Prevent sftp from crashing when given a "-" without a command.  Also,
    allow whitespace to follow a "-" (closes: #531561).

1 files changed, 91 insertions, 49 deletions

diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 9cb58e369..c0ac9065e 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -1,4 +1,4 @@
-/* $Id: port-linux.c,v 1.5 2008/03/26 20:27:21 dtucker Exp $ */
+/* $Id: port-linux.c,v 1.8 2010/03/01 04:52:50 dtucker Exp $ */
 
 /*
  * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@@ -18,33 +18,28 @@
  */
 
 /*
- * Linux-specific portability code
+ * Linux-specific portability code - just SELinux support at present
  */
 
 #include "includes.h"
 
+#if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST)
 #include <errno.h>
 #include <stdarg.h>
 #include <string.h>
-
-#ifdef OOM_ADJUST
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <unistd.h>
-#endif
-
-#include "log.h"
+#include <stdio.h>
 
 #ifdef WITH_SELINUX
 #include "key.h"
 #include "hostfile.h"
 #include "auth.h"
-#ifdef HAVE_GETSEUSERBYNAME
-#include "xmalloc.h"
 #endif
+
+#include "log.h"
+#include "xmalloc.h"
 #include "port-linux.h"
 
+#ifdef WITH_SELINUX
 #include <selinux/selinux.h>
 #include <selinux/flask.h>
 #include <selinux/get_context_list.h>
@@ -193,48 +188,95 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
                 freecon(user_ctx);
         debug3("%s: done", __func__);
 }
-#endif /* WITH_SELINUX */
 
-#ifdef OOM_ADJUST
-/* Get the out-of-memory adjustment file for the current process */
-static int
-oom_adj_open(int oflag)
+void
+ssh_selinux_change_context(const char *newname)
 {
-        int fd = open("/proc/self/oom_adj", oflag);
-        if (fd < 0)
-                logit("error opening /proc/self/oom_adj: %s", strerror(errno));
-        return fd;
+        int len, newlen;
+        char *oldctx, *newctx, *cx;
+
+        if (!ssh_selinux_enabled())
+                return;
+
+        if (getcon((security_context_t *)&oldctx) < 0) {
+                logit("%s: getcon failed with %s", __func__, strerror (errno));
+                return;
+        }
+        if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) ==
+            NULL) {
+                logit ("%s: unparseable context %s", __func__, oldctx);
+                return;
+        }
+
+        newlen = strlen(oldctx) + strlen(newname) + 1;
+        newctx = xmalloc(newlen);
+        len = cx - oldctx + 1;
+        memcpy(newctx, oldctx, len);
+        strlcpy(newctx + len, newname, newlen - len);
+        if ((cx = index(cx + 1, ':')))
+                strlcat(newctx, cx, newlen);
+        debug3("%s: setting context from '%s' to '%s'", __func__, oldctx,
+            newctx);
+        if (setcon(newctx) < 0)
+                logit("%s: setcon failed with %s", __func__, strerror (errno));
+        xfree(oldctx);
+        xfree(newctx);
 }
+#endif /* WITH_SELINUX */
 
-/* Get the current OOM adjustment */
-int
-oom_adj_get(char *buf, size_t maxlen)
+#ifdef LINUX_OOM_ADJUST
+#define OOM_ADJ_PATH    "/proc/self/oom_adj"
+/*
+ * The magic "don't kill me", as documented in eg:
+ * http://lxr.linux.no/#linux+v2.6.32/Documentation/filesystems/proc.txt
+ */
+#define OOM_ADJ_NOKILL  -17
+
+static int oom_adj_save = INT_MIN;
+
+/*
+ * Tell the kernel's out-of-memory killer to avoid sshd.
+ * Returns the previous oom_adj value or zero.
+ */
+void
+oom_adjust_setup(void)
 {
-        ssize_t n;
-        int fd = oom_adj_open(O_RDONLY);
-        if (fd < 0)
-                return -1;
-        n = read(fd, buf, maxlen);
-        if (n < 0)
-                logit("error reading /proc/self/oom_adj: %s", strerror(errno));
-        else
-                buf[n] = '\0';
-        close(fd);
-        return n < 0 ? -1 : 0;
+        FILE *fp;
+
+        debug3("%s", __func__);
+        if ((fp = fopen(OOM_ADJ_PATH, "r+")) != NULL) {
+                if (fscanf(fp, "%d", &oom_adj_save) != 1)
+                        verbose("error reading %s: %s", OOM_ADJ_PATH, strerror(errno));
+                else {
+                        rewind(fp);
+                        if (fprintf(fp, "%d\n", OOM_ADJ_NOKILL) <= 0)
+                                verbose("error writing %s: %s",
+                                    OOM_ADJ_PATH, strerror(errno));
+                        else
+                                verbose("Set %s from %d to %d",
+                                    OOM_ADJ_PATH, oom_adj_save, OOM_ADJ_NOKILL);
+                }
+                fclose(fp);
+        }
 }
 
-/* Set the current OOM adjustment */
-int
-oom_adj_set(const char *buf)
+/* Restore the saved OOM adjustment */
+void
+oom_adjust_restore(void)
 {
-        ssize_t n;
-        int fd = oom_adj_open(O_WRONLY);
-        if (fd < 0)
-                return -1;
-        n = write(fd, buf, strlen(buf));
-        if (n < 0)
-                logit("error writing /proc/self/oom_adj: %s", strerror(errno));
-        close(fd);
-        return n < 0 ? -1 : 0;
+        FILE *fp;
+
+        debug3("%s", __func__);
+        if (oom_adj_save == INT_MIN || (fp = fopen(OOM_ADJ_PATH, "w")) == NULL)
+                return;
+
+        if (fprintf(fp, "%d\n", oom_adj_save) <= 0)
+                verbose("error writing %s: %s", OOM_ADJ_PATH, strerror(errno));
+        else
+                verbose("Set %s to %d", OOM_ADJ_PATH, oom_adj_save);
+
+        fclose(fp);
+        return;
 }
-#endif
+#endif /* LINUX_OOM_ADJUST */
+#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */