Handle SELinux authorisation roles

Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2018-08-24 Patch-Name: selinux-role.patch
author: Manoj Srivastava <srivasta@debian.org> 2014-02-09 16:09:49 +0000
committer: Colin Watson <cjwatson@debian.org> 2018-10-20 22:54:09 +0100
commit: cf3f6ac19812e4d32874304b3854b055831c2124 (patch)
tree: a9f141a9525561b4002b0677c109e9a8dd1b293f /session.c
parent: 389e16d0109d8c49a761cd7c267438b05c9ab984 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/session.c b/session.c
index 2d0958d11..19f38637e 100644
--- a/session.c
+++ b/session.c
@@ -1380,7 +1380,7 @@ safely_chroot(const char *path, uid_t uid)
 /* Set login name, uid, gid, and groups. */
 void
-do_setusercontext(struct passwd *pw)
+do_setusercontext(struct passwd *pw, const char *role)
 {
        char uidstr[32], *chroot_path, *tmp;
@@ -1408,7 +1408,7 @@ do_setusercontext(struct passwd *pw)
                endgrent();
 #endif
-                platform_setusercontext_post_groups(pw);
+                platform_setusercontext_post_groups(pw, role);
                if (!in_chroot && options.chroot_directory != NULL &&
                    strcasecmp(options.chroot_directory, "none") != 0) {
@@ -1547,7 +1547,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
        /* Force a password change */
        if (s->authctxt->force_pwchange) {
-                do_setusercontext(pw);
+                do_setusercontext(pw, s->authctxt->role);
                child_close_fds(ssh);
                do_pwchange(s);
                exit(1);
@@ -1565,7 +1565,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
        /* When PAM is enabled we rely on it to do the nologin check */
        if (!options.use_pam)
                do_nologin(pw);
-        do_setusercontext(pw);
+        do_setusercontext(pw, s->authctxt->role);
        /*
         * PAM session modules in do_setusercontext may have
         * generated messages, so if this in an interactive
@@ -1955,7 +1955,7 @@ session_pty_req(struct ssh *ssh, Session *s)
        ssh_tty_parse_modes(ssh, s->ttyfd);
        if (!use_privsep)
-                pty_setowner(s->pw, s->tty);
+                pty_setowner(s->pw, s->tty, s->authctxt->role);
        /* Set window size from the packet. */
        pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
author	Manoj Srivastava <srivasta@debian.org>	2014-02-09 16:09:49 +0000
committer	Colin Watson <cjwatson@debian.org>	2018-10-20 22:54:09 +0100
commit	cf3f6ac19812e4d32874304b3854b055831c2124 (patch)
tree	a9f141a9525561b4002b0677c109e9a8dd1b293f /session.c
parent	389e16d0109d8c49a761cd7c267438b05c9ab984 (diff)

diff --git a/session.c b/session.c index 2d0958d11..19f38637e 100644 --- a/session.c +++ b/session.c
@@ -1380,7 +1380,7 @@ safely_chroot(const char *path, uid_t uid)
1380		1380
1381	/* Set login name, uid, gid, and groups. */	1381	/* Set login name, uid, gid, and groups. */
1382	void	1382	void
1383	do_setusercontext(struct passwd *pw)	1383	do_setusercontext(struct passwd pw, const char role)
1384	{	1384	{
1385	char uidstr[32], chroot_path, tmp;	1385	char uidstr[32], chroot_path, tmp;
1386		1386
@@ -1408,7 +1408,7 @@ do_setusercontext(struct passwd *pw)
1408	endgrent();	1408	endgrent();
1409	#endif	1409	#endif
1410		1410
1411	platform_setusercontext_post_groups(pw);	1411	platform_setusercontext_post_groups(pw, role);
1412		1412
1413	if (!in_chroot && options.chroot_directory != NULL &&	1413	if (!in_chroot && options.chroot_directory != NULL &&
1414	strcasecmp(options.chroot_directory, "none") != 0) {	1414	strcasecmp(options.chroot_directory, "none") != 0) {
@@ -1547,7 +1547,7 @@ do_child(struct ssh ssh, Session s, const char *command)
1547		1547
1548	/* Force a password change */	1548	/* Force a password change */
1549	if (s->authctxt->force_pwchange) {	1549	if (s->authctxt->force_pwchange) {
1550	do_setusercontext(pw);	1550	do_setusercontext(pw, s->authctxt->role);
1551	child_close_fds(ssh);	1551	child_close_fds(ssh);
1552	do_pwchange(s);	1552	do_pwchange(s);
1553	exit(1);	1553	exit(1);
@@ -1565,7 +1565,7 @@ do_child(struct ssh ssh, Session s, const char *command)
1565	/* When PAM is enabled we rely on it to do the nologin check */	1565	/* When PAM is enabled we rely on it to do the nologin check */
1566	if (!options.use_pam)	1566	if (!options.use_pam)
1567	do_nologin(pw);	1567	do_nologin(pw);
1568	do_setusercontext(pw);	1568	do_setusercontext(pw, s->authctxt->role);
1569	/*	1569	/*
1570	* PAM session modules in do_setusercontext may have	1570	* PAM session modules in do_setusercontext may have
1571	* generated messages, so if this in an interactive	1571	* generated messages, so if this in an interactive
@@ -1955,7 +1955,7 @@ session_pty_req(struct ssh ssh, Session s)
1955	ssh_tty_parse_modes(ssh, s->ttyfd);	1955	ssh_tty_parse_modes(ssh, s->ttyfd);
1956		1956
1957	if (!use_privsep)	1957	if (!use_privsep)
1958	pty_setowner(s->pw, s->tty);	1958	pty_setowner(s->pw, s->tty, s->authctxt->role);
1959		1959
1960	/* Set window size from the packet. */	1960	/* Set window size from the packet. */
1961	pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);	1961	pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);