1 files changed, 98 insertions, 73 deletions
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index f3376c20a..8aa8f614e 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -1,17 +1,41 @@
-Description: Handle SELinux authorisation roles
+From 07f2a771c490bd68cd5c5ea9c535705e93bd94f3 Mon Sep 17 00:00:00 2001
- Rejected upstream due to discomfort with magic usernames; a better approach
+From: Manoj Srivastava <srivasta@debian.org>
- will need an SSH protocol change.  In the meantime, this came from Debian's
+Date: Sun, 9 Feb 2014 16:09:49 +0000
- SELinux maintainer, so we'll keep it until we have something better.
+Subject: Handle SELinux authorisation roles
-Author: Manoj Srivastava <srivasta@debian.org>
+Rejected upstream due to discomfort with magic usernames; a better approach
+will need an SSH protocol change.  In the meantime, this came from Debian's
+SELinux maintainer, so we'll keep it until we have something better.
 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
 Bug-Debian: http://bugs.debian.org/394795
 Last-Update: 2013-09-14
-Index: b/auth.h
+Patch-Name: selinux-role.patch
-===================================================================
+---
+ auth.h                      |  1 +
+ auth1.c                     |  8 +++++++-
+ auth2.c                     | 10 ++++++++--
+ monitor.c                   | 32 +++++++++++++++++++++++++++++---
+ monitor.h                   |  2 ++
+ monitor_wrap.c              | 22 ++++++++++++++++++++--
+ monitor_wrap.h              |  3 ++-
+ openbsd-compat/port-linux.c | 27 ++++++++++++++++++++-------
+ openbsd-compat/port-linux.h |  4 ++--
+ platform.c                  |  4 ++--
+ platform.h                  |  2 +-
+ session.c                   | 10 +++++-----
+ session.h                   |  2 +-
+ sshd.c                      |  2 +-
+ sshpty.c                    |  4 ++--
+ sshpty.h                    |  2 +-
+ 16 files changed, 104 insertions(+), 31 deletions(-)
+diff --git a/auth.h b/auth.h
+index 80f0898..5b6824f 100644
 --- a/auth.h
 +++ b/auth.h
-@@ -59,6 +59,7 @@
+@@ -59,6 +59,7 @@ struct Authctxt {
        char            *service;
        struct passwd   *pw;            /* set if 'valid' */
        char            *style;
@@ -19,11 +43,11 @@ Index: b/auth.h
        void            *kbdintctxt;
        char            *info;          /* Extra info for next auth_log */
        void            *jpake_ctx;
-Index: b/auth1.c
+diff --git a/auth1.c b/auth1.c
-===================================================================
+index f1ac598..2803a3c 100644
 --- a/auth1.c
 +++ b/auth1.c
-@@ -380,7 +380,7 @@
+@@ -380,7 +380,7 @@ void
 do_authentication(Authctxt *authctxt)
 {
        u_int ulen;
@@ -32,7 +56,7 @@ Index: b/auth1.c
 
        /* Get the name of the user that we wish to log in as. */
        packet_read_expect(SSH_CMSG_USER);
-@@ -389,11 +389,17 @@
+@@ -389,11 +389,17 @@ do_authentication(Authctxt *authctxt)
        user = packet_get_cstring(&ulen);
        packet_check_eom();
 
@@ -50,11 +74,11 @@ Index: b/auth1.c
 
        /* Verify that the user is a valid user. */
        if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
-Index: b/auth2.c
+diff --git a/auth2.c b/auth2.c
-===================================================================
+index 6ed8f04..b55bbcd 100644
 --- a/auth2.c
 +++ b/auth2.c
-@@ -222,7 +222,7 @@
+@@ -222,7 +222,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 {
        Authctxt *authctxt = ctxt;
        Authmethod *m = NULL;
@@ -63,7 +87,7 @@ Index: b/auth2.c
        int authenticated = 0;
 
        if (authctxt == NULL)
-@@ -234,8 +234,13 @@
+@@ -234,8 +234,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
        debug("userauth-request for user %s service %s method %s", user, service, method);
        debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
 
@@ -77,7 +101,7 @@ Index: b/auth2.c
 
        if (authctxt->attempt++ == 0) {
                /* setup auth context */
-@@ -259,8 +264,9 @@
+@@ -259,8 +264,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
                    use_privsep ? " [net]" : "");
                authctxt->service = xstrdup(service);
                authctxt->style = style ? xstrdup(style) : NULL;
@@ -88,11 +112,11 @@ Index: b/auth2.c
                userauth_banner();
                if (auth2_setup_methods_lists(authctxt) != 0)
                        packet_disconnect("no authentication methods enabled");
-Index: b/monitor.c
+diff --git a/monitor.c b/monitor.c
-===================================================================
+index 9079c97..e8d63eb 100644
 --- a/monitor.c
 +++ b/monitor.c
-@@ -146,6 +146,7 @@
+@@ -146,6 +146,7 @@ int mm_answer_sign(int, Buffer *);
 int mm_answer_pwnamallow(int, Buffer *);
 int mm_answer_auth2_read_banner(int, Buffer *);
 int mm_answer_authserv(int, Buffer *);
@@ -100,7 +124,7 @@ Index: b/monitor.c
 int mm_answer_authpassword(int, Buffer *);
 int mm_answer_bsdauthquery(int, Buffer *);
 int mm_answer_bsdauthrespond(int, Buffer *);
-@@ -227,6 +228,7 @@
+@@ -227,6 +228,7 @@ struct mon_table mon_dispatch_proto20[] = {
     {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
     {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -108,7 +132,7 @@ Index: b/monitor.c
     {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
     {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
 #ifdef USE_PAM
-@@ -844,6 +846,7 @@
+@@ -844,6 +846,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
        else {
                /* Allow service/style information on the auth context */
                monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@@ -116,7 +140,7 @@ Index: b/monitor.c
                monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
        }
 #ifdef USE_PAM
-@@ -874,14 +877,37 @@
+@@ -874,14 +877,37 @@ mm_answer_authserv(int sock, Buffer *m)
 
        authctxt->service = buffer_get_string(m, NULL);
        authctxt->style = buffer_get_string(m, NULL);
@@ -156,7 +180,7 @@ Index: b/monitor.c
        return (0);
 }
 
-@@ -1486,7 +1512,7 @@
+@@ -1486,7 +1512,7 @@ mm_answer_pty(int sock, Buffer *m)
        res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
        if (res == 0)
                goto error;
@@ -165,11 +189,11 @@ Index: b/monitor.c
 
        buffer_put_int(m, 1);
        buffer_put_cstring(m, s->tty);
-Index: b/monitor.h
+diff --git a/monitor.h b/monitor.h
-===================================================================
+index 315ef99..3c13706 100644
 --- a/monitor.h
 +++ b/monitor.h
-@@ -73,6 +73,8 @@
+@@ -73,6 +73,8 @@ enum monitor_reqtype {
        MONITOR_REQ_GSSSIGN = 150, MONITOR_ANS_GSSSIGN = 151,
        MONITOR_REQ_GSSUPCREDS = 152, MONITOR_ANS_GSSUPCREDS = 153,
 
@@ -178,11 +202,11 @@ Index: b/monitor.h
 };
 
 struct mm_master;
-Index: b/monitor_wrap.c
+diff --git a/monitor_wrap.c b/monitor_wrap.c
-===================================================================
+index 44019f3..69bc324 100644
 --- a/monitor_wrap.c
 +++ b/monitor_wrap.c
-@@ -320,10 +320,10 @@
+@@ -320,10 +320,10 @@ mm_auth2_read_banner(void)
        return (banner);
 }
 
@@ -195,7 +219,7 @@ Index: b/monitor_wrap.c
 {
        Buffer m;
 
-@@ -332,11 +332,29 @@
+@@ -332,12 +332,30 @@ mm_inform_authserv(char *service, char *style)
        buffer_init(&m);
        buffer_put_cstring(&m, service);
        buffer_put_cstring(&m, style ? style : "");
@@ -205,7 +229,7 @@ Index: b/monitor_wrap.c
 
        buffer_free(&m);
 }
-+
+ 
 +/* Inform the privileged process about role */
 +
 +void
@@ -222,14 +246,15 @@ Index: b/monitor_wrap.c
 +
 +       buffer_free(&m);
 +}
- 
+
 /* Do the password authentication */
 int
-Index: b/monitor_wrap.h
+ mm_auth_password(Authctxt *authctxt, char *password)
-===================================================================
+diff --git a/monitor_wrap.h b/monitor_wrap.h
+index ec9b9b1..4d12e29 100644
 --- a/monitor_wrap.h
 +++ b/monitor_wrap.h
-@@ -41,7 +41,8 @@
+@@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char *, void *);
 int mm_is_monitor(void);
 DH *mm_choose_dh(int, int, int);
 int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);
@@ -239,8 +264,8 @@ Index: b/monitor_wrap.h
 struct passwd *mm_getpwnamallow(const char *);
 char *mm_auth2_read_banner(void);
 int mm_auth_password(struct Authctxt *, char *);
-Index: b/openbsd-compat/port-linux.c
+diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
-===================================================================
+index 4637a7a..de6ad3f 100644
 --- a/openbsd-compat/port-linux.c
 +++ b/openbsd-compat/port-linux.c
 @@ -29,6 +29,12 @@
@@ -256,7 +281,7 @@ Index: b/openbsd-compat/port-linux.c
 #include "log.h"
 #include "xmalloc.h"
 #include "port-linux.h"
-@@ -58,7 +64,7 @@
+@@ -58,7 +64,7 @@ ssh_selinux_enabled(void)
 
 /* Return the default security context for the given username */
 static security_context_t
@@ -265,7 +290,7 @@ Index: b/openbsd-compat/port-linux.c
 {
        security_context_t sc = NULL;
        char *sename = NULL, *lvl = NULL;
-@@ -73,9 +79,16 @@
+@@ -73,9 +79,16 @@ ssh_selinux_getctxbyname(char *pwname)
 #endif
 
 #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
@@ -284,7 +309,7 @@ Index: b/openbsd-compat/port-linux.c
 #endif
 
        if (r != 0) {
-@@ -105,7 +118,7 @@
+@@ -105,7 +118,7 @@ ssh_selinux_getctxbyname(char *pwname)
 
 /* Set the execution context to the default for the specified user */
 void
@@ -293,7 +318,7 @@ Index: b/openbsd-compat/port-linux.c
 {
        security_context_t user_ctx = NULL;
 
-@@ -114,7 +127,7 @@
+@@ -114,7 +127,7 @@ ssh_selinux_setup_exec_context(char *pwname)
 
        debug3("%s: setting execution context", __func__);
 
@@ -302,7 +327,7 @@ Index: b/openbsd-compat/port-linux.c
        if (setexeccon(user_ctx) != 0) {
                switch (security_getenforce()) {
                case -1:
-@@ -136,7 +149,7 @@
+@@ -136,7 +149,7 @@ ssh_selinux_setup_exec_context(char *pwname)
 
 /* Set the TTY context for the specified user */
 void
@@ -311,7 +336,7 @@ Index: b/openbsd-compat/port-linux.c
 {
        security_context_t new_tty_ctx = NULL;
        security_context_t user_ctx = NULL;
-@@ -147,7 +160,7 @@
+@@ -147,7 +160,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
 
        debug3("%s: setting TTY context on %s", __func__, tty);
 
@@ -320,8 +345,8 @@ Index: b/openbsd-compat/port-linux.c
 
        /* XXX: should these calls fatal() upon failure in enforcing mode? */
 
-Index: b/openbsd-compat/port-linux.h
+diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
-===================================================================
+index e3d1004..80ce13a 100644
 --- a/openbsd-compat/port-linux.h
 +++ b/openbsd-compat/port-linux.h
 @@ -21,8 +21,8 @@
@@ -335,11 +360,11 @@ Index: b/openbsd-compat/port-linux.h
 void ssh_selinux_change_context(const char *);
 void ssh_selinux_setfscreatecon(const char *);
 #endif
-Index: b/platform.c
+diff --git a/platform.c b/platform.c
-===================================================================
+index 3262b24..a962f15 100644
 --- a/platform.c
 +++ b/platform.c
-@@ -134,7 +134,7 @@
+@@ -134,7 +134,7 @@ platform_setusercontext(struct passwd *pw)
  * called if sshd is running as root.
  */
 void
@@ -348,7 +373,7 @@ Index: b/platform.c
 {
 #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
        /*
-@@ -181,7 +181,7 @@
+@@ -181,7 +181,7 @@ platform_setusercontext_post_groups(struct passwd *pw)
        }
 #endif /* HAVE_SETPCRED */
 #ifdef WITH_SELINUX
@@ -357,11 +382,11 @@ Index: b/platform.c
 #endif
 }
 
-Index: b/platform.h
+diff --git a/platform.h b/platform.h
-===================================================================
+index 19f6bfd..3188a3d 100644
 --- a/platform.h
 +++ b/platform.h
-@@ -26,7 +26,7 @@
+@@ -26,7 +26,7 @@ void platform_post_fork_parent(pid_t child_pid);
 void platform_post_fork_child(void);
 int  platform_privileged_uidswap(void);
 void platform_setusercontext(struct passwd *);
@@ -370,11 +395,11 @@ Index: b/platform.h
 char *platform_get_krb5_client(const char *);
 char *platform_krb5_get_principal_name(const char *);
 int platform_sys_dir_uid(uid_t);
-Index: b/session.c
+diff --git a/session.c b/session.c
-===================================================================
+index d4b57bd..b4d74d9 100644
 --- a/session.c
 +++ b/session.c
-@@ -1474,7 +1474,7 @@
+@@ -1474,7 +1474,7 @@ safely_chroot(const char *path, uid_t uid)
 
 /* Set login name, uid, gid, and groups. */
 void
@@ -383,7 +408,7 @@ Index: b/session.c
 {
        char *chroot_path, *tmp;
 
-@@ -1502,7 +1502,7 @@
+@@ -1502,7 +1502,7 @@ do_setusercontext(struct passwd *pw)
                endgrent();
 #endif
 
@@ -392,7 +417,7 @@ Index: b/session.c
 
                if (options.chroot_directory != NULL &&
                    strcasecmp(options.chroot_directory, "none") != 0) {
-@@ -1646,7 +1646,7 @@
+@@ -1646,7 +1646,7 @@ do_child(Session *s, const char *command)
 
        /* Force a password change */
        if (s->authctxt->force_pwchange) {
@@ -401,7 +426,7 @@ Index: b/session.c
                child_close_fds();
                do_pwchange(s);
                exit(1);
-@@ -1673,7 +1673,7 @@
+@@ -1673,7 +1673,7 @@ do_child(Session *s, const char *command)
                /* When PAM is enabled we rely on it to do the nologin check */
                if (!options.use_pam)
                        do_nologin(pw);
@@ -410,7 +435,7 @@ Index: b/session.c
                /*
                 * PAM session modules in do_setusercontext may have
                 * generated messages, so if this in an interactive
-@@ -2084,7 +2084,7 @@
+@@ -2084,7 +2084,7 @@ session_pty_req(Session *s)
        tty_parse_modes(s->ttyfd, &n_bytes);
 
        if (!use_privsep)
@@ -419,11 +444,11 @@ Index: b/session.c
 
        /* Set window size from the packet. */
        pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
-Index: b/session.h
+diff --git a/session.h b/session.h
-===================================================================
+index cbb8e3a..cb4f196 100644
 --- a/session.h
 +++ b/session.h
-@@ -76,7 +76,7 @@
+@@ -76,7 +76,7 @@ void   session_pty_cleanup2(Session *);
 Session        *session_new(void);
 Session        *session_by_tty(char *);
 void    session_close(Session *);
@@ -432,11 +457,11 @@ Index: b/session.h
 void    child_set_env(char ***envp, u_int *envsizep, const char *name,
                       const char *value);
 
-Index: b/sshd.c
+diff --git a/sshd.c b/sshd.c
-===================================================================
+index 4eddeb8..e5c9835 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -753,7 +753,7 @@
+@@ -753,7 +753,7 @@ privsep_postauth(Authctxt *authctxt)
        RAND_seed(rnd, sizeof(rnd));
 
        /* Drop privileges */
@@ -445,11 +470,11 @@ Index: b/sshd.c
 
  skip:
        /* It is safe now to apply the key state */
-Index: b/sshpty.c
+diff --git a/sshpty.c b/sshpty.c
-===================================================================
+index bbbc0fe..8cc26a2 100644
 --- a/sshpty.c
 +++ b/sshpty.c
-@@ -200,7 +200,7 @@
+@@ -200,7 +200,7 @@ pty_change_window_size(int ptyfd, u_int row, u_int col,
 }
 
 void
@@ -458,7 +483,7 @@ Index: b/sshpty.c
 {
        struct group *grp;
        gid_t gid;
-@@ -227,7 +227,7 @@
+@@ -227,7 +227,7 @@ pty_setowner(struct passwd *pw, const char *tty)
                    strerror(errno));
 
 #ifdef WITH_SELINUX
@@ -467,11 +492,11 @@ Index: b/sshpty.c
 #endif
 
        if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
-Index: b/sshpty.h
+diff --git a/sshpty.h b/sshpty.h
-===================================================================
+index cfa3224..edf2436 100644
 --- a/sshpty.h
 +++ b/sshpty.h
-@@ -24,4 +24,4 @@
+@@ -24,4 +24,4 @@ int    pty_allocate(int *, int *, char *, size_t);
 void    pty_release(const char *);
 void    pty_make_controlling_tty(int *, const char *);
 void    pty_change_window_size(int, u_int, u_int, u_int, u_int);