summaryrefslogtreecommitdiff
path: root/debian/patches/selinux-role.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/selinux-role.patch')
-rw-r--r--debian/patches/selinux-role.patch50
1 files changed, 25 insertions, 25 deletions
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index c41c78b3b..f3376c20a 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -5,7 +5,7 @@ Description: Handle SELinux authorisation roles
5Author: Manoj Srivastava <srivasta@debian.org> 5Author: Manoj Srivastava <srivasta@debian.org>
6Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 6Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
7Bug-Debian: http://bugs.debian.org/394795 7Bug-Debian: http://bugs.debian.org/394795
8Last-Update: 2013-05-13 8Last-Update: 2013-09-14
9 9
10Index: b/auth.h 10Index: b/auth.h
11=================================================================== 11===================================================================
@@ -17,13 +17,13 @@ Index: b/auth.h
17 char *style; 17 char *style;
18+ char *role; 18+ char *role;
19 void *kbdintctxt; 19 void *kbdintctxt;
20 char *info; /* Extra info for next auth_log */
20 void *jpake_ctx; 21 void *jpake_ctx;
21 #ifdef BSD_AUTH
22Index: b/auth1.c 22Index: b/auth1.c
23=================================================================== 23===================================================================
24--- a/auth1.c 24--- a/auth1.c
25+++ b/auth1.c 25+++ b/auth1.c
26@@ -385,7 +385,7 @@ 26@@ -380,7 +380,7 @@
27 do_authentication(Authctxt *authctxt) 27 do_authentication(Authctxt *authctxt)
28 { 28 {
29 u_int ulen; 29 u_int ulen;
@@ -32,7 +32,7 @@ Index: b/auth1.c
32 32
33 /* Get the name of the user that we wish to log in as. */ 33 /* Get the name of the user that we wish to log in as. */
34 packet_read_expect(SSH_CMSG_USER); 34 packet_read_expect(SSH_CMSG_USER);
35@@ -394,11 +394,17 @@ 35@@ -389,11 +389,17 @@
36 user = packet_get_cstring(&ulen); 36 user = packet_get_cstring(&ulen);
37 packet_check_eom(); 37 packet_check_eom();
38 38
@@ -54,7 +54,7 @@ Index: b/auth2.c
54=================================================================== 54===================================================================
55--- a/auth2.c 55--- a/auth2.c
56+++ b/auth2.c 56+++ b/auth2.c
57@@ -219,7 +219,7 @@ 57@@ -222,7 +222,7 @@
58 { 58 {
59 Authctxt *authctxt = ctxt; 59 Authctxt *authctxt = ctxt;
60 Authmethod *m = NULL; 60 Authmethod *m = NULL;
@@ -63,7 +63,7 @@ Index: b/auth2.c
63 int authenticated = 0; 63 int authenticated = 0;
64 64
65 if (authctxt == NULL) 65 if (authctxt == NULL)
66@@ -231,8 +231,13 @@ 66@@ -234,8 +234,13 @@
67 debug("userauth-request for user %s service %s method %s", user, service, method); 67 debug("userauth-request for user %s service %s method %s", user, service, method);
68 debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); 68 debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
69 69
@@ -77,7 +77,7 @@ Index: b/auth2.c
77 77
78 if (authctxt->attempt++ == 0) { 78 if (authctxt->attempt++ == 0) {
79 /* setup auth context */ 79 /* setup auth context */
80@@ -256,8 +261,9 @@ 80@@ -259,8 +264,9 @@
81 use_privsep ? " [net]" : ""); 81 use_privsep ? " [net]" : "");
82 authctxt->service = xstrdup(service); 82 authctxt->service = xstrdup(service);
83 authctxt->style = style ? xstrdup(style) : NULL; 83 authctxt->style = style ? xstrdup(style) : NULL;
@@ -92,7 +92,7 @@ Index: b/monitor.c
92=================================================================== 92===================================================================
93--- a/monitor.c 93--- a/monitor.c
94+++ b/monitor.c 94+++ b/monitor.c
95@@ -145,6 +145,7 @@ 95@@ -146,6 +146,7 @@
96 int mm_answer_pwnamallow(int, Buffer *); 96 int mm_answer_pwnamallow(int, Buffer *);
97 int mm_answer_auth2_read_banner(int, Buffer *); 97 int mm_answer_auth2_read_banner(int, Buffer *);
98 int mm_answer_authserv(int, Buffer *); 98 int mm_answer_authserv(int, Buffer *);
@@ -100,7 +100,7 @@ Index: b/monitor.c
100 int mm_answer_authpassword(int, Buffer *); 100 int mm_answer_authpassword(int, Buffer *);
101 int mm_answer_bsdauthquery(int, Buffer *); 101 int mm_answer_bsdauthquery(int, Buffer *);
102 int mm_answer_bsdauthrespond(int, Buffer *); 102 int mm_answer_bsdauthrespond(int, Buffer *);
103@@ -226,6 +227,7 @@ 103@@ -227,6 +228,7 @@
104 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 104 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
105 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 105 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
106 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 106 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -108,7 +108,7 @@ Index: b/monitor.c
108 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 108 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
109 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 109 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
110 #ifdef USE_PAM 110 #ifdef USE_PAM
111@@ -837,6 +839,7 @@ 111@@ -844,6 +846,7 @@
112 else { 112 else {
113 /* Allow service/style information on the auth context */ 113 /* Allow service/style information on the auth context */
114 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 114 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@@ -116,7 +116,7 @@ Index: b/monitor.c
116 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 116 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
117 } 117 }
118 #ifdef USE_PAM 118 #ifdef USE_PAM
119@@ -869,14 +872,37 @@ 119@@ -874,14 +877,37 @@
120 120
121 authctxt->service = buffer_get_string(m, NULL); 121 authctxt->service = buffer_get_string(m, NULL);
122 authctxt->style = buffer_get_string(m, NULL); 122 authctxt->style = buffer_get_string(m, NULL);
@@ -127,12 +127,12 @@ Index: b/monitor.c
127+ __func__, authctxt->service, authctxt->style, authctxt->role); 127+ __func__, authctxt->service, authctxt->style, authctxt->role);
128 128
129 if (strlen(authctxt->style) == 0) { 129 if (strlen(authctxt->style) == 0) {
130 xfree(authctxt->style); 130 free(authctxt->style);
131 authctxt->style = NULL; 131 authctxt->style = NULL;
132 } 132 }
133 133
134+ if (strlen(authctxt->role) == 0) { 134+ if (strlen(authctxt->role) == 0) {
135+ xfree(authctxt->role); 135+ free(authctxt->role);
136+ authctxt->role = NULL; 136+ authctxt->role = NULL;
137+ } 137+ }
138+ 138+
@@ -149,14 +149,14 @@ Index: b/monitor.c
149+ __func__, authctxt->role); 149+ __func__, authctxt->role);
150+ 150+
151+ if (strlen(authctxt->role) == 0) { 151+ if (strlen(authctxt->role) == 0) {
152+ xfree(authctxt->role); 152+ free(authctxt->role);
153+ authctxt->role = NULL; 153+ authctxt->role = NULL;
154+ } 154+ }
155+ 155+
156 return (0); 156 return (0);
157 } 157 }
158 158
159@@ -1471,7 +1497,7 @@ 159@@ -1486,7 +1512,7 @@
160 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 160 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
161 if (res == 0) 161 if (res == 0)
162 goto error; 162 goto error;
@@ -182,7 +182,7 @@ Index: b/monitor_wrap.c
182=================================================================== 182===================================================================
183--- a/monitor_wrap.c 183--- a/monitor_wrap.c
184+++ b/monitor_wrap.c 184+++ b/monitor_wrap.c
185@@ -318,10 +318,10 @@ 185@@ -320,10 +320,10 @@
186 return (banner); 186 return (banner);
187 } 187 }
188 188
@@ -195,7 +195,7 @@ Index: b/monitor_wrap.c
195 { 195 {
196 Buffer m; 196 Buffer m;
197 197
198@@ -330,11 +330,29 @@ 198@@ -332,11 +332,29 @@
199 buffer_init(&m); 199 buffer_init(&m);
200 buffer_put_cstring(&m, service); 200 buffer_put_cstring(&m, service);
201 buffer_put_cstring(&m, style ? style : ""); 201 buffer_put_cstring(&m, style ? style : "");
@@ -284,7 +284,7 @@ Index: b/openbsd-compat/port-linux.c
284 #endif 284 #endif
285 285
286 if (r != 0) { 286 if (r != 0) {
287@@ -107,7 +120,7 @@ 287@@ -105,7 +118,7 @@
288 288
289 /* Set the execution context to the default for the specified user */ 289 /* Set the execution context to the default for the specified user */
290 void 290 void
@@ -293,7 +293,7 @@ Index: b/openbsd-compat/port-linux.c
293 { 293 {
294 security_context_t user_ctx = NULL; 294 security_context_t user_ctx = NULL;
295 295
296@@ -116,7 +129,7 @@ 296@@ -114,7 +127,7 @@
297 297
298 debug3("%s: setting execution context", __func__); 298 debug3("%s: setting execution context", __func__);
299 299
@@ -302,7 +302,7 @@ Index: b/openbsd-compat/port-linux.c
302 if (setexeccon(user_ctx) != 0) { 302 if (setexeccon(user_ctx) != 0) {
303 switch (security_getenforce()) { 303 switch (security_getenforce()) {
304 case -1: 304 case -1:
305@@ -138,7 +151,7 @@ 305@@ -136,7 +149,7 @@
306 306
307 /* Set the TTY context for the specified user */ 307 /* Set the TTY context for the specified user */
308 void 308 void
@@ -311,7 +311,7 @@ Index: b/openbsd-compat/port-linux.c
311 { 311 {
312 security_context_t new_tty_ctx = NULL; 312 security_context_t new_tty_ctx = NULL;
313 security_context_t user_ctx = NULL; 313 security_context_t user_ctx = NULL;
314@@ -149,7 +162,7 @@ 314@@ -147,7 +160,7 @@
315 315
316 debug3("%s: setting TTY context on %s", __func__, tty); 316 debug3("%s: setting TTY context on %s", __func__, tty);
317 317
@@ -392,7 +392,7 @@ Index: b/session.c
392 392
393 if (options.chroot_directory != NULL && 393 if (options.chroot_directory != NULL &&
394 strcasecmp(options.chroot_directory, "none") != 0) { 394 strcasecmp(options.chroot_directory, "none") != 0) {
395@@ -1633,7 +1633,7 @@ 395@@ -1646,7 +1646,7 @@
396 396
397 /* Force a password change */ 397 /* Force a password change */
398 if (s->authctxt->force_pwchange) { 398 if (s->authctxt->force_pwchange) {
@@ -401,7 +401,7 @@ Index: b/session.c
401 child_close_fds(); 401 child_close_fds();
402 do_pwchange(s); 402 do_pwchange(s);
403 exit(1); 403 exit(1);
404@@ -1660,7 +1660,7 @@ 404@@ -1673,7 +1673,7 @@
405 /* When PAM is enabled we rely on it to do the nologin check */ 405 /* When PAM is enabled we rely on it to do the nologin check */
406 if (!options.use_pam) 406 if (!options.use_pam)
407 do_nologin(pw); 407 do_nologin(pw);
@@ -410,7 +410,7 @@ Index: b/session.c
410 /* 410 /*
411 * PAM session modules in do_setusercontext may have 411 * PAM session modules in do_setusercontext may have
412 * generated messages, so if this in an interactive 412 * generated messages, so if this in an interactive
413@@ -2072,7 +2072,7 @@ 413@@ -2084,7 +2084,7 @@
414 tty_parse_modes(s->ttyfd, &n_bytes); 414 tty_parse_modes(s->ttyfd, &n_bytes);
415 415
416 if (!use_privsep) 416 if (!use_privsep)
@@ -436,7 +436,7 @@ Index: b/sshd.c
436=================================================================== 436===================================================================
437--- a/sshd.c 437--- a/sshd.c
438+++ b/sshd.c 438+++ b/sshd.c
439@@ -745,7 +745,7 @@ 439@@ -753,7 +753,7 @@
440 RAND_seed(rnd, sizeof(rnd)); 440 RAND_seed(rnd, sizeof(rnd));
441 441
442 /* Drop privileges */ 442 /* Drop privileges */
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-19 07:19:18 +0000