summaryrefslogtreecommitdiff
path: root/debian/patches/selinux-role.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/selinux-role.patch')
-rw-r--r--debian/patches/selinux-role.patch52
1 files changed, 26 insertions, 26 deletions
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index fea289291..bcb61480d 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -1,4 +1,4 @@
1From 206bdbf6bcc95e589effa11695aff2c6b9327e11 Mon Sep 17 00:00:00 2001 1From 7a7851c903e5dbb58a85014deb2c88cb718068c9 Mon Sep 17 00:00:00 2001
2From: Manoj Srivastava <srivasta@debian.org> 2From: Manoj Srivastava <srivasta@debian.org>
3Date: Sun, 9 Feb 2014 16:09:49 +0000 3Date: Sun, 9 Feb 2014 16:09:49 +0000
4Subject: Handle SELinux authorisation roles 4Subject: Handle SELinux authorisation roles
@@ -32,7 +32,7 @@ Patch-Name: selinux-role.patch
32 16 files changed, 104 insertions(+), 31 deletions(-) 32 16 files changed, 104 insertions(+), 31 deletions(-)
33 33
34diff --git a/auth.h b/auth.h 34diff --git a/auth.h b/auth.h
35index 2160154..3b3a085 100644 35index 55170af..50baeaa 100644
36--- a/auth.h 36--- a/auth.h
37+++ b/auth.h 37+++ b/auth.h
38@@ -62,6 +62,7 @@ struct Authctxt { 38@@ -62,6 +62,7 @@ struct Authctxt {
@@ -75,7 +75,7 @@ index 5073c49..dd00648 100644
75 /* Verify that the user is a valid user. */ 75 /* Verify that the user is a valid user. */
76 if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) 76 if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
77diff --git a/auth2.c b/auth2.c 77diff --git a/auth2.c b/auth2.c
78index 3f49bdc..6eb3cc7 100644 78index ce0d376..461311b 100644
79--- a/auth2.c 79--- a/auth2.c
80+++ b/auth2.c 80+++ b/auth2.c
81@@ -216,7 +216,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) 81@@ -216,7 +216,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
@@ -113,10 +113,10 @@ index 3f49bdc..6eb3cc7 100644
113 if (auth2_setup_methods_lists(authctxt) != 0) 113 if (auth2_setup_methods_lists(authctxt) != 0)
114 packet_disconnect("no authentication methods enabled"); 114 packet_disconnect("no authentication methods enabled");
115diff --git a/monitor.c b/monitor.c 115diff --git a/monitor.c b/monitor.c
116index 6c82023..5be3fbf 100644 116index 05bb48a..e91054e 100644
117--- a/monitor.c 117--- a/monitor.c
118+++ b/monitor.c 118+++ b/monitor.c
119@@ -126,6 +126,7 @@ int mm_answer_sign(int, Buffer *); 119@@ -128,6 +128,7 @@ int mm_answer_sign(int, Buffer *);
120 int mm_answer_pwnamallow(int, Buffer *); 120 int mm_answer_pwnamallow(int, Buffer *);
121 int mm_answer_auth2_read_banner(int, Buffer *); 121 int mm_answer_auth2_read_banner(int, Buffer *);
122 int mm_answer_authserv(int, Buffer *); 122 int mm_answer_authserv(int, Buffer *);
@@ -124,7 +124,7 @@ index 6c82023..5be3fbf 100644
124 int mm_answer_authpassword(int, Buffer *); 124 int mm_answer_authpassword(int, Buffer *);
125 int mm_answer_bsdauthquery(int, Buffer *); 125 int mm_answer_bsdauthquery(int, Buffer *);
126 int mm_answer_bsdauthrespond(int, Buffer *); 126 int mm_answer_bsdauthrespond(int, Buffer *);
127@@ -207,6 +208,7 @@ struct mon_table mon_dispatch_proto20[] = { 127@@ -209,6 +210,7 @@ struct mon_table mon_dispatch_proto20[] = {
128 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 128 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
129 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 129 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
130 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 130 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -132,7 +132,7 @@ index 6c82023..5be3fbf 100644
132 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 132 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
133 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 133 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
134 #ifdef USE_PAM 134 #ifdef USE_PAM
135@@ -875,6 +877,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) 135@@ -880,6 +882,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
136 else { 136 else {
137 /* Allow service/style information on the auth context */ 137 /* Allow service/style information on the auth context */
138 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 138 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@@ -140,7 +140,7 @@ index 6c82023..5be3fbf 100644
140 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 140 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
141 } 141 }
142 #ifdef USE_PAM 142 #ifdef USE_PAM
143@@ -905,14 +908,37 @@ mm_answer_authserv(int sock, Buffer *m) 143@@ -910,14 +913,37 @@ mm_answer_authserv(int sock, Buffer *m)
144 144
145 authctxt->service = buffer_get_string(m, NULL); 145 authctxt->service = buffer_get_string(m, NULL);
146 authctxt->style = buffer_get_string(m, NULL); 146 authctxt->style = buffer_get_string(m, NULL);
@@ -180,7 +180,7 @@ index 6c82023..5be3fbf 100644
180 return (0); 180 return (0);
181 } 181 }
182 182
183@@ -1541,7 +1567,7 @@ mm_answer_pty(int sock, Buffer *m) 183@@ -1553,7 +1579,7 @@ mm_answer_pty(int sock, Buffer *m)
184 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 184 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
185 if (res == 0) 185 if (res == 0)
186 goto error; 186 goto error;
@@ -203,10 +203,10 @@ index bc50ade..2d82b8b 100644
203 203
204 struct mm_master; 204 struct mm_master;
205diff --git a/monitor_wrap.c b/monitor_wrap.c 205diff --git a/monitor_wrap.c b/monitor_wrap.c
206index 74fbd2e..eaf0a12 100644 206index 5a9f1b5..11e3a69 100644
207--- a/monitor_wrap.c 207--- a/monitor_wrap.c
208+++ b/monitor_wrap.c 208+++ b/monitor_wrap.c
209@@ -327,10 +327,10 @@ mm_auth2_read_banner(void) 209@@ -328,10 +328,10 @@ mm_auth2_read_banner(void)
210 return (banner); 210 return (banner);
211 } 211 }
212 212
@@ -219,7 +219,7 @@ index 74fbd2e..eaf0a12 100644
219 { 219 {
220 Buffer m; 220 Buffer m;
221 221
222@@ -339,12 +339,30 @@ mm_inform_authserv(char *service, char *style) 222@@ -340,12 +340,30 @@ mm_inform_authserv(char *service, char *style)
223 buffer_init(&m); 223 buffer_init(&m);
224 buffer_put_cstring(&m, service); 224 buffer_put_cstring(&m, service);
225 buffer_put_cstring(&m, style ? style : ""); 225 buffer_put_cstring(&m, style ? style : "");
@@ -251,7 +251,7 @@ index 74fbd2e..eaf0a12 100644
251 int 251 int
252 mm_auth_password(Authctxt *authctxt, char *password) 252 mm_auth_password(Authctxt *authctxt, char *password)
253diff --git a/monitor_wrap.h b/monitor_wrap.h 253diff --git a/monitor_wrap.h b/monitor_wrap.h
254index 403f8d0..d9de551 100644 254index b5414c2..d5b3334 100644
255--- a/monitor_wrap.h 255--- a/monitor_wrap.h
256+++ b/monitor_wrap.h 256+++ b/monitor_wrap.h
257@@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char *, void *); 257@@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char *, void *);
@@ -361,10 +361,10 @@ index e3d1004..80ce13a 100644
361 void ssh_selinux_setfscreatecon(const char *); 361 void ssh_selinux_setfscreatecon(const char *);
362 #endif 362 #endif
363diff --git a/platform.c b/platform.c 363diff --git a/platform.c b/platform.c
364index ee313da..f35ec39 100644 364index acf8554..4831706 100644
365--- a/platform.c 365--- a/platform.c
366+++ b/platform.c 366+++ b/platform.c
367@@ -143,7 +143,7 @@ platform_setusercontext(struct passwd *pw) 367@@ -145,7 +145,7 @@ platform_setusercontext(struct passwd *pw)
368 * called if sshd is running as root. 368 * called if sshd is running as root.
369 */ 369 */
370 void 370 void
@@ -373,7 +373,7 @@ index ee313da..f35ec39 100644
373 { 373 {
374 #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) 374 #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
375 /* 375 /*
376@@ -184,7 +184,7 @@ platform_setusercontext_post_groups(struct passwd *pw) 376@@ -186,7 +186,7 @@ platform_setusercontext_post_groups(struct passwd *pw)
377 } 377 }
378 #endif /* HAVE_SETPCRED */ 378 #endif /* HAVE_SETPCRED */
379 #ifdef WITH_SELINUX 379 #ifdef WITH_SELINUX
@@ -383,7 +383,7 @@ index ee313da..f35ec39 100644
383 } 383 }
384 384
385diff --git a/platform.h b/platform.h 385diff --git a/platform.h b/platform.h
386index e687c99..823901b 100644 386index e97ecd9..5b72304 100644
387--- a/platform.h 387--- a/platform.h
388+++ b/platform.h 388+++ b/platform.h
389@@ -27,7 +27,7 @@ void platform_post_fork_parent(pid_t child_pid); 389@@ -27,7 +27,7 @@ void platform_post_fork_parent(pid_t child_pid);
@@ -396,10 +396,10 @@ index e687c99..823901b 100644
396 char *platform_krb5_get_principal_name(const char *); 396 char *platform_krb5_get_principal_name(const char *);
397 int platform_sys_dir_uid(uid_t); 397 int platform_sys_dir_uid(uid_t);
398diff --git a/session.c b/session.c 398diff --git a/session.c b/session.c
399index 87fddfc..f246b8a 100644 399index 2235f26..6dfcf84 100644
400--- a/session.c 400--- a/session.c
401+++ b/session.c 401+++ b/session.c
402@@ -1511,7 +1511,7 @@ safely_chroot(const char *path, uid_t uid) 402@@ -1517,7 +1517,7 @@ safely_chroot(const char *path, uid_t uid)
403 403
404 /* Set login name, uid, gid, and groups. */ 404 /* Set login name, uid, gid, and groups. */
405 void 405 void
@@ -408,7 +408,7 @@ index 87fddfc..f246b8a 100644
408 { 408 {
409 char *chroot_path, *tmp; 409 char *chroot_path, *tmp;
410 410
411@@ -1539,7 +1539,7 @@ do_setusercontext(struct passwd *pw) 411@@ -1545,7 +1545,7 @@ do_setusercontext(struct passwd *pw)
412 endgrent(); 412 endgrent();
413 #endif 413 #endif
414 414
@@ -417,7 +417,7 @@ index 87fddfc..f246b8a 100644
417 417
418 if (!in_chroot && options.chroot_directory != NULL && 418 if (!in_chroot && options.chroot_directory != NULL &&
419 strcasecmp(options.chroot_directory, "none") != 0) { 419 strcasecmp(options.chroot_directory, "none") != 0) {
420@@ -1696,7 +1696,7 @@ do_child(Session *s, const char *command) 420@@ -1703,7 +1703,7 @@ do_child(Session *s, const char *command)
421 421
422 /* Force a password change */ 422 /* Force a password change */
423 if (s->authctxt->force_pwchange) { 423 if (s->authctxt->force_pwchange) {
@@ -426,7 +426,7 @@ index 87fddfc..f246b8a 100644
426 child_close_fds(); 426 child_close_fds();
427 do_pwchange(s); 427 do_pwchange(s);
428 exit(1); 428 exit(1);
429@@ -1723,7 +1723,7 @@ do_child(Session *s, const char *command) 429@@ -1730,7 +1730,7 @@ do_child(Session *s, const char *command)
430 /* When PAM is enabled we rely on it to do the nologin check */ 430 /* When PAM is enabled we rely on it to do the nologin check */
431 if (!options.use_pam) 431 if (!options.use_pam)
432 do_nologin(pw); 432 do_nologin(pw);
@@ -435,7 +435,7 @@ index 87fddfc..f246b8a 100644
435 /* 435 /*
436 * PAM session modules in do_setusercontext may have 436 * PAM session modules in do_setusercontext may have
437 * generated messages, so if this in an interactive 437 * generated messages, so if this in an interactive
438@@ -2134,7 +2134,7 @@ session_pty_req(Session *s) 438@@ -2141,7 +2141,7 @@ session_pty_req(Session *s)
439 tty_parse_modes(s->ttyfd, &n_bytes); 439 tty_parse_modes(s->ttyfd, &n_bytes);
440 440
441 if (!use_privsep) 441 if (!use_privsep)
@@ -445,7 +445,7 @@ index 87fddfc..f246b8a 100644
445 /* Set window size from the packet. */ 445 /* Set window size from the packet. */
446 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); 446 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
447diff --git a/session.h b/session.h 447diff --git a/session.h b/session.h
448index 6a2f35e..ef6593c 100644 448index f18eaf3..2b7d939 100644
449--- a/session.h 449--- a/session.h
450+++ b/session.h 450+++ b/session.h
451@@ -77,7 +77,7 @@ void session_pty_cleanup2(Session *); 451@@ -77,7 +77,7 @@ void session_pty_cleanup2(Session *);
@@ -458,10 +458,10 @@ index 6a2f35e..ef6593c 100644
458 const char *value); 458 const char *value);
459 459
460diff --git a/sshd.c b/sshd.c 460diff --git a/sshd.c b/sshd.c
461index d1dd711..bb093cc 100644 461index 982e545..76306da 100644
462--- a/sshd.c 462--- a/sshd.c
463+++ b/sshd.c 463+++ b/sshd.c
464@@ -781,7 +781,7 @@ privsep_postauth(Authctxt *authctxt) 464@@ -787,7 +787,7 @@ privsep_postauth(Authctxt *authctxt)
465 explicit_bzero(rnd, sizeof(rnd)); 465 explicit_bzero(rnd, sizeof(rnd));
466 466
467 /* Drop privileges */ 467 /* Drop privileges */