diff options
Diffstat (limited to 'debian/patches/selinux-role.patch')
-rw-r--r-- | debian/patches/selinux-role.patch | 52 |
1 files changed, 26 insertions, 26 deletions
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch index fea289291..bcb61480d 100644 --- a/debian/patches/selinux-role.patch +++ b/debian/patches/selinux-role.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 206bdbf6bcc95e589effa11695aff2c6b9327e11 Mon Sep 17 00:00:00 2001 | 1 | From 7a7851c903e5dbb58a85014deb2c88cb718068c9 Mon Sep 17 00:00:00 2001 |
2 | From: Manoj Srivastava <srivasta@debian.org> | 2 | From: Manoj Srivastava <srivasta@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:09:49 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:49 +0000 |
4 | Subject: Handle SELinux authorisation roles | 4 | Subject: Handle SELinux authorisation roles |
@@ -32,7 +32,7 @@ Patch-Name: selinux-role.patch | |||
32 | 16 files changed, 104 insertions(+), 31 deletions(-) | 32 | 16 files changed, 104 insertions(+), 31 deletions(-) |
33 | 33 | ||
34 | diff --git a/auth.h b/auth.h | 34 | diff --git a/auth.h b/auth.h |
35 | index 2160154..3b3a085 100644 | 35 | index 55170af..50baeaa 100644 |
36 | --- a/auth.h | 36 | --- a/auth.h |
37 | +++ b/auth.h | 37 | +++ b/auth.h |
38 | @@ -62,6 +62,7 @@ struct Authctxt { | 38 | @@ -62,6 +62,7 @@ struct Authctxt { |
@@ -75,7 +75,7 @@ index 5073c49..dd00648 100644 | |||
75 | /* Verify that the user is a valid user. */ | 75 | /* Verify that the user is a valid user. */ |
76 | if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) | 76 | if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) |
77 | diff --git a/auth2.c b/auth2.c | 77 | diff --git a/auth2.c b/auth2.c |
78 | index 3f49bdc..6eb3cc7 100644 | 78 | index ce0d376..461311b 100644 |
79 | --- a/auth2.c | 79 | --- a/auth2.c |
80 | +++ b/auth2.c | 80 | +++ b/auth2.c |
81 | @@ -216,7 +216,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | 81 | @@ -216,7 +216,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) |
@@ -113,10 +113,10 @@ index 3f49bdc..6eb3cc7 100644 | |||
113 | if (auth2_setup_methods_lists(authctxt) != 0) | 113 | if (auth2_setup_methods_lists(authctxt) != 0) |
114 | packet_disconnect("no authentication methods enabled"); | 114 | packet_disconnect("no authentication methods enabled"); |
115 | diff --git a/monitor.c b/monitor.c | 115 | diff --git a/monitor.c b/monitor.c |
116 | index 6c82023..5be3fbf 100644 | 116 | index 05bb48a..e91054e 100644 |
117 | --- a/monitor.c | 117 | --- a/monitor.c |
118 | +++ b/monitor.c | 118 | +++ b/monitor.c |
119 | @@ -126,6 +126,7 @@ int mm_answer_sign(int, Buffer *); | 119 | @@ -128,6 +128,7 @@ int mm_answer_sign(int, Buffer *); |
120 | int mm_answer_pwnamallow(int, Buffer *); | 120 | int mm_answer_pwnamallow(int, Buffer *); |
121 | int mm_answer_auth2_read_banner(int, Buffer *); | 121 | int mm_answer_auth2_read_banner(int, Buffer *); |
122 | int mm_answer_authserv(int, Buffer *); | 122 | int mm_answer_authserv(int, Buffer *); |
@@ -124,7 +124,7 @@ index 6c82023..5be3fbf 100644 | |||
124 | int mm_answer_authpassword(int, Buffer *); | 124 | int mm_answer_authpassword(int, Buffer *); |
125 | int mm_answer_bsdauthquery(int, Buffer *); | 125 | int mm_answer_bsdauthquery(int, Buffer *); |
126 | int mm_answer_bsdauthrespond(int, Buffer *); | 126 | int mm_answer_bsdauthrespond(int, Buffer *); |
127 | @@ -207,6 +208,7 @@ struct mon_table mon_dispatch_proto20[] = { | 127 | @@ -209,6 +210,7 @@ struct mon_table mon_dispatch_proto20[] = { |
128 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, | 128 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, |
129 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | 129 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
130 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, | 130 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, |
@@ -132,7 +132,7 @@ index 6c82023..5be3fbf 100644 | |||
132 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, | 132 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, |
133 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | 133 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
134 | #ifdef USE_PAM | 134 | #ifdef USE_PAM |
135 | @@ -875,6 +877,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) | 135 | @@ -880,6 +882,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) |
136 | else { | 136 | else { |
137 | /* Allow service/style information on the auth context */ | 137 | /* Allow service/style information on the auth context */ |
138 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); | 138 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); |
@@ -140,7 +140,7 @@ index 6c82023..5be3fbf 100644 | |||
140 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); | 140 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); |
141 | } | 141 | } |
142 | #ifdef USE_PAM | 142 | #ifdef USE_PAM |
143 | @@ -905,14 +908,37 @@ mm_answer_authserv(int sock, Buffer *m) | 143 | @@ -910,14 +913,37 @@ mm_answer_authserv(int sock, Buffer *m) |
144 | 144 | ||
145 | authctxt->service = buffer_get_string(m, NULL); | 145 | authctxt->service = buffer_get_string(m, NULL); |
146 | authctxt->style = buffer_get_string(m, NULL); | 146 | authctxt->style = buffer_get_string(m, NULL); |
@@ -180,7 +180,7 @@ index 6c82023..5be3fbf 100644 | |||
180 | return (0); | 180 | return (0); |
181 | } | 181 | } |
182 | 182 | ||
183 | @@ -1541,7 +1567,7 @@ mm_answer_pty(int sock, Buffer *m) | 183 | @@ -1553,7 +1579,7 @@ mm_answer_pty(int sock, Buffer *m) |
184 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); | 184 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); |
185 | if (res == 0) | 185 | if (res == 0) |
186 | goto error; | 186 | goto error; |
@@ -203,10 +203,10 @@ index bc50ade..2d82b8b 100644 | |||
203 | 203 | ||
204 | struct mm_master; | 204 | struct mm_master; |
205 | diff --git a/monitor_wrap.c b/monitor_wrap.c | 205 | diff --git a/monitor_wrap.c b/monitor_wrap.c |
206 | index 74fbd2e..eaf0a12 100644 | 206 | index 5a9f1b5..11e3a69 100644 |
207 | --- a/monitor_wrap.c | 207 | --- a/monitor_wrap.c |
208 | +++ b/monitor_wrap.c | 208 | +++ b/monitor_wrap.c |
209 | @@ -327,10 +327,10 @@ mm_auth2_read_banner(void) | 209 | @@ -328,10 +328,10 @@ mm_auth2_read_banner(void) |
210 | return (banner); | 210 | return (banner); |
211 | } | 211 | } |
212 | 212 | ||
@@ -219,7 +219,7 @@ index 74fbd2e..eaf0a12 100644 | |||
219 | { | 219 | { |
220 | Buffer m; | 220 | Buffer m; |
221 | 221 | ||
222 | @@ -339,12 +339,30 @@ mm_inform_authserv(char *service, char *style) | 222 | @@ -340,12 +340,30 @@ mm_inform_authserv(char *service, char *style) |
223 | buffer_init(&m); | 223 | buffer_init(&m); |
224 | buffer_put_cstring(&m, service); | 224 | buffer_put_cstring(&m, service); |
225 | buffer_put_cstring(&m, style ? style : ""); | 225 | buffer_put_cstring(&m, style ? style : ""); |
@@ -251,7 +251,7 @@ index 74fbd2e..eaf0a12 100644 | |||
251 | int | 251 | int |
252 | mm_auth_password(Authctxt *authctxt, char *password) | 252 | mm_auth_password(Authctxt *authctxt, char *password) |
253 | diff --git a/monitor_wrap.h b/monitor_wrap.h | 253 | diff --git a/monitor_wrap.h b/monitor_wrap.h |
254 | index 403f8d0..d9de551 100644 | 254 | index b5414c2..d5b3334 100644 |
255 | --- a/monitor_wrap.h | 255 | --- a/monitor_wrap.h |
256 | +++ b/monitor_wrap.h | 256 | +++ b/monitor_wrap.h |
257 | @@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char *, void *); | 257 | @@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char *, void *); |
@@ -361,10 +361,10 @@ index e3d1004..80ce13a 100644 | |||
361 | void ssh_selinux_setfscreatecon(const char *); | 361 | void ssh_selinux_setfscreatecon(const char *); |
362 | #endif | 362 | #endif |
363 | diff --git a/platform.c b/platform.c | 363 | diff --git a/platform.c b/platform.c |
364 | index ee313da..f35ec39 100644 | 364 | index acf8554..4831706 100644 |
365 | --- a/platform.c | 365 | --- a/platform.c |
366 | +++ b/platform.c | 366 | +++ b/platform.c |
367 | @@ -143,7 +143,7 @@ platform_setusercontext(struct passwd *pw) | 367 | @@ -145,7 +145,7 @@ platform_setusercontext(struct passwd *pw) |
368 | * called if sshd is running as root. | 368 | * called if sshd is running as root. |
369 | */ | 369 | */ |
370 | void | 370 | void |
@@ -373,7 +373,7 @@ index ee313da..f35ec39 100644 | |||
373 | { | 373 | { |
374 | #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) | 374 | #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) |
375 | /* | 375 | /* |
376 | @@ -184,7 +184,7 @@ platform_setusercontext_post_groups(struct passwd *pw) | 376 | @@ -186,7 +186,7 @@ platform_setusercontext_post_groups(struct passwd *pw) |
377 | } | 377 | } |
378 | #endif /* HAVE_SETPCRED */ | 378 | #endif /* HAVE_SETPCRED */ |
379 | #ifdef WITH_SELINUX | 379 | #ifdef WITH_SELINUX |
@@ -383,7 +383,7 @@ index ee313da..f35ec39 100644 | |||
383 | } | 383 | } |
384 | 384 | ||
385 | diff --git a/platform.h b/platform.h | 385 | diff --git a/platform.h b/platform.h |
386 | index e687c99..823901b 100644 | 386 | index e97ecd9..5b72304 100644 |
387 | --- a/platform.h | 387 | --- a/platform.h |
388 | +++ b/platform.h | 388 | +++ b/platform.h |
389 | @@ -27,7 +27,7 @@ void platform_post_fork_parent(pid_t child_pid); | 389 | @@ -27,7 +27,7 @@ void platform_post_fork_parent(pid_t child_pid); |
@@ -396,10 +396,10 @@ index e687c99..823901b 100644 | |||
396 | char *platform_krb5_get_principal_name(const char *); | 396 | char *platform_krb5_get_principal_name(const char *); |
397 | int platform_sys_dir_uid(uid_t); | 397 | int platform_sys_dir_uid(uid_t); |
398 | diff --git a/session.c b/session.c | 398 | diff --git a/session.c b/session.c |
399 | index 87fddfc..f246b8a 100644 | 399 | index 2235f26..6dfcf84 100644 |
400 | --- a/session.c | 400 | --- a/session.c |
401 | +++ b/session.c | 401 | +++ b/session.c |
402 | @@ -1511,7 +1511,7 @@ safely_chroot(const char *path, uid_t uid) | 402 | @@ -1517,7 +1517,7 @@ safely_chroot(const char *path, uid_t uid) |
403 | 403 | ||
404 | /* Set login name, uid, gid, and groups. */ | 404 | /* Set login name, uid, gid, and groups. */ |
405 | void | 405 | void |
@@ -408,7 +408,7 @@ index 87fddfc..f246b8a 100644 | |||
408 | { | 408 | { |
409 | char *chroot_path, *tmp; | 409 | char *chroot_path, *tmp; |
410 | 410 | ||
411 | @@ -1539,7 +1539,7 @@ do_setusercontext(struct passwd *pw) | 411 | @@ -1545,7 +1545,7 @@ do_setusercontext(struct passwd *pw) |
412 | endgrent(); | 412 | endgrent(); |
413 | #endif | 413 | #endif |
414 | 414 | ||
@@ -417,7 +417,7 @@ index 87fddfc..f246b8a 100644 | |||
417 | 417 | ||
418 | if (!in_chroot && options.chroot_directory != NULL && | 418 | if (!in_chroot && options.chroot_directory != NULL && |
419 | strcasecmp(options.chroot_directory, "none") != 0) { | 419 | strcasecmp(options.chroot_directory, "none") != 0) { |
420 | @@ -1696,7 +1696,7 @@ do_child(Session *s, const char *command) | 420 | @@ -1703,7 +1703,7 @@ do_child(Session *s, const char *command) |
421 | 421 | ||
422 | /* Force a password change */ | 422 | /* Force a password change */ |
423 | if (s->authctxt->force_pwchange) { | 423 | if (s->authctxt->force_pwchange) { |
@@ -426,7 +426,7 @@ index 87fddfc..f246b8a 100644 | |||
426 | child_close_fds(); | 426 | child_close_fds(); |
427 | do_pwchange(s); | 427 | do_pwchange(s); |
428 | exit(1); | 428 | exit(1); |
429 | @@ -1723,7 +1723,7 @@ do_child(Session *s, const char *command) | 429 | @@ -1730,7 +1730,7 @@ do_child(Session *s, const char *command) |
430 | /* When PAM is enabled we rely on it to do the nologin check */ | 430 | /* When PAM is enabled we rely on it to do the nologin check */ |
431 | if (!options.use_pam) | 431 | if (!options.use_pam) |
432 | do_nologin(pw); | 432 | do_nologin(pw); |
@@ -435,7 +435,7 @@ index 87fddfc..f246b8a 100644 | |||
435 | /* | 435 | /* |
436 | * PAM session modules in do_setusercontext may have | 436 | * PAM session modules in do_setusercontext may have |
437 | * generated messages, so if this in an interactive | 437 | * generated messages, so if this in an interactive |
438 | @@ -2134,7 +2134,7 @@ session_pty_req(Session *s) | 438 | @@ -2141,7 +2141,7 @@ session_pty_req(Session *s) |
439 | tty_parse_modes(s->ttyfd, &n_bytes); | 439 | tty_parse_modes(s->ttyfd, &n_bytes); |
440 | 440 | ||
441 | if (!use_privsep) | 441 | if (!use_privsep) |
@@ -445,7 +445,7 @@ index 87fddfc..f246b8a 100644 | |||
445 | /* Set window size from the packet. */ | 445 | /* Set window size from the packet. */ |
446 | pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); | 446 | pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); |
447 | diff --git a/session.h b/session.h | 447 | diff --git a/session.h b/session.h |
448 | index 6a2f35e..ef6593c 100644 | 448 | index f18eaf3..2b7d939 100644 |
449 | --- a/session.h | 449 | --- a/session.h |
450 | +++ b/session.h | 450 | +++ b/session.h |
451 | @@ -77,7 +77,7 @@ void session_pty_cleanup2(Session *); | 451 | @@ -77,7 +77,7 @@ void session_pty_cleanup2(Session *); |
@@ -458,10 +458,10 @@ index 6a2f35e..ef6593c 100644 | |||
458 | const char *value); | 458 | const char *value); |
459 | 459 | ||
460 | diff --git a/sshd.c b/sshd.c | 460 | diff --git a/sshd.c b/sshd.c |
461 | index d1dd711..bb093cc 100644 | 461 | index 982e545..76306da 100644 |
462 | --- a/sshd.c | 462 | --- a/sshd.c |
463 | +++ b/sshd.c | 463 | +++ b/sshd.c |
464 | @@ -781,7 +781,7 @@ privsep_postauth(Authctxt *authctxt) | 464 | @@ -787,7 +787,7 @@ privsep_postauth(Authctxt *authctxt) |
465 | explicit_bzero(rnd, sizeof(rnd)); | 465 | explicit_bzero(rnd, sizeof(rnd)); |
466 | 466 | ||
467 | /* Drop privileges */ | 467 | /* Drop privileges */ |