diff options
Diffstat (limited to 'debian/patches/selinux-role.patch')
-rw-r--r-- | debian/patches/selinux-role.patch | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch index 8aa8f614e..dc0ffa300 100644 --- a/debian/patches/selinux-role.patch +++ b/debian/patches/selinux-role.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 07f2a771c490bd68cd5c5ea9c535705e93bd94f3 Mon Sep 17 00:00:00 2001 | 1 | From cc5ecb35ae6572d13ed523d143439a8559d1fee2 Mon Sep 17 00:00:00 2001 |
2 | From: Manoj Srivastava <srivasta@debian.org> | 2 | From: Manoj Srivastava <srivasta@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:09:49 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:49 +0000 |
4 | Subject: Handle SELinux authorisation roles | 4 | Subject: Handle SELinux authorisation roles |
@@ -113,7 +113,7 @@ index 6ed8f04..b55bbcd 100644 | |||
113 | if (auth2_setup_methods_lists(authctxt) != 0) | 113 | if (auth2_setup_methods_lists(authctxt) != 0) |
114 | packet_disconnect("no authentication methods enabled"); | 114 | packet_disconnect("no authentication methods enabled"); |
115 | diff --git a/monitor.c b/monitor.c | 115 | diff --git a/monitor.c b/monitor.c |
116 | index 9079c97..e8d63eb 100644 | 116 | index a777c4c..88f472e 100644 |
117 | --- a/monitor.c | 117 | --- a/monitor.c |
118 | +++ b/monitor.c | 118 | +++ b/monitor.c |
119 | @@ -146,6 +146,7 @@ int mm_answer_sign(int, Buffer *); | 119 | @@ -146,6 +146,7 @@ int mm_answer_sign(int, Buffer *); |
@@ -361,10 +361,10 @@ index e3d1004..80ce13a 100644 | |||
361 | void ssh_selinux_setfscreatecon(const char *); | 361 | void ssh_selinux_setfscreatecon(const char *); |
362 | #endif | 362 | #endif |
363 | diff --git a/platform.c b/platform.c | 363 | diff --git a/platform.c b/platform.c |
364 | index 3262b24..a962f15 100644 | 364 | index 30fc609..4aab9a9 100644 |
365 | --- a/platform.c | 365 | --- a/platform.c |
366 | +++ b/platform.c | 366 | +++ b/platform.c |
367 | @@ -134,7 +134,7 @@ platform_setusercontext(struct passwd *pw) | 367 | @@ -142,7 +142,7 @@ platform_setusercontext(struct passwd *pw) |
368 | * called if sshd is running as root. | 368 | * called if sshd is running as root. |
369 | */ | 369 | */ |
370 | void | 370 | void |
@@ -373,7 +373,7 @@ index 3262b24..a962f15 100644 | |||
373 | { | 373 | { |
374 | #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) | 374 | #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) |
375 | /* | 375 | /* |
376 | @@ -181,7 +181,7 @@ platform_setusercontext_post_groups(struct passwd *pw) | 376 | @@ -183,7 +183,7 @@ platform_setusercontext_post_groups(struct passwd *pw) |
377 | } | 377 | } |
378 | #endif /* HAVE_SETPCRED */ | 378 | #endif /* HAVE_SETPCRED */ |
379 | #ifdef WITH_SELINUX | 379 | #ifdef WITH_SELINUX |
@@ -383,10 +383,10 @@ index 3262b24..a962f15 100644 | |||
383 | } | 383 | } |
384 | 384 | ||
385 | diff --git a/platform.h b/platform.h | 385 | diff --git a/platform.h b/platform.h |
386 | index 19f6bfd..3188a3d 100644 | 386 | index 1c7a45d..436ae7c 100644 |
387 | --- a/platform.h | 387 | --- a/platform.h |
388 | +++ b/platform.h | 388 | +++ b/platform.h |
389 | @@ -26,7 +26,7 @@ void platform_post_fork_parent(pid_t child_pid); | 389 | @@ -27,7 +27,7 @@ void platform_post_fork_parent(pid_t child_pid); |
390 | void platform_post_fork_child(void); | 390 | void platform_post_fork_child(void); |
391 | int platform_privileged_uidswap(void); | 391 | int platform_privileged_uidswap(void); |
392 | void platform_setusercontext(struct passwd *); | 392 | void platform_setusercontext(struct passwd *); |
@@ -396,10 +396,10 @@ index 19f6bfd..3188a3d 100644 | |||
396 | char *platform_krb5_get_principal_name(const char *); | 396 | char *platform_krb5_get_principal_name(const char *); |
397 | int platform_sys_dir_uid(uid_t); | 397 | int platform_sys_dir_uid(uid_t); |
398 | diff --git a/session.c b/session.c | 398 | diff --git a/session.c b/session.c |
399 | index d4b57bd..b4d74d9 100644 | 399 | index 12dd9ab..5ddd82a 100644 |
400 | --- a/session.c | 400 | --- a/session.c |
401 | +++ b/session.c | 401 | +++ b/session.c |
402 | @@ -1474,7 +1474,7 @@ safely_chroot(const char *path, uid_t uid) | 402 | @@ -1497,7 +1497,7 @@ safely_chroot(const char *path, uid_t uid) |
403 | 403 | ||
404 | /* Set login name, uid, gid, and groups. */ | 404 | /* Set login name, uid, gid, and groups. */ |
405 | void | 405 | void |
@@ -408,7 +408,7 @@ index d4b57bd..b4d74d9 100644 | |||
408 | { | 408 | { |
409 | char *chroot_path, *tmp; | 409 | char *chroot_path, *tmp; |
410 | 410 | ||
411 | @@ -1502,7 +1502,7 @@ do_setusercontext(struct passwd *pw) | 411 | @@ -1525,7 +1525,7 @@ do_setusercontext(struct passwd *pw) |
412 | endgrent(); | 412 | endgrent(); |
413 | #endif | 413 | #endif |
414 | 414 | ||
@@ -417,7 +417,7 @@ index d4b57bd..b4d74d9 100644 | |||
417 | 417 | ||
418 | if (options.chroot_directory != NULL && | 418 | if (options.chroot_directory != NULL && |
419 | strcasecmp(options.chroot_directory, "none") != 0) { | 419 | strcasecmp(options.chroot_directory, "none") != 0) { |
420 | @@ -1646,7 +1646,7 @@ do_child(Session *s, const char *command) | 420 | @@ -1674,7 +1674,7 @@ do_child(Session *s, const char *command) |
421 | 421 | ||
422 | /* Force a password change */ | 422 | /* Force a password change */ |
423 | if (s->authctxt->force_pwchange) { | 423 | if (s->authctxt->force_pwchange) { |
@@ -426,7 +426,7 @@ index d4b57bd..b4d74d9 100644 | |||
426 | child_close_fds(); | 426 | child_close_fds(); |
427 | do_pwchange(s); | 427 | do_pwchange(s); |
428 | exit(1); | 428 | exit(1); |
429 | @@ -1673,7 +1673,7 @@ do_child(Session *s, const char *command) | 429 | @@ -1701,7 +1701,7 @@ do_child(Session *s, const char *command) |
430 | /* When PAM is enabled we rely on it to do the nologin check */ | 430 | /* When PAM is enabled we rely on it to do the nologin check */ |
431 | if (!options.use_pam) | 431 | if (!options.use_pam) |
432 | do_nologin(pw); | 432 | do_nologin(pw); |
@@ -435,7 +435,7 @@ index d4b57bd..b4d74d9 100644 | |||
435 | /* | 435 | /* |
436 | * PAM session modules in do_setusercontext may have | 436 | * PAM session modules in do_setusercontext may have |
437 | * generated messages, so if this in an interactive | 437 | * generated messages, so if this in an interactive |
438 | @@ -2084,7 +2084,7 @@ session_pty_req(Session *s) | 438 | @@ -2112,7 +2112,7 @@ session_pty_req(Session *s) |
439 | tty_parse_modes(s->ttyfd, &n_bytes); | 439 | tty_parse_modes(s->ttyfd, &n_bytes); |
440 | 440 | ||
441 | if (!use_privsep) | 441 | if (!use_privsep) |
@@ -445,10 +445,10 @@ index d4b57bd..b4d74d9 100644 | |||
445 | /* Set window size from the packet. */ | 445 | /* Set window size from the packet. */ |
446 | pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); | 446 | pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); |
447 | diff --git a/session.h b/session.h | 447 | diff --git a/session.h b/session.h |
448 | index cbb8e3a..cb4f196 100644 | 448 | index 6a2f35e..ef6593c 100644 |
449 | --- a/session.h | 449 | --- a/session.h |
450 | +++ b/session.h | 450 | +++ b/session.h |
451 | @@ -76,7 +76,7 @@ void session_pty_cleanup2(Session *); | 451 | @@ -77,7 +77,7 @@ void session_pty_cleanup2(Session *); |
452 | Session *session_new(void); | 452 | Session *session_new(void); |
453 | Session *session_by_tty(char *); | 453 | Session *session_by_tty(char *); |
454 | void session_close(Session *); | 454 | void session_close(Session *); |
@@ -458,11 +458,11 @@ index cbb8e3a..cb4f196 100644 | |||
458 | const char *value); | 458 | const char *value); |
459 | 459 | ||
460 | diff --git a/sshd.c b/sshd.c | 460 | diff --git a/sshd.c b/sshd.c |
461 | index 4eddeb8..e5c9835 100644 | 461 | index fe65132..0a30101 100644 |
462 | --- a/sshd.c | 462 | --- a/sshd.c |
463 | +++ b/sshd.c | 463 | +++ b/sshd.c |
464 | @@ -753,7 +753,7 @@ privsep_postauth(Authctxt *authctxt) | 464 | @@ -763,7 +763,7 @@ privsep_postauth(Authctxt *authctxt) |
465 | RAND_seed(rnd, sizeof(rnd)); | 465 | bzero(rnd, sizeof(rnd)); |
466 | 466 | ||
467 | /* Drop privileges */ | 467 | /* Drop privileges */ |
468 | - do_setusercontext(authctxt->pw); | 468 | - do_setusercontext(authctxt->pw); |