summaryrefslogtreecommitdiff
path: root/debian/patches/selinux-role.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/selinux-role.patch')
-rw-r--r--debian/patches/selinux-role.patch171
1 files changed, 98 insertions, 73 deletions
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index f3376c20a..8aa8f614e 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -1,17 +1,41 @@
1Description: Handle SELinux authorisation roles 1From 07f2a771c490bd68cd5c5ea9c535705e93bd94f3 Mon Sep 17 00:00:00 2001
2 Rejected upstream due to discomfort with magic usernames; a better approach 2From: Manoj Srivastava <srivasta@debian.org>
3 will need an SSH protocol change. In the meantime, this came from Debian's 3Date: Sun, 9 Feb 2014 16:09:49 +0000
4 SELinux maintainer, so we'll keep it until we have something better. 4Subject: Handle SELinux authorisation roles
5Author: Manoj Srivastava <srivasta@debian.org> 5
6Rejected upstream due to discomfort with magic usernames; a better approach
7will need an SSH protocol change. In the meantime, this came from Debian's
8SELinux maintainer, so we'll keep it until we have something better.
9
6Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 10Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
7Bug-Debian: http://bugs.debian.org/394795 11Bug-Debian: http://bugs.debian.org/394795
8Last-Update: 2013-09-14 12Last-Update: 2013-09-14
9 13
10Index: b/auth.h 14Patch-Name: selinux-role.patch
11=================================================================== 15---
16 auth.h | 1 +
17 auth1.c | 8 +++++++-
18 auth2.c | 10 ++++++++--
19 monitor.c | 32 +++++++++++++++++++++++++++++---
20 monitor.h | 2 ++
21 monitor_wrap.c | 22 ++++++++++++++++++++--
22 monitor_wrap.h | 3 ++-
23 openbsd-compat/port-linux.c | 27 ++++++++++++++++++++-------
24 openbsd-compat/port-linux.h | 4 ++--
25 platform.c | 4 ++--
26 platform.h | 2 +-
27 session.c | 10 +++++-----
28 session.h | 2 +-
29 sshd.c | 2 +-
30 sshpty.c | 4 ++--
31 sshpty.h | 2 +-
32 16 files changed, 104 insertions(+), 31 deletions(-)
33
34diff --git a/auth.h b/auth.h
35index 80f0898..5b6824f 100644
12--- a/auth.h 36--- a/auth.h
13+++ b/auth.h 37+++ b/auth.h
14@@ -59,6 +59,7 @@ 38@@ -59,6 +59,7 @@ struct Authctxt {
15 char *service; 39 char *service;
16 struct passwd *pw; /* set if 'valid' */ 40 struct passwd *pw; /* set if 'valid' */
17 char *style; 41 char *style;
@@ -19,11 +43,11 @@ Index: b/auth.h
19 void *kbdintctxt; 43 void *kbdintctxt;
20 char *info; /* Extra info for next auth_log */ 44 char *info; /* Extra info for next auth_log */
21 void *jpake_ctx; 45 void *jpake_ctx;
22Index: b/auth1.c 46diff --git a/auth1.c b/auth1.c
23=================================================================== 47index f1ac598..2803a3c 100644
24--- a/auth1.c 48--- a/auth1.c
25+++ b/auth1.c 49+++ b/auth1.c
26@@ -380,7 +380,7 @@ 50@@ -380,7 +380,7 @@ void
27 do_authentication(Authctxt *authctxt) 51 do_authentication(Authctxt *authctxt)
28 { 52 {
29 u_int ulen; 53 u_int ulen;
@@ -32,7 +56,7 @@ Index: b/auth1.c
32 56
33 /* Get the name of the user that we wish to log in as. */ 57 /* Get the name of the user that we wish to log in as. */
34 packet_read_expect(SSH_CMSG_USER); 58 packet_read_expect(SSH_CMSG_USER);
35@@ -389,11 +389,17 @@ 59@@ -389,11 +389,17 @@ do_authentication(Authctxt *authctxt)
36 user = packet_get_cstring(&ulen); 60 user = packet_get_cstring(&ulen);
37 packet_check_eom(); 61 packet_check_eom();
38 62
@@ -50,11 +74,11 @@ Index: b/auth1.c
50 74
51 /* Verify that the user is a valid user. */ 75 /* Verify that the user is a valid user. */
52 if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) 76 if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
53Index: b/auth2.c 77diff --git a/auth2.c b/auth2.c
54=================================================================== 78index 6ed8f04..b55bbcd 100644
55--- a/auth2.c 79--- a/auth2.c
56+++ b/auth2.c 80+++ b/auth2.c
57@@ -222,7 +222,7 @@ 81@@ -222,7 +222,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
58 { 82 {
59 Authctxt *authctxt = ctxt; 83 Authctxt *authctxt = ctxt;
60 Authmethod *m = NULL; 84 Authmethod *m = NULL;
@@ -63,7 +87,7 @@ Index: b/auth2.c
63 int authenticated = 0; 87 int authenticated = 0;
64 88
65 if (authctxt == NULL) 89 if (authctxt == NULL)
66@@ -234,8 +234,13 @@ 90@@ -234,8 +234,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
67 debug("userauth-request for user %s service %s method %s", user, service, method); 91 debug("userauth-request for user %s service %s method %s", user, service, method);
68 debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); 92 debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
69 93
@@ -77,7 +101,7 @@ Index: b/auth2.c
77 101
78 if (authctxt->attempt++ == 0) { 102 if (authctxt->attempt++ == 0) {
79 /* setup auth context */ 103 /* setup auth context */
80@@ -259,8 +264,9 @@ 104@@ -259,8 +264,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
81 use_privsep ? " [net]" : ""); 105 use_privsep ? " [net]" : "");
82 authctxt->service = xstrdup(service); 106 authctxt->service = xstrdup(service);
83 authctxt->style = style ? xstrdup(style) : NULL; 107 authctxt->style = style ? xstrdup(style) : NULL;
@@ -88,11 +112,11 @@ Index: b/auth2.c
88 userauth_banner(); 112 userauth_banner();
89 if (auth2_setup_methods_lists(authctxt) != 0) 113 if (auth2_setup_methods_lists(authctxt) != 0)
90 packet_disconnect("no authentication methods enabled"); 114 packet_disconnect("no authentication methods enabled");
91Index: b/monitor.c 115diff --git a/monitor.c b/monitor.c
92=================================================================== 116index 9079c97..e8d63eb 100644
93--- a/monitor.c 117--- a/monitor.c
94+++ b/monitor.c 118+++ b/monitor.c
95@@ -146,6 +146,7 @@ 119@@ -146,6 +146,7 @@ int mm_answer_sign(int, Buffer *);
96 int mm_answer_pwnamallow(int, Buffer *); 120 int mm_answer_pwnamallow(int, Buffer *);
97 int mm_answer_auth2_read_banner(int, Buffer *); 121 int mm_answer_auth2_read_banner(int, Buffer *);
98 int mm_answer_authserv(int, Buffer *); 122 int mm_answer_authserv(int, Buffer *);
@@ -100,7 +124,7 @@ Index: b/monitor.c
100 int mm_answer_authpassword(int, Buffer *); 124 int mm_answer_authpassword(int, Buffer *);
101 int mm_answer_bsdauthquery(int, Buffer *); 125 int mm_answer_bsdauthquery(int, Buffer *);
102 int mm_answer_bsdauthrespond(int, Buffer *); 126 int mm_answer_bsdauthrespond(int, Buffer *);
103@@ -227,6 +228,7 @@ 127@@ -227,6 +228,7 @@ struct mon_table mon_dispatch_proto20[] = {
104 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 128 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
105 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 129 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
106 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 130 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -108,7 +132,7 @@ Index: b/monitor.c
108 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 132 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
109 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 133 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
110 #ifdef USE_PAM 134 #ifdef USE_PAM
111@@ -844,6 +846,7 @@ 135@@ -844,6 +846,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
112 else { 136 else {
113 /* Allow service/style information on the auth context */ 137 /* Allow service/style information on the auth context */
114 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 138 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@@ -116,7 +140,7 @@ Index: b/monitor.c
116 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 140 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
117 } 141 }
118 #ifdef USE_PAM 142 #ifdef USE_PAM
119@@ -874,14 +877,37 @@ 143@@ -874,14 +877,37 @@ mm_answer_authserv(int sock, Buffer *m)
120 144
121 authctxt->service = buffer_get_string(m, NULL); 145 authctxt->service = buffer_get_string(m, NULL);
122 authctxt->style = buffer_get_string(m, NULL); 146 authctxt->style = buffer_get_string(m, NULL);
@@ -156,7 +180,7 @@ Index: b/monitor.c
156 return (0); 180 return (0);
157 } 181 }
158 182
159@@ -1486,7 +1512,7 @@ 183@@ -1486,7 +1512,7 @@ mm_answer_pty(int sock, Buffer *m)
160 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 184 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
161 if (res == 0) 185 if (res == 0)
162 goto error; 186 goto error;
@@ -165,11 +189,11 @@ Index: b/monitor.c
165 189
166 buffer_put_int(m, 1); 190 buffer_put_int(m, 1);
167 buffer_put_cstring(m, s->tty); 191 buffer_put_cstring(m, s->tty);
168Index: b/monitor.h 192diff --git a/monitor.h b/monitor.h
169=================================================================== 193index 315ef99..3c13706 100644
170--- a/monitor.h 194--- a/monitor.h
171+++ b/monitor.h 195+++ b/monitor.h
172@@ -73,6 +73,8 @@ 196@@ -73,6 +73,8 @@ enum monitor_reqtype {
173 MONITOR_REQ_GSSSIGN = 150, MONITOR_ANS_GSSSIGN = 151, 197 MONITOR_REQ_GSSSIGN = 150, MONITOR_ANS_GSSSIGN = 151,
174 MONITOR_REQ_GSSUPCREDS = 152, MONITOR_ANS_GSSUPCREDS = 153, 198 MONITOR_REQ_GSSUPCREDS = 152, MONITOR_ANS_GSSUPCREDS = 153,
175 199
@@ -178,11 +202,11 @@ Index: b/monitor.h
178 }; 202 };
179 203
180 struct mm_master; 204 struct mm_master;
181Index: b/monitor_wrap.c 205diff --git a/monitor_wrap.c b/monitor_wrap.c
182=================================================================== 206index 44019f3..69bc324 100644
183--- a/monitor_wrap.c 207--- a/monitor_wrap.c
184+++ b/monitor_wrap.c 208+++ b/monitor_wrap.c
185@@ -320,10 +320,10 @@ 209@@ -320,10 +320,10 @@ mm_auth2_read_banner(void)
186 return (banner); 210 return (banner);
187 } 211 }
188 212
@@ -195,7 +219,7 @@ Index: b/monitor_wrap.c
195 { 219 {
196 Buffer m; 220 Buffer m;
197 221
198@@ -332,11 +332,29 @@ 222@@ -332,12 +332,30 @@ mm_inform_authserv(char *service, char *style)
199 buffer_init(&m); 223 buffer_init(&m);
200 buffer_put_cstring(&m, service); 224 buffer_put_cstring(&m, service);
201 buffer_put_cstring(&m, style ? style : ""); 225 buffer_put_cstring(&m, style ? style : "");
@@ -205,7 +229,7 @@ Index: b/monitor_wrap.c
205 229
206 buffer_free(&m); 230 buffer_free(&m);
207 } 231 }
208+ 232
209+/* Inform the privileged process about role */ 233+/* Inform the privileged process about role */
210+ 234+
211+void 235+void
@@ -222,14 +246,15 @@ Index: b/monitor_wrap.c
222+ 246+
223+ buffer_free(&m); 247+ buffer_free(&m);
224+} 248+}
225 249+
226 /* Do the password authentication */ 250 /* Do the password authentication */
227 int 251 int
228Index: b/monitor_wrap.h 252 mm_auth_password(Authctxt *authctxt, char *password)
229=================================================================== 253diff --git a/monitor_wrap.h b/monitor_wrap.h
254index ec9b9b1..4d12e29 100644
230--- a/monitor_wrap.h 255--- a/monitor_wrap.h
231+++ b/monitor_wrap.h 256+++ b/monitor_wrap.h
232@@ -41,7 +41,8 @@ 257@@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char *, void *);
233 int mm_is_monitor(void); 258 int mm_is_monitor(void);
234 DH *mm_choose_dh(int, int, int); 259 DH *mm_choose_dh(int, int, int);
235 int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int); 260 int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);
@@ -239,8 +264,8 @@ Index: b/monitor_wrap.h
239 struct passwd *mm_getpwnamallow(const char *); 264 struct passwd *mm_getpwnamallow(const char *);
240 char *mm_auth2_read_banner(void); 265 char *mm_auth2_read_banner(void);
241 int mm_auth_password(struct Authctxt *, char *); 266 int mm_auth_password(struct Authctxt *, char *);
242Index: b/openbsd-compat/port-linux.c 267diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
243=================================================================== 268index 4637a7a..de6ad3f 100644
244--- a/openbsd-compat/port-linux.c 269--- a/openbsd-compat/port-linux.c
245+++ b/openbsd-compat/port-linux.c 270+++ b/openbsd-compat/port-linux.c
246@@ -29,6 +29,12 @@ 271@@ -29,6 +29,12 @@
@@ -256,7 +281,7 @@ Index: b/openbsd-compat/port-linux.c
256 #include "log.h" 281 #include "log.h"
257 #include "xmalloc.h" 282 #include "xmalloc.h"
258 #include "port-linux.h" 283 #include "port-linux.h"
259@@ -58,7 +64,7 @@ 284@@ -58,7 +64,7 @@ ssh_selinux_enabled(void)
260 285
261 /* Return the default security context for the given username */ 286 /* Return the default security context for the given username */
262 static security_context_t 287 static security_context_t
@@ -265,7 +290,7 @@ Index: b/openbsd-compat/port-linux.c
265 { 290 {
266 security_context_t sc = NULL; 291 security_context_t sc = NULL;
267 char *sename = NULL, *lvl = NULL; 292 char *sename = NULL, *lvl = NULL;
268@@ -73,9 +79,16 @@ 293@@ -73,9 +79,16 @@ ssh_selinux_getctxbyname(char *pwname)
269 #endif 294 #endif
270 295
271 #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL 296 #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
@@ -284,7 +309,7 @@ Index: b/openbsd-compat/port-linux.c
284 #endif 309 #endif
285 310
286 if (r != 0) { 311 if (r != 0) {
287@@ -105,7 +118,7 @@ 312@@ -105,7 +118,7 @@ ssh_selinux_getctxbyname(char *pwname)
288 313
289 /* Set the execution context to the default for the specified user */ 314 /* Set the execution context to the default for the specified user */
290 void 315 void
@@ -293,7 +318,7 @@ Index: b/openbsd-compat/port-linux.c
293 { 318 {
294 security_context_t user_ctx = NULL; 319 security_context_t user_ctx = NULL;
295 320
296@@ -114,7 +127,7 @@ 321@@ -114,7 +127,7 @@ ssh_selinux_setup_exec_context(char *pwname)
297 322
298 debug3("%s: setting execution context", __func__); 323 debug3("%s: setting execution context", __func__);
299 324
@@ -302,7 +327,7 @@ Index: b/openbsd-compat/port-linux.c
302 if (setexeccon(user_ctx) != 0) { 327 if (setexeccon(user_ctx) != 0) {
303 switch (security_getenforce()) { 328 switch (security_getenforce()) {
304 case -1: 329 case -1:
305@@ -136,7 +149,7 @@ 330@@ -136,7 +149,7 @@ ssh_selinux_setup_exec_context(char *pwname)
306 331
307 /* Set the TTY context for the specified user */ 332 /* Set the TTY context for the specified user */
308 void 333 void
@@ -311,7 +336,7 @@ Index: b/openbsd-compat/port-linux.c
311 { 336 {
312 security_context_t new_tty_ctx = NULL; 337 security_context_t new_tty_ctx = NULL;
313 security_context_t user_ctx = NULL; 338 security_context_t user_ctx = NULL;
314@@ -147,7 +160,7 @@ 339@@ -147,7 +160,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
315 340
316 debug3("%s: setting TTY context on %s", __func__, tty); 341 debug3("%s: setting TTY context on %s", __func__, tty);
317 342
@@ -320,8 +345,8 @@ Index: b/openbsd-compat/port-linux.c
320 345
321 /* XXX: should these calls fatal() upon failure in enforcing mode? */ 346 /* XXX: should these calls fatal() upon failure in enforcing mode? */
322 347
323Index: b/openbsd-compat/port-linux.h 348diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
324=================================================================== 349index e3d1004..80ce13a 100644
325--- a/openbsd-compat/port-linux.h 350--- a/openbsd-compat/port-linux.h
326+++ b/openbsd-compat/port-linux.h 351+++ b/openbsd-compat/port-linux.h
327@@ -21,8 +21,8 @@ 352@@ -21,8 +21,8 @@
@@ -335,11 +360,11 @@ Index: b/openbsd-compat/port-linux.h
335 void ssh_selinux_change_context(const char *); 360 void ssh_selinux_change_context(const char *);
336 void ssh_selinux_setfscreatecon(const char *); 361 void ssh_selinux_setfscreatecon(const char *);
337 #endif 362 #endif
338Index: b/platform.c 363diff --git a/platform.c b/platform.c
339=================================================================== 364index 3262b24..a962f15 100644
340--- a/platform.c 365--- a/platform.c
341+++ b/platform.c 366+++ b/platform.c
342@@ -134,7 +134,7 @@ 367@@ -134,7 +134,7 @@ platform_setusercontext(struct passwd *pw)
343 * called if sshd is running as root. 368 * called if sshd is running as root.
344 */ 369 */
345 void 370 void
@@ -348,7 +373,7 @@ Index: b/platform.c
348 { 373 {
349 #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) 374 #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
350 /* 375 /*
351@@ -181,7 +181,7 @@ 376@@ -181,7 +181,7 @@ platform_setusercontext_post_groups(struct passwd *pw)
352 } 377 }
353 #endif /* HAVE_SETPCRED */ 378 #endif /* HAVE_SETPCRED */
354 #ifdef WITH_SELINUX 379 #ifdef WITH_SELINUX
@@ -357,11 +382,11 @@ Index: b/platform.c
357 #endif 382 #endif
358 } 383 }
359 384
360Index: b/platform.h 385diff --git a/platform.h b/platform.h
361=================================================================== 386index 19f6bfd..3188a3d 100644
362--- a/platform.h 387--- a/platform.h
363+++ b/platform.h 388+++ b/platform.h
364@@ -26,7 +26,7 @@ 389@@ -26,7 +26,7 @@ void platform_post_fork_parent(pid_t child_pid);
365 void platform_post_fork_child(void); 390 void platform_post_fork_child(void);
366 int platform_privileged_uidswap(void); 391 int platform_privileged_uidswap(void);
367 void platform_setusercontext(struct passwd *); 392 void platform_setusercontext(struct passwd *);
@@ -370,11 +395,11 @@ Index: b/platform.h
370 char *platform_get_krb5_client(const char *); 395 char *platform_get_krb5_client(const char *);
371 char *platform_krb5_get_principal_name(const char *); 396 char *platform_krb5_get_principal_name(const char *);
372 int platform_sys_dir_uid(uid_t); 397 int platform_sys_dir_uid(uid_t);
373Index: b/session.c 398diff --git a/session.c b/session.c
374=================================================================== 399index d4b57bd..b4d74d9 100644
375--- a/session.c 400--- a/session.c
376+++ b/session.c 401+++ b/session.c
377@@ -1474,7 +1474,7 @@ 402@@ -1474,7 +1474,7 @@ safely_chroot(const char *path, uid_t uid)
378 403
379 /* Set login name, uid, gid, and groups. */ 404 /* Set login name, uid, gid, and groups. */
380 void 405 void
@@ -383,7 +408,7 @@ Index: b/session.c
383 { 408 {
384 char *chroot_path, *tmp; 409 char *chroot_path, *tmp;
385 410
386@@ -1502,7 +1502,7 @@ 411@@ -1502,7 +1502,7 @@ do_setusercontext(struct passwd *pw)
387 endgrent(); 412 endgrent();
388 #endif 413 #endif
389 414
@@ -392,7 +417,7 @@ Index: b/session.c
392 417
393 if (options.chroot_directory != NULL && 418 if (options.chroot_directory != NULL &&
394 strcasecmp(options.chroot_directory, "none") != 0) { 419 strcasecmp(options.chroot_directory, "none") != 0) {
395@@ -1646,7 +1646,7 @@ 420@@ -1646,7 +1646,7 @@ do_child(Session *s, const char *command)
396 421
397 /* Force a password change */ 422 /* Force a password change */
398 if (s->authctxt->force_pwchange) { 423 if (s->authctxt->force_pwchange) {
@@ -401,7 +426,7 @@ Index: b/session.c
401 child_close_fds(); 426 child_close_fds();
402 do_pwchange(s); 427 do_pwchange(s);
403 exit(1); 428 exit(1);
404@@ -1673,7 +1673,7 @@ 429@@ -1673,7 +1673,7 @@ do_child(Session *s, const char *command)
405 /* When PAM is enabled we rely on it to do the nologin check */ 430 /* When PAM is enabled we rely on it to do the nologin check */
406 if (!options.use_pam) 431 if (!options.use_pam)
407 do_nologin(pw); 432 do_nologin(pw);
@@ -410,7 +435,7 @@ Index: b/session.c
410 /* 435 /*
411 * PAM session modules in do_setusercontext may have 436 * PAM session modules in do_setusercontext may have
412 * generated messages, so if this in an interactive 437 * generated messages, so if this in an interactive
413@@ -2084,7 +2084,7 @@ 438@@ -2084,7 +2084,7 @@ session_pty_req(Session *s)
414 tty_parse_modes(s->ttyfd, &n_bytes); 439 tty_parse_modes(s->ttyfd, &n_bytes);
415 440
416 if (!use_privsep) 441 if (!use_privsep)
@@ -419,11 +444,11 @@ Index: b/session.c
419 444
420 /* Set window size from the packet. */ 445 /* Set window size from the packet. */
421 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); 446 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
422Index: b/session.h 447diff --git a/session.h b/session.h
423=================================================================== 448index cbb8e3a..cb4f196 100644
424--- a/session.h 449--- a/session.h
425+++ b/session.h 450+++ b/session.h
426@@ -76,7 +76,7 @@ 451@@ -76,7 +76,7 @@ void session_pty_cleanup2(Session *);
427 Session *session_new(void); 452 Session *session_new(void);
428 Session *session_by_tty(char *); 453 Session *session_by_tty(char *);
429 void session_close(Session *); 454 void session_close(Session *);
@@ -432,11 +457,11 @@ Index: b/session.h
432 void child_set_env(char ***envp, u_int *envsizep, const char *name, 457 void child_set_env(char ***envp, u_int *envsizep, const char *name,
433 const char *value); 458 const char *value);
434 459
435Index: b/sshd.c 460diff --git a/sshd.c b/sshd.c
436=================================================================== 461index 4eddeb8..e5c9835 100644
437--- a/sshd.c 462--- a/sshd.c
438+++ b/sshd.c 463+++ b/sshd.c
439@@ -753,7 +753,7 @@ 464@@ -753,7 +753,7 @@ privsep_postauth(Authctxt *authctxt)
440 RAND_seed(rnd, sizeof(rnd)); 465 RAND_seed(rnd, sizeof(rnd));
441 466
442 /* Drop privileges */ 467 /* Drop privileges */
@@ -445,11 +470,11 @@ Index: b/sshd.c
445 470
446 skip: 471 skip:
447 /* It is safe now to apply the key state */ 472 /* It is safe now to apply the key state */
448Index: b/sshpty.c 473diff --git a/sshpty.c b/sshpty.c
449=================================================================== 474index bbbc0fe..8cc26a2 100644
450--- a/sshpty.c 475--- a/sshpty.c
451+++ b/sshpty.c 476+++ b/sshpty.c
452@@ -200,7 +200,7 @@ 477@@ -200,7 +200,7 @@ pty_change_window_size(int ptyfd, u_int row, u_int col,
453 } 478 }
454 479
455 void 480 void
@@ -458,7 +483,7 @@ Index: b/sshpty.c
458 { 483 {
459 struct group *grp; 484 struct group *grp;
460 gid_t gid; 485 gid_t gid;
461@@ -227,7 +227,7 @@ 486@@ -227,7 +227,7 @@ pty_setowner(struct passwd *pw, const char *tty)
462 strerror(errno)); 487 strerror(errno));
463 488
464 #ifdef WITH_SELINUX 489 #ifdef WITH_SELINUX
@@ -467,11 +492,11 @@ Index: b/sshpty.c
467 #endif 492 #endif
468 493
469 if (st.st_uid != pw->pw_uid || st.st_gid != gid) { 494 if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
470Index: b/sshpty.h 495diff --git a/sshpty.h b/sshpty.h
471=================================================================== 496index cfa3224..edf2436 100644
472--- a/sshpty.h 497--- a/sshpty.h
473+++ b/sshpty.h 498+++ b/sshpty.h
474@@ -24,4 +24,4 @@ 499@@ -24,4 +24,4 @@ int pty_allocate(int *, int *, char *, size_t);
475 void pty_release(const char *); 500 void pty_release(const char *);
476 void pty_make_controlling_tty(int *, const char *); 501 void pty_make_controlling_tty(int *, const char *);
477 void pty_change_window_size(int, u_int, u_int, u_int, u_int); 502 void pty_change_window_size(int, u_int, u_int, u_int, u_int);