diff options
Diffstat (limited to 'debian/patches/selinux-role.patch')
| -rw-r--r-- | debian/patches/selinux-role.patch | 23 |
1 files changed, 10 insertions, 13 deletions
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch index b14402199..0d696989a 100644 --- a/debian/patches/selinux-role.patch +++ b/debian/patches/selinux-role.patch | |||
| @@ -108,7 +108,7 @@ Index: b/monitor.c | |||
| 108 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, | 108 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, |
| 109 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | 109 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
| 110 | #ifdef USE_PAM | 110 | #ifdef USE_PAM |
| 111 | @@ -810,6 +812,7 @@ | 111 | @@ -811,6 +813,7 @@ |
| 112 | else { | 112 | else { |
| 113 | /* Allow service/style information on the auth context */ | 113 | /* Allow service/style information on the auth context */ |
| 114 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); | 114 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); |
| @@ -116,7 +116,7 @@ Index: b/monitor.c | |||
| 116 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); | 116 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); |
| 117 | } | 117 | } |
| 118 | #ifdef USE_PAM | 118 | #ifdef USE_PAM |
| 119 | @@ -842,14 +845,37 @@ | 119 | @@ -843,14 +846,37 @@ |
| 120 | 120 | ||
| 121 | authctxt->service = buffer_get_string(m, NULL); | 121 | authctxt->service = buffer_get_string(m, NULL); |
| 122 | authctxt->style = buffer_get_string(m, NULL); | 122 | authctxt->style = buffer_get_string(m, NULL); |
| @@ -156,7 +156,7 @@ Index: b/monitor.c | |||
| 156 | return (0); | 156 | return (0); |
| 157 | } | 157 | } |
| 158 | 158 | ||
| 159 | @@ -1437,7 +1463,7 @@ | 159 | @@ -1438,7 +1464,7 @@ |
| 160 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); | 160 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); |
| 161 | if (res == 0) | 161 | if (res == 0) |
| 162 | goto error; | 162 | goto error; |
| @@ -256,18 +256,15 @@ Index: b/openbsd-compat/port-linux.c | |||
| 256 | #include "log.h" | 256 | #include "log.h" |
| 257 | #include "xmalloc.h" | 257 | #include "xmalloc.h" |
| 258 | #include "port-linux.h" | 258 | #include "port-linux.h" |
| 259 | @@ -58,9 +64,9 @@ | 259 | @@ -58,7 +64,7 @@ |
| 260 | 260 | ||
| 261 | /* Return the default security context for the given username */ | 261 | /* Return the default security context for the given username */ |
| 262 | static security_context_t | 262 | static security_context_t |
| 263 | -ssh_selinux_getctxbyname(char *pwname) | 263 | -ssh_selinux_getctxbyname(char *pwname) |
| 264 | +ssh_selinux_getctxbyname(char *pwname, const char *role) | 264 | +ssh_selinux_getctxbyname(char *pwname, const char *role) |
| 265 | { | 265 | { |
| 266 | - security_context_t sc; | 266 | security_context_t sc = NULL; |
| 267 | + security_context_t sc = NULL; | ||
| 268 | char *sename = NULL, *lvl = NULL; | 267 | char *sename = NULL, *lvl = NULL; |
| 269 | int r; | ||
| 270 | |||
| 271 | @@ -73,9 +79,16 @@ | 268 | @@ -73,9 +79,16 @@ |
| 272 | #endif | 269 | #endif |
| 273 | 270 | ||
| @@ -287,7 +284,7 @@ Index: b/openbsd-compat/port-linux.c | |||
| 287 | #endif | 284 | #endif |
| 288 | 285 | ||
| 289 | if (r != 0) { | 286 | if (r != 0) { |
| 290 | @@ -106,7 +119,7 @@ | 287 | @@ -107,7 +120,7 @@ |
| 291 | 288 | ||
| 292 | /* Set the execution context to the default for the specified user */ | 289 | /* Set the execution context to the default for the specified user */ |
| 293 | void | 290 | void |
| @@ -296,7 +293,7 @@ Index: b/openbsd-compat/port-linux.c | |||
| 296 | { | 293 | { |
| 297 | security_context_t user_ctx = NULL; | 294 | security_context_t user_ctx = NULL; |
| 298 | 295 | ||
| 299 | @@ -115,7 +128,7 @@ | 296 | @@ -116,7 +129,7 @@ |
| 300 | 297 | ||
| 301 | debug3("%s: setting execution context", __func__); | 298 | debug3("%s: setting execution context", __func__); |
| 302 | 299 | ||
| @@ -305,7 +302,7 @@ Index: b/openbsd-compat/port-linux.c | |||
| 305 | if (setexeccon(user_ctx) != 0) { | 302 | if (setexeccon(user_ctx) != 0) { |
| 306 | switch (security_getenforce()) { | 303 | switch (security_getenforce()) { |
| 307 | case -1: | 304 | case -1: |
| 308 | @@ -137,7 +150,7 @@ | 305 | @@ -138,7 +151,7 @@ |
| 309 | 306 | ||
| 310 | /* Set the TTY context for the specified user */ | 307 | /* Set the TTY context for the specified user */ |
| 311 | void | 308 | void |
| @@ -314,7 +311,7 @@ Index: b/openbsd-compat/port-linux.c | |||
| 314 | { | 311 | { |
| 315 | security_context_t new_tty_ctx = NULL; | 312 | security_context_t new_tty_ctx = NULL; |
| 316 | security_context_t user_ctx = NULL; | 313 | security_context_t user_ctx = NULL; |
| 317 | @@ -148,7 +161,7 @@ | 314 | @@ -149,7 +162,7 @@ |
| 318 | 315 | ||
| 319 | debug3("%s: setting TTY context on %s", __func__, tty); | 316 | debug3("%s: setting TTY context on %s", __func__, tty); |
| 320 | 317 | ||
| @@ -439,7 +436,7 @@ Index: b/sshd.c | |||
| 439 | =================================================================== | 436 | =================================================================== |
| 440 | --- a/sshd.c | 437 | --- a/sshd.c |
| 441 | +++ b/sshd.c | 438 | +++ b/sshd.c |
| 442 | @@ -730,7 +730,7 @@ | 439 | @@ -734,7 +734,7 @@ |
| 443 | RAND_seed(rnd, sizeof(rnd)); | 440 | RAND_seed(rnd, sizeof(rnd)); |
| 444 | 441 | ||
| 445 | /* Drop privileges */ | 442 | /* Drop privileges */ |