diff --git a/openssh-5.9p1-2auth.patch b/openssh-5.9p1-2auth.patch index b19594b..b19d2ac 100644 --- a/openssh-5.9p1-2auth.patch +++ b/openssh-5.9p1-2auth.patch @@ -1,6 +1,6 @@ diff -up openssh-5.9p1/auth.h.2auth openssh-5.9p1/auth.h --- openssh-5.9p1/auth.h.2auth 2011-05-29 13:39:38.000000000 +0200 -+++ openssh-5.9p1/auth.h 2011-09-13 20:25:22.250474950 +0200 ++++ openssh-5.9p1/auth.h 2011-09-17 11:36:54.314522599 +0200 @@ -149,6 +149,8 @@ int auth_root_allowed(char *); char *auth2_read_banner(void); @@ -12,8 +12,8 @@ diff -up openssh-5.9p1/auth.h.2auth openssh-5.9p1/auth.h int auth2_challenge(Authctxt *, char *); diff -up openssh-5.9p1/auth2.c.2auth openssh-5.9p1/auth2.c --- openssh-5.9p1/auth2.c.2auth 2011-05-05 06:04:11.000000000 +0200 -+++ openssh-5.9p1/auth2.c 2011-09-13 20:25:22.348458588 +0200 -@@ -290,6 +290,23 @@ input_userauth_request(int type, u_int32 ++++ openssh-5.9p1/auth2.c 2011-09-17 11:36:54.402521709 +0200 +@@ -290,6 +290,24 @@ input_userauth_request(int type, u_int32 } void @@ -21,6 +21,7 @@ diff -up openssh-5.9p1/auth2.c.2auth openssh-5.9p1/auth2.c +{ + options.two_factor_authentication = 0; + ++ debug2("userauth restart, method = %s", method); + options.pubkey_authentication = options.second_pubkey_authentication && strcmp(method, method_pubkey.name); +#ifdef GSSAPI + options.gss_authentication = options.second_gss_authentication && strcmp(method, method_gssapi.name); @@ -37,15 +38,12 @@ diff -up openssh-5.9p1/auth2.c.2auth openssh-5.9p1/auth2.c userauth_finish(Authctxt *authctxt, int authenticated, char *method) { char *methods; -@@ -337,6 +354,15 @@ userauth_finish(Authctxt *authctxt, int +@@ -337,6 +355,12 @@ userauth_finish(Authctxt *authctxt, int /* XXX todo: check if multiple auth methods are needed */ if (authenticated == 1) { + if (options.two_factor_authentication) { + userauth_restart(method); -+ if (use_privsep) -+ PRIVSEP(userauth_restart(method)); -+ + debug("1st factor authentication done go to 2nd factor"); + goto ask_methods; + } @@ -53,131 +51,33 @@ diff -up openssh-5.9p1/auth2.c.2auth openssh-5.9p1/auth2.c /* turn off userauth */ dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); packet_start(SSH2_MSG_USERAUTH_SUCCESS); -@@ -356,6 +382,7 @@ userauth_finish(Authctxt *authctxt, int +@@ -356,7 +380,9 @@ userauth_finish(Authctxt *authctxt, int #endif packet_disconnect(AUTH_FAIL_MSG, authctxt->user); } +ask_methods: methods = authmethods_get(); ++ debug2("next auth methods = %s", methods); packet_start(SSH2_MSG_USERAUTH_FAILURE); packet_put_cstring(methods); + packet_put_char(0); /* XXX partial success, unused */ diff -up openssh-5.9p1/monitor.c.2auth openssh-5.9p1/monitor.c ---- openssh-5.9p1/monitor.c.2auth 2011-09-13 20:25:18.031458843 +0200 -+++ openssh-5.9p1/monitor.c 2011-09-13 20:53:29.345644462 +0200 -@@ -165,6 +165,7 @@ int mm_answer_jpake_step1(int, Buffer *) - int mm_answer_jpake_step2(int, Buffer *); - int mm_answer_jpake_key_confirm(int, Buffer *); - int mm_answer_jpake_check_confirm(int, Buffer *); -+int mm_answer_userauth_restart(int, Buffer *); - - #ifdef USE_PAM - int mm_answer_pam_start(int, Buffer *); -@@ -259,6 +260,7 @@ struct mon_table mon_dispatch_proto20[] - {MONITOR_REQ_JPAKE_KEY_CONFIRM, MON_ONCE, mm_answer_jpake_key_confirm}, - {MONITOR_REQ_JPAKE_CHECK_CONFIRM, MON_AUTH, mm_answer_jpake_check_confirm}, +--- openssh-5.9p1/monitor.c.2auth 2011-08-05 22:15:18.000000000 +0200 ++++ openssh-5.9p1/monitor.c 2011-09-17 11:36:54.513491937 +0200 +@@ -417,6 +417,10 @@ monitor_child_preauth(Authctxt *_authctx + } + } #endif -+ {MONITOR_REQ_USERAUTH_RESTART, MON_PERMIT, mm_answer_userauth_restart}, - {0, 0, NULL} - }; - -@@ -378,7 +380,7 @@ monitor_child_preauth(Authctxt *_authctx ++ if (authenticated && options.two_factor_authentication) { ++ userauth_restart(auth_method); ++ authenticated = 0; ++ } } - /* The first few requests do not require asynchronous access */ -- while (!authenticated) { -+ while (!authenticated || options.two_factor_authentication) { - auth_method = "unknown"; - authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); - if (authenticated) { -@@ -390,7 +392,7 @@ monitor_child_preauth(Authctxt *_authctx - authenticated = 0; - #ifdef USE_PAM - /* PAM needs to perform account checks after auth */ -- if (options.use_pam && authenticated) { -+ if (options.use_pam && authenticated && !options.two_factor_authentication) { - Buffer m; - - buffer_init(&m); -@@ -2001,6 +2003,24 @@ monitor_reinit(struct monitor *mon) - monitor_openfds(mon, 0); - } - -+int -+mm_answer_userauth_restart(int sock, Buffer *m) -+{ -+ char *method; -+ u_int method_len; -+ -+ method = buffer_get_string(m, &method_len); -+ -+ userauth_restart(method); -+ -+ xfree(method); -+ buffer_clear(m); -+ -+ mm_request_send(sock, MONITOR_ANS_USERAUTH_RESTART, m); -+ -+ return (0); -+} -+ - #ifdef GSSAPI - int - mm_answer_gss_setup_ctx(int sock, Buffer *m) -diff -up openssh-5.9p1/monitor.h.2auth openssh-5.9p1/monitor.h ---- openssh-5.9p1/monitor.h.2auth 2011-06-20 06:42:23.000000000 +0200 -+++ openssh-5.9p1/monitor.h 2011-09-13 20:25:22.615458574 +0200 -@@ -66,6 +66,7 @@ enum monitor_reqtype { - MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2, - MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM, - MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM, -+ MONITOR_REQ_USERAUTH_RESTART, MONITOR_ANS_USERAUTH_RESTART, - }; - - struct mm_master; -diff -up openssh-5.9p1/monitor_wrap.c.2auth openssh-5.9p1/monitor_wrap.c ---- openssh-5.9p1/monitor_wrap.c.2auth 2011-06-20 06:42:23.000000000 +0200 -+++ openssh-5.9p1/monitor_wrap.c 2011-09-13 20:25:22.735468462 +0200 -@@ -1173,6 +1173,26 @@ mm_auth_rsa_verify_response(Key *key, BI - return (success); - } - -+void -+mm_userauth_restart(const char *monitor) -+{ -+ Buffer m; -+ -+ debug3("%s entering", __func__); -+ -+ buffer_init(&m); -+ -+ buffer_put_cstring(&m, monitor); -+ -+ mm_request_send(pmonitor->m_recvfd, -+ MONITOR_REQ_USERAUTH_RESTART, &m); -+ debug3("%s: waiting for MONITOR_ANS_USERAUTH_RESTART", __func__); -+ mm_request_receive_expect(pmonitor->m_recvfd, -+ MONITOR_ANS_USERAUTH_RESTART, &m); -+ -+ buffer_free(&m); -+} -+ - #ifdef SSH_AUDIT_EVENTS - void - mm_audit_event(ssh_audit_event_t event) -diff -up openssh-5.9p1/monitor_wrap.h.2auth openssh-5.9p1/monitor_wrap.h ---- openssh-5.9p1/monitor_wrap.h.2auth 2011-06-20 06:42:23.000000000 +0200 -+++ openssh-5.9p1/monitor_wrap.h 2011-09-13 20:25:22.847457505 +0200 -@@ -53,6 +53,7 @@ int mm_key_verify(Key *, u_char *, u_int - int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); - int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *); - BIGNUM *mm_auth_rsa_generate_challenge(Key *); -+void mm_userauth_restart(const char *); - - #ifdef GSSAPI - OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); + /* Drain any buffered messages from the child */ diff -up openssh-5.9p1/servconf.c.2auth openssh-5.9p1/servconf.c ---- openssh-5.9p1/servconf.c.2auth 2011-09-13 20:25:18.836495701 +0200 -+++ openssh-5.9p1/servconf.c 2011-09-13 20:25:22.994584169 +0200 +--- openssh-5.9p1/servconf.c.2auth 2011-06-23 00:30:03.000000000 +0200 ++++ openssh-5.9p1/servconf.c 2011-09-17 11:36:54.632461730 +0200 @@ -92,6 +92,13 @@ initialize_server_options(ServerOptions options->hostbased_uses_name_from_packet_only = -1; options->rsa_authentication = -1; @@ -333,7 +233,7 @@ diff -up openssh-5.9p1/servconf.c.2auth openssh-5.9p1/servconf.c dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); diff -up openssh-5.9p1/servconf.h.2auth openssh-5.9p1/servconf.h --- openssh-5.9p1/servconf.h.2auth 2011-06-23 00:30:03.000000000 +0200 -+++ openssh-5.9p1/servconf.h 2011-09-13 20:25:23.103459846 +0200 ++++ openssh-5.9p1/servconf.h 2011-09-17 11:36:54.749584245 +0200 @@ -112,6 +112,14 @@ typedef struct { /* If true, permit jpake auth */ int permit_empty_passwd; /* If false, do not permit empty @@ -351,7 +251,7 @@ diff -up openssh-5.9p1/servconf.h.2auth openssh-5.9p1/servconf.h int compression; /* If true, compression is allowed */ diff -up openssh-5.9p1/sshd_config.2auth openssh-5.9p1/sshd_config --- openssh-5.9p1/sshd_config.2auth 2011-05-29 13:39:39.000000000 +0200 -+++ openssh-5.9p1/sshd_config 2011-09-13 20:25:23.221458447 +0200 ++++ openssh-5.9p1/sshd_config 2011-09-17 11:36:54.859588726 +0200 @@ -87,6 +87,13 @@ AuthorizedKeysFile .ssh/authorized_keys # and ChallengeResponseAuthentication to 'no'. #UsePAM no @@ -360,7 +260,7 @@ diff -up openssh-5.9p1/sshd_config.2auth openssh-5.9p1/sshd_config +#SecondPubkeyAuthentication yes +#SecondHostbasedAuthentication no +#SecondPasswordAuthentication yes -+#SecondChallengeResponseAuthentication yes ++#SecondKBDInteractiveAuthentication yes +#SecondGSSAPIAuthentication no + #AllowAgentForwarding yes @@ -368,7 +268,7 @@ diff -up openssh-5.9p1/sshd_config.2auth openssh-5.9p1/sshd_config #GatewayPorts no diff -up openssh-5.9p1/sshd_config.5.2auth openssh-5.9p1/sshd_config.5 --- openssh-5.9p1/sshd_config.5.2auth 2011-08-05 22:17:33.000000000 +0200 -+++ openssh-5.9p1/sshd_config.5 2011-09-13 20:25:23.416458539 +0200 ++++ openssh-5.9p1/sshd_config.5 2011-09-17 13:45:49.022521436 +0200 @@ -726,6 +726,12 @@ Available keywords are .Cm PubkeyAuthentication , .Cm RhostsRSAAuthentication , @@ -382,7 +282,7 @@ diff -up openssh-5.9p1/sshd_config.5.2auth openssh-5.9p1/sshd_config.5 .Cm X11DisplayOffset , .Cm X11Forwarding and -@@ -931,6 +937,41 @@ Specifies whether pure RSA authenticatio +@@ -931,6 +937,45 @@ Specifies whether pure RSA authenticatio The default is .Dq yes . This option applies to protocol version 1 only. @@ -392,39 +292,43 @@ diff -up openssh-5.9p1/sshd_config.5.2auth openssh-5.9p1/sshd_config.5 +may be used on the second authentication while +.Cm TwoFactorAuthentication +is set. -+The argument must be “yes” or “no”. The default is “no”. ++The default is ++.Dq no . +.It Cm SecondHostbasedAuthentication +Specifies whether the +.Cm HostbasedAuthentication +may be used on the second authentication while +.Cm TwoFactorAuthentication +is set. -+The argument must be “yes” or “no”. The default is “no”. ++The default is ++.Dq no . +.It Cm SecondKbdInteractiveAuthentication +Specifies whether the +.Cm KbdInteractiveAuthentication +may be used on the second authentication while +.Cm TwoFactorAuthentication +is set. -+The argument must be “yes” or “no”. The default is “no”. ++The default is ++.Dq yes . +.It Cm SecondPasswordAuthentication +Specifies whether the +.Cm PasswordAuthentication +may be used on the second authentication while +.Cm TwoFactorAuthentication +is set. -+The argument must be “yes” or “no”. The default is “yes”. -+.It Cm SecondPubkeyAuthentication ++The default is ++.Dq yes . +Specifies whether the +.Cm PubkeyAuthentication +may be used on the second authentication while +.Cm TwoFactorAuthentication +is set. -+The argument must be “yes” or “no”. The default is “yes”. ++The default is ++.Dq yes . .It Cm ServerKeyBits Defines the number of bits in the ephemeral protocol version 1 server key. The minimum value is 512, and the default is 1024. -@@ -1011,6 +1052,22 @@ For more details on certificates, see th +@@ -1011,6 +1056,23 @@ For more details on certificates, see th .Sx CERTIFICATES section in .Xr ssh-keygen 1 . @@ -443,7 +347,8 @@ diff -up openssh-5.9p1/sshd_config.5.2auth openssh-5.9p1/sshd_config.5 +.Cm SecondPasswordAuthentication , +.Cm SecondPubkeyAuthentication +without the method used for the first authentication. -+The argument must be “yes” or “no”. The default is “no”. ++The default is ++.Dq no . .It Cm UseDNS Specifies whether .Xr sshd 8 diff --git a/openssh-5.9p1-audit4.patch b/openssh-5.9p1-audit4.patch index c1da0b0..0594a63 100644 --- a/openssh-5.9p1-audit4.patch +++ b/openssh-5.9p1-audit4.patch @@ -1,6 +1,6 @@ diff -up openssh-5.9p1/audit-bsm.c.audit4 openssh-5.9p1/audit-bsm.c ---- openssh-5.9p1/audit-bsm.c.audit4 2011-09-14 07:20:13.580471755 +0200 -+++ openssh-5.9p1/audit-bsm.c 2011-09-14 07:20:15.087521491 +0200 +--- openssh-5.9p1/audit-bsm.c.audit4 2011-09-18 05:13:24.922458521 +0200 ++++ openssh-5.9p1/audit-bsm.c 2011-09-18 05:13:26.808459314 +0200 @@ -408,4 +408,10 @@ audit_kex_body(int ctos, char *enc, char { /* not implemented */ @@ -13,8 +13,8 @@ diff -up openssh-5.9p1/audit-bsm.c.audit4 openssh-5.9p1/audit-bsm.c +} #endif /* BSM */ diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c ---- openssh-5.9p1/audit-linux.c.audit4 2011-09-14 07:20:13.692465249 +0200 -+++ openssh-5.9p1/audit-linux.c 2011-09-14 07:21:51.559462876 +0200 +--- openssh-5.9p1/audit-linux.c.audit4 2011-09-18 05:13:25.041460630 +0200 ++++ openssh-5.9p1/audit-linux.c 2011-09-18 05:13:26.897563551 +0200 @@ -294,6 +294,8 @@ audit_unsupported_body(int what) #endif } @@ -66,8 +66,8 @@ diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c + #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.9p1/audit.c.audit4 openssh-5.9p1/audit.c ---- openssh-5.9p1/audit.c.audit4 2011-09-14 07:20:13.787520896 +0200 -+++ openssh-5.9p1/audit.c 2011-09-14 07:20:15.619521843 +0200 +--- openssh-5.9p1/audit.c.audit4 2011-09-18 05:13:25.151459504 +0200 ++++ openssh-5.9p1/audit.c 2011-09-18 05:13:26.995548664 +0200 @@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid())); } @@ -98,8 +98,8 @@ diff -up openssh-5.9p1/audit.c.audit4 openssh-5.9p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.9p1/audit.h.audit4 openssh-5.9p1/audit.h ---- openssh-5.9p1/audit.h.audit4 2011-09-14 07:20:13.893524944 +0200 -+++ openssh-5.9p1/audit.h 2011-09-14 07:20:15.739523476 +0200 +--- openssh-5.9p1/audit.h.audit4 2011-09-18 05:13:25.247587021 +0200 ++++ openssh-5.9p1/audit.h 2011-09-18 05:13:27.107531553 +0200 @@ -62,5 +62,7 @@ void audit_unsupported(int); void audit_kex(int, char *, char *, char *); void audit_unsupported_body(int); @@ -109,8 +109,8 @@ diff -up openssh-5.9p1/audit.h.audit4 openssh-5.9p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.9p1/auditstub.c.audit4 openssh-5.9p1/auditstub.c ---- openssh-5.9p1/auditstub.c.audit4 2011-09-14 07:20:13.993523515 +0200 -+++ openssh-5.9p1/auditstub.c 2011-09-14 07:20:15.843531733 +0200 +--- openssh-5.9p1/auditstub.c.audit4 2011-09-18 05:13:25.350459598 +0200 ++++ openssh-5.9p1/auditstub.c 2011-09-18 05:13:27.209523920 +0200 @@ -27,6 +27,8 @@ * Red Hat author: Jan F. Chadima */ @@ -134,8 +134,8 @@ diff -up openssh-5.9p1/auditstub.c.audit4 openssh-5.9p1/auditstub.c +{ +} diff -up openssh-5.9p1/kex.c.audit4 openssh-5.9p1/kex.c ---- openssh-5.9p1/kex.c.audit4 2011-09-14 07:20:14.294645864 +0200 -+++ openssh-5.9p1/kex.c 2011-09-14 07:20:15.948646500 +0200 +--- openssh-5.9p1/kex.c.audit4 2011-09-18 05:13:25.656459960 +0200 ++++ openssh-5.9p1/kex.c 2011-09-18 05:13:27.309500951 +0200 @@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i fprintf(stderr, "\n"); } @@ -173,7 +173,7 @@ diff -up openssh-5.9p1/kex.c.audit4 openssh-5.9p1/kex.c + diff -up openssh-5.9p1/kex.h.audit4 openssh-5.9p1/kex.h --- openssh-5.9p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200 -+++ openssh-5.9p1/kex.h 2011-09-14 07:20:16.045521582 +0200 ++++ openssh-5.9p1/kex.h 2011-09-18 05:13:27.419492884 +0200 @@ -156,6 +156,8 @@ void kexgex_server(Kex *); void kexecdh_client(Kex *); void kexecdh_server(Kex *); @@ -185,7 +185,7 @@ diff -up openssh-5.9p1/kex.h.audit4 openssh-5.9p1/kex.h BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); diff -up openssh-5.9p1/mac.c.audit4 openssh-5.9p1/mac.c --- openssh-5.9p1/mac.c.audit4 2011-08-17 02:29:03.000000000 +0200 -+++ openssh-5.9p1/mac.c 2011-09-14 07:20:16.173477847 +0200 ++++ openssh-5.9p1/mac.c 2011-09-18 05:13:27.545464964 +0200 @@ -168,6 +168,20 @@ mac_clear(Mac *mac) mac->umac_ctx = NULL; } @@ -209,16 +209,16 @@ diff -up openssh-5.9p1/mac.c.audit4 openssh-5.9p1/mac.c int diff -up openssh-5.9p1/mac.h.audit4 openssh-5.9p1/mac.h --- openssh-5.9p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200 -+++ openssh-5.9p1/mac.h 2011-09-14 07:20:16.287522108 +0200 ++++ openssh-5.9p1/mac.h 2011-09-18 05:13:27.675473027 +0200 @@ -28,3 +28,4 @@ int mac_setup(Mac *, char *); int mac_init(Mac *); u_char *mac_compute(Mac *, u_int32_t, u_char *, int); void mac_clear(Mac *); +void mac_destroy(Mac *); diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c ---- openssh-5.9p1/monitor.c.audit4 2011-09-14 07:20:14.404521153 +0200 -+++ openssh-5.9p1/monitor.c 2011-09-14 07:20:16.400462714 +0200 -@@ -190,6 +190,7 @@ int mm_answer_audit_command(int, Buffer +--- openssh-5.9p1/monitor.c.audit4 2011-09-18 05:13:25.778584691 +0200 ++++ openssh-5.9p1/monitor.c 2011-09-18 05:15:22.786522699 +0200 +@@ -189,6 +189,7 @@ int mm_answer_audit_command(int, Buffer int mm_answer_audit_end_command(int, Buffer *); int mm_answer_audit_unsupported_body(int, Buffer *); int mm_answer_audit_kex_body(int, Buffer *); @@ -226,7 +226,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c #endif static int monitor_read_log(struct monitor *); -@@ -242,6 +243,7 @@ struct mon_table mon_dispatch_proto20[] +@@ -241,6 +242,7 @@ struct mon_table mon_dispatch_proto20[] {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, @@ -234,7 +234,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c #endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, -@@ -282,6 +284,7 @@ struct mon_table mon_dispatch_postauth20 +@@ -280,6 +282,7 @@ struct mon_table mon_dispatch_postauth20 {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command}, {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, @@ -242,7 +242,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c #endif {0, 0, NULL} }; -@@ -315,6 +318,7 @@ struct mon_table mon_dispatch_proto15[] +@@ -313,6 +316,7 @@ struct mon_table mon_dispatch_proto15[] {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, @@ -250,7 +250,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c #endif {0, 0, NULL} }; -@@ -329,6 +333,7 @@ struct mon_table mon_dispatch_postauth15 +@@ -327,6 +331,7 @@ struct mon_table mon_dispatch_postauth15 {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command}, {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, @@ -258,8 +258,8 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c #endif {0, 0, NULL} }; -@@ -435,10 +440,6 @@ monitor_child_preauth(Authctxt *_authctx - #endif +@@ -437,10 +442,6 @@ monitor_child_preauth(Authctxt *_authctx + } } - /* Drain any buffered messages from the child */ @@ -269,7 +269,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c if (!authctxt->valid) fatal("%s: authenticated invalid user", __func__); if (strcmp(auth_method, "unknown") == 0) -@@ -1925,11 +1926,13 @@ mm_get_keystate(struct monitor *pmonitor +@@ -1927,11 +1928,13 @@ mm_get_keystate(struct monitor *pmonitor blob = buffer_get_string(&m, &bloblen); current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); @@ -283,7 +283,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c xfree(blob); /* Now get sequence numbers for the packets */ -@@ -1975,6 +1978,21 @@ mm_get_keystate(struct monitor *pmonitor +@@ -1977,6 +1980,21 @@ mm_get_keystate(struct monitor *pmonitor } buffer_free(&m); @@ -305,7 +305,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c } -@@ -2437,4 +2455,22 @@ mm_answer_audit_kex_body(int sock, Buffe +@@ -2421,4 +2439,22 @@ mm_answer_audit_kex_body(int sock, Buffe return 0; } @@ -329,8 +329,8 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.9p1/monitor.h.audit4 openssh-5.9p1/monitor.h ---- openssh-5.9p1/monitor.h.audit4 2011-09-14 07:20:14.518521791 +0200 -+++ openssh-5.9p1/monitor.h 2011-09-14 07:20:16.512585387 +0200 +--- openssh-5.9p1/monitor.h.audit4 2011-09-18 05:13:25.887586033 +0200 ++++ openssh-5.9p1/monitor.h 2011-09-18 05:13:27.934522919 +0200 @@ -63,6 +63,7 @@ enum monitor_reqtype { MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND, MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, @@ -340,8 +340,8 @@ diff -up openssh-5.9p1/monitor.h.audit4 openssh-5.9p1/monitor.h MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1, MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA, diff -up openssh-5.9p1/monitor_wrap.c.audit4 openssh-5.9p1/monitor_wrap.c ---- openssh-5.9p1/monitor_wrap.c.audit4 2011-09-14 07:20:14.713521378 +0200 -+++ openssh-5.9p1/monitor_wrap.c 2011-09-14 07:20:16.640587362 +0200 +--- openssh-5.9p1/monitor_wrap.c.audit4 2011-09-18 05:13:26.013583317 +0200 ++++ openssh-5.9p1/monitor_wrap.c 2011-09-18 05:13:28.049519981 +0200 @@ -653,12 +653,14 @@ mm_send_keystate(struct monitor *monitor fatal("%s: conversion of newkeys failed", __func__); @@ -357,7 +357,7 @@ diff -up openssh-5.9p1/monitor_wrap.c.audit4 openssh-5.9p1/monitor_wrap.c xfree(blob); packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes); -@@ -1542,4 +1544,19 @@ mm_audit_kex_body(int ctos, char *cipher +@@ -1522,4 +1524,19 @@ mm_audit_kex_body(int ctos, char *cipher buffer_free(&m); } @@ -378,9 +378,9 @@ diff -up openssh-5.9p1/monitor_wrap.c.audit4 openssh-5.9p1/monitor_wrap.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.9p1/monitor_wrap.h.audit4 openssh-5.9p1/monitor_wrap.h ---- openssh-5.9p1/monitor_wrap.h.audit4 2011-09-14 07:20:14.821520100 +0200 -+++ openssh-5.9p1/monitor_wrap.h 2011-09-14 07:20:16.749585355 +0200 -@@ -80,6 +80,7 @@ int mm_audit_run_command(const char *); +--- openssh-5.9p1/monitor_wrap.h.audit4 2011-09-18 05:13:26.119474152 +0200 ++++ openssh-5.9p1/monitor_wrap.h 2011-09-18 05:13:28.151521539 +0200 +@@ -79,6 +79,7 @@ int mm_audit_run_command(const char *); void mm_audit_end_command(int, const char *); void mm_audit_unsupported_body(int); void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); @@ -389,8 +389,8 @@ diff -up openssh-5.9p1/monitor_wrap.h.audit4 openssh-5.9p1/monitor_wrap.h struct Session; diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c ---- openssh-5.9p1/packet.c.audit4 2011-09-14 07:20:09.337458270 +0200 -+++ openssh-5.9p1/packet.c 2011-09-14 07:20:16.892461022 +0200 +--- openssh-5.9p1/packet.c.audit4 2011-09-18 05:13:20.417548627 +0200 ++++ openssh-5.9p1/packet.c 2011-09-18 05:13:28.278520968 +0200 @@ -60,6 +60,7 @@ #include @@ -584,7 +584,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c + diff -up openssh-5.9p1/packet.h.audit4 openssh-5.9p1/packet.h --- openssh-5.9p1/packet.h.audit4 2011-05-15 00:43:13.000000000 +0200 -+++ openssh-5.9p1/packet.h 2011-09-14 07:20:17.003583853 +0200 ++++ openssh-5.9p1/packet.h 2011-09-18 05:13:28.385521238 +0200 @@ -124,4 +124,5 @@ void packet_restore_state(void); void *packet_get_input(void); void *packet_get_output(void); @@ -592,8 +592,8 @@ diff -up openssh-5.9p1/packet.h.audit4 openssh-5.9p1/packet.h +void packet_destroy_all(int, int); #endif /* PACKET_H */ diff -up openssh-5.9p1/session.c.audit4 openssh-5.9p1/session.c ---- openssh-5.9p1/session.c.audit4 2011-09-14 07:20:11.774521404 +0200 -+++ openssh-5.9p1/session.c 2011-09-14 07:20:17.134462420 +0200 +--- openssh-5.9p1/session.c.audit4 2011-09-18 05:13:22.842504192 +0200 ++++ openssh-5.9p1/session.c 2011-09-18 05:13:28.511522576 +0200 @@ -1634,6 +1634,9 @@ do_child(Session *s, const char *command /* remove hostkey from the child's memory */ @@ -605,8 +605,8 @@ diff -up openssh-5.9p1/session.c.audit4 openssh-5.9p1/session.c /* Force a password change */ if (s->authctxt->force_pwchange) { diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c ---- openssh-5.9p1/sshd.c.audit4 2011-09-14 07:20:14.946521214 +0200 -+++ openssh-5.9p1/sshd.c 2011-09-14 07:20:17.258458657 +0200 +--- openssh-5.9p1/sshd.c.audit4 2011-09-18 05:13:26.617460032 +0200 ++++ openssh-5.9p1/sshd.c 2011-09-18 05:13:28.621521065 +0200 @@ -686,6 +686,8 @@ privsep_preauth(Authctxt *authctxt) } } diff --git a/openssh-5.9p1-sesandbox.patch b/openssh-5.9p1-sesandbox.patch index 36225d1..ec84cef 100644 --- a/openssh-5.9p1-sesandbox.patch +++ b/openssh-5.9p1-sesandbox.patch @@ -1,6 +1,6 @@ diff -up openssh-5.9p1/Makefile.in.sesandbox openssh-5.9p1/Makefile.in ---- openssh-5.9p1/Makefile.in.sesandbox 2011-09-13 16:00:58.201646362 +0200 -+++ openssh-5.9p1/Makefile.in 2011-09-13 16:01:08.284466746 +0200 +--- openssh-5.9p1/Makefile.in.sesandbox 2011-09-19 04:10:05.706521484 +0200 ++++ openssh-5.9p1/Makefile.in 2011-09-19 04:10:15.092646473 +0200 @@ -90,7 +90,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ sftp-server.o sftp-common.o \ @@ -12,7 +12,7 @@ diff -up openssh-5.9p1/Makefile.in.sesandbox openssh-5.9p1/Makefile.in MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 diff -up openssh-5.9p1/configure.ac.sesandbox openssh-5.9p1/configure.ac --- openssh-5.9p1/configure.ac.sesandbox 2011-08-18 06:48:24.000000000 +0200 -+++ openssh-5.9p1/configure.ac 2011-09-13 16:01:08.537509294 +0200 ++++ openssh-5.9p1/configure.ac 2011-09-19 04:10:15.193521356 +0200 @@ -2476,7 +2476,7 @@ AC_SUBST([SSH_PRIVSEP_USER]) # Decide which sandbox style to use sandbox_arg="" @@ -34,8 +34,8 @@ diff -up openssh-5.9p1/configure.ac.sesandbox openssh-5.9p1/configure.ac ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then test "x$ac_cv_func_setrlimit" != "xyes" && \ diff -up openssh-5.9p1/openbsd-compat/port-linux.c.sesandbox openssh-5.9p1/openbsd-compat/port-linux.c ---- openssh-5.9p1/openbsd-compat/port-linux.c.sesandbox 2011-09-13 16:09:04.534585160 +0200 -+++ openssh-5.9p1/openbsd-compat/port-linux.c 2011-09-13 16:13:51.827640965 +0200 +--- openssh-5.9p1/openbsd-compat/port-linux.c.sesandbox 2011-09-19 04:10:14.731521450 +0200 ++++ openssh-5.9p1/openbsd-compat/port-linux.c 2011-09-19 04:10:15.292521265 +0200 @@ -459,24 +459,24 @@ ssh_selinux_setup_pty(char *pwname, cons debug3("%s: done", __func__); } @@ -91,8 +91,8 @@ diff -up openssh-5.9p1/openbsd-compat/port-linux.c.sesandbox openssh-5.9p1/openb void diff -up openssh-5.9p1/openbsd-compat/port-linux.h.sesandbox openssh-5.9p1/openbsd-compat/port-linux.h ---- openssh-5.9p1/openbsd-compat/port-linux.h.sesandbox 2011-09-13 16:14:10.371460199 +0200 -+++ openssh-5.9p1/openbsd-compat/port-linux.h 2011-09-13 16:14:40.377646062 +0200 +--- openssh-5.9p1/openbsd-compat/port-linux.h.sesandbox 2011-09-19 04:10:14.817647868 +0200 ++++ openssh-5.9p1/openbsd-compat/port-linux.h 2011-09-19 04:10:15.401648009 +0200 @@ -23,7 +23,7 @@ int ssh_selinux_enabled(void); void ssh_selinux_setup_pty(char *, const char *); @@ -102,10 +102,58 @@ diff -up openssh-5.9p1/openbsd-compat/port-linux.h.sesandbox openssh-5.9p1/openb void ssh_selinux_chopy_context(void); void ssh_selinux_setfscreatecon(const char *); #endif +diff -up openssh-5.9p1/sandbox-darwin.c.sesandbox openssh-5.9p1/sandbox-darwin.c +--- openssh-5.9p1/sandbox-darwin.c.sesandbox 2011-06-26 23:18:21.000000000 +0200 ++++ openssh-5.9p1/sandbox-darwin.c 2011-09-19 04:10:15.490523231 +0200 +@@ -83,6 +83,12 @@ ssh_sandbox_child(struct ssh_sandbox *bo + } + + void ++ssh_sandbox_privileged_child(struct ssh_sandbox *box) ++{ ++ /* empty */ ++} ++ ++void + ssh_sandbox_parent_finish(struct ssh_sandbox *box) + { + free(box); +diff -up openssh-5.9p1/sandbox-null.c.sesandbox openssh-5.9p1/sandbox-null.c +--- openssh-5.9p1/sandbox-null.c.sesandbox 2011-06-23 11:45:51.000000000 +0200 ++++ openssh-5.9p1/sandbox-null.c 2011-09-19 04:10:15.599458687 +0200 +@@ -58,6 +58,12 @@ ssh_sandbox_child(struct ssh_sandbox *bo + } + + void ++ssh_sandbox_privileged_child(struct ssh_sandbox *box) ++{ ++ /* empty */ ++} ++ ++void + ssh_sandbox_parent_finish(struct ssh_sandbox *box) + { + free(box); +diff -up openssh-5.9p1/sandbox-rlimit.c.sesandbox openssh-5.9p1/sandbox-rlimit.c +--- openssh-5.9p1/sandbox-rlimit.c.sesandbox 2011-06-23 11:45:51.000000000 +0200 ++++ openssh-5.9p1/sandbox-rlimit.c 2011-09-19 04:10:16.077647289 +0200 +@@ -78,6 +78,12 @@ ssh_sandbox_child(struct ssh_sandbox *bo + } + + void ++ssh_sandbox_privileged_child(struct ssh_sandbox *box) ++{ ++ /* empty */ ++} ++ ++void + ssh_sandbox_parent_finish(struct ssh_sandbox *box) + { + free(box); diff -up openssh-5.9p1/sandbox-selinux.c.sesandbox openssh-5.9p1/sandbox-selinux.c ---- openssh-5.9p1/sandbox-selinux.c.sesandbox 2011-09-13 16:01:08.715520826 +0200 -+++ openssh-5.9p1/sandbox-selinux.c 2011-09-13 16:20:02.463511312 +0200 -@@ -0,0 +1,121 @@ +--- openssh-5.9p1/sandbox-selinux.c.sesandbox 2011-09-19 04:10:16.179526059 +0200 ++++ openssh-5.9p1/sandbox-selinux.c 2011-09-19 04:39:00.058646230 +0200 +@@ -0,0 +1,122 @@ +/* $Id: sandbox-selinux.c,v 1.0 2011/01/17 10:15:30 jfch Exp $ */ + +/* @@ -170,13 +218,14 @@ diff -up openssh-5.9p1/sandbox-selinux.c.sesandbox openssh-5.9p1/sandbox-selinux + * Strictly, we don't need to maintain any state here but we need + * to return non-NULL to satisfy the API. + */ ++ debug3("selinux sandbox init"); + box = xcalloc(1, sizeof(*box)); + box->child_pid = 0; + return box; +} + -+static void -+rlimit_ssh_sandbox_child(struct ssh_sandbox *box) ++void ++ssh_sandbox_child(struct ssh_sandbox *box) +{ + struct rlimit rl_zero; + @@ -196,15 +245,14 @@ diff -up openssh-5.9p1/sandbox-selinux.c.sesandbox openssh-5.9p1/sandbox-selinux +} + +void -+ssh_sandbox_child(struct ssh_sandbox *box) ++ssh_sandbox_privileged_child(struct ssh_sandbox *box) +{ + switch (ssh_selinux_change_context("sshd_sandbox_t")) { + case 0: -+ debug3("selinux sandbox sucessfully enabled"); ++ debug3("selinux sandbox child sucessfully enabled"); + break; + case -2: -+ logit("selinux not useful, using rlimit sandbox instead"); -+ rlimit_ssh_sandbox_child(box); ++ logit("selinux sandbox not useful"); + break; + case -1: + fatal("cannot set up selinux sandbox"); @@ -223,7 +271,51 @@ diff -up openssh-5.9p1/sandbox-selinux.c.sesandbox openssh-5.9p1/sandbox-selinux +void +ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) +{ ++ debug3("selinux sandbox parent sucessfully enabled"); + box->child_pid = child_pid; +} + +#endif /* SANDBOX_NULL */ +diff -up openssh-5.9p1/sandbox-systrace.c.sesandbox openssh-5.9p1/sandbox-systrace.c +--- openssh-5.9p1/sandbox-systrace.c.sesandbox 2011-08-05 22:16:23.000000000 +0200 ++++ openssh-5.9p1/sandbox-systrace.c 2011-09-19 04:10:16.268646532 +0200 +@@ -109,6 +109,12 @@ ssh_sandbox_child(struct ssh_sandbox *bo + close(box->child_sock); + } + ++void ++ssh_sandbox_privileged_child(struct ssh_sandbox *box) ++{ ++ /* empty */ ++} ++ + static void + ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid, + const struct sandbox_policy *allowed_syscalls) +diff -up openssh-5.9p1/ssh-sandbox.h.sesandbox openssh-5.9p1/ssh-sandbox.h +--- openssh-5.9p1/ssh-sandbox.h.sesandbox 2011-06-23 11:45:51.000000000 +0200 ++++ openssh-5.9p1/ssh-sandbox.h 2011-09-19 04:10:16.392523931 +0200 +@@ -19,5 +19,6 @@ struct ssh_sandbox; + + struct ssh_sandbox *ssh_sandbox_init(void); + void ssh_sandbox_child(struct ssh_sandbox *); ++void ssh_sandbox_privileged_child(struct ssh_sandbox *); + void ssh_sandbox_parent_finish(struct ssh_sandbox *); + void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t); +diff -up openssh-5.9p1/sshd.c.sesandbox openssh-5.9p1/sshd.c +--- openssh-5.9p1/sshd.c.sesandbox 2011-09-19 04:10:14.564467584 +0200 ++++ openssh-5.9p1/sshd.c 2011-09-19 04:36:43.324520132 +0200 +@@ -728,10 +730,12 @@ privsep_preauth(Authctxt *authctxt) + set_log_handler(mm_log_handler, pmonitor); + + /* Demote the child */ +- if (getuid() == 0 || geteuid() == 0) ++ if (getuid() == 0 || geteuid() == 0) { ++ ssh_sandbox_privileged_child(box); + privsep_preauth_child(); ++ } + setproctitle("%s", "[net]"); + if (box != NULL) { + ssh_sandbox_child(box); + xfree(box); + } diff --git a/openssh.spec b/openssh.spec index e9a01b6..e6594ea 100644 --- a/openssh.spec +++ b/openssh.spec @@ -75,7 +75,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %define openssh_ver 5.9p1 -%define openssh_rel 9 +%define openssh_rel 10 %define pam_ssh_agent_ver 0.9.2 %define pam_ssh_agent_rel 32 @@ -378,7 +378,9 @@ The module is most useful for su and sudo service stacks. %prep %setup -q -a 4 #Do not enable by default -###%patch0 -p1 -b .wIm +%if 0 +%patch0 -p1 -b .wIm +%endif %patch100 -p1 -b .coverity %patch101 -p1 -b .fingerprint @@ -413,7 +415,6 @@ popd %if %{ldap} %patch501 -p1 -b .ldap %endif - %patch502 -p1 -b .keycat %patch600 -p1 -b .keygen @@ -444,6 +445,10 @@ popd %patch900 -p1 -b .canohost %patch901 -p1 -b .kuserok +%if 0 +# Nothing here yet +%endif + autoreconf pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} autoreconf @@ -509,7 +514,12 @@ fi --with-pam \ %endif %if %{WITH_SELINUX} - --with-selinux --with-audit=linux --with-sandbox=selinux \ + --with-selinux --with-audit=linux \ +%if 1 + --with-sandbox=selinux \ +%else + --with-sandbox=no \ +%endif %endif %if %{kerberos5} --with-kerberos5${krb5_prefix:+=${krb5_prefix}} \ @@ -773,6 +783,10 @@ fi %endif %changelog +* Mon Sep 19 2011 Jan F. Chadima - 5.9p1-10 + 0.9.2-32 +- selinux sandbox rewrite +- two factor authentication tweaking + * Wed Sep 14 2011 Jan F. Chadima - 5.9p1-9 + 0.9.2-32 - coverity upgrade - wipe off nonfunctional nss