forked from rpms/openssh
add periodical reseeding of random generator
change selinux contex for internal sftp in do_usercontext exit(0) after sigterm
This commit is contained in:
parent
b32f1200b4
commit
8fe15092c3
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c
|
diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c
|
||||||
--- openssh-5.8p1/audit-bsm.c.audit4 2011-03-10 11:54:15.385855094 +0100
|
--- openssh-5.8p1/audit-bsm.c.audit4 2011-03-14 16:24:07.432855067 +0100
|
||||||
+++ openssh-5.8p1/audit-bsm.c 2011-03-10 11:54:16.108981513 +0100
|
+++ openssh-5.8p1/audit-bsm.c 2011-03-14 16:24:08.345979587 +0100
|
||||||
@@ -408,4 +408,10 @@ audit_kex_body(int ctos, char *enc, char
|
@@ -408,4 +408,10 @@ audit_kex_body(int ctos, char *enc, char
|
||||||
{
|
{
|
||||||
/* not implemented */
|
/* not implemented */
|
||||||
@ -13,8 +13,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c
|
|||||||
+}
|
+}
|
||||||
#endif /* BSM */
|
#endif /* BSM */
|
||||||
diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c
|
diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c
|
||||||
--- openssh-5.8p1/audit.c.audit4 2011-03-10 11:54:15.430980093 +0100
|
--- openssh-5.8p1/audit.c.audit4 2011-03-14 16:24:07.489855036 +0100
|
||||||
+++ openssh-5.8p1/audit.c 2011-03-10 11:54:16.150854915 +0100
|
+++ openssh-5.8p1/audit.c 2011-03-14 16:24:08.396854718 +0100
|
||||||
@@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac
|
@@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac
|
||||||
PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
|
PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
|
||||||
}
|
}
|
||||||
@ -45,8 +45,8 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c
|
|||||||
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h
|
diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h
|
||||||
--- openssh-5.8p1/audit.h.audit4 2011-03-10 11:54:15.474854443 +0100
|
--- openssh-5.8p1/audit.h.audit4 2011-03-14 16:24:07.539854526 +0100
|
||||||
+++ openssh-5.8p1/audit.h 2011-03-10 11:54:16.195980185 +0100
|
+++ openssh-5.8p1/audit.h 2011-03-14 16:24:08.442854618 +0100
|
||||||
@@ -62,5 +62,7 @@ void audit_unsupported(int);
|
@@ -62,5 +62,7 @@ void audit_unsupported(int);
|
||||||
void audit_kex(int, char *, char *, char *);
|
void audit_kex(int, char *, char *, char *);
|
||||||
void audit_unsupported_body(int);
|
void audit_unsupported_body(int);
|
||||||
@ -56,8 +56,8 @@ diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h
|
|||||||
|
|
||||||
#endif /* _SSH_AUDIT_H */
|
#endif /* _SSH_AUDIT_H */
|
||||||
diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
|
diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
|
||||||
--- openssh-5.8p1/audit-linux.c.audit4 2011-03-10 11:54:15.513980523 +0100
|
--- openssh-5.8p1/audit-linux.c.audit4 2011-03-14 16:24:07.593854867 +0100
|
||||||
+++ openssh-5.8p1/audit-linux.c 2011-03-10 11:54:16.238854696 +0100
|
+++ openssh-5.8p1/audit-linux.c 2011-03-14 16:26:58.133854996 +0100
|
||||||
@@ -292,6 +292,8 @@ audit_unsupported_body(int what)
|
@@ -292,6 +292,8 @@ audit_unsupported_body(int what)
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@ -74,7 +74,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
|
|||||||
- const static char *direction[] = { "from-server", "from-client", "both" };
|
- const static char *direction[] = { "from-server", "from-client", "both" };
|
||||||
Cipher *cipher = cipher_by_name(enc);
|
Cipher *cipher = cipher_by_name(enc);
|
||||||
|
|
||||||
snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d",
|
snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d ",
|
||||||
@@ -323,4 +324,30 @@ audit_kex_body(int ctos, char *enc, char
|
@@ -323,4 +324,30 @@ audit_kex_body(int ctos, char *enc, char
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@ -107,8 +107,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
|
|||||||
+
|
+
|
||||||
#endif /* USE_LINUX_AUDIT */
|
#endif /* USE_LINUX_AUDIT */
|
||||||
diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c
|
diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c
|
||||||
--- openssh-5.8p1/auditstub.c.audit4 2011-03-10 11:54:15.543855258 +0100
|
--- openssh-5.8p1/auditstub.c.audit4 2011-03-14 16:24:07.634855095 +0100
|
||||||
+++ openssh-5.8p1/auditstub.c 2011-03-10 11:54:16.281980911 +0100
|
+++ openssh-5.8p1/auditstub.c 2011-03-14 16:24:08.553854657 +0100
|
||||||
@@ -27,6 +27,8 @@
|
@@ -27,6 +27,8 @@
|
||||||
* Red Hat author: Jan F. Chadima <jchadima@redhat.com>
|
* Red Hat author: Jan F. Chadima <jchadima@redhat.com>
|
||||||
*/
|
*/
|
||||||
@ -132,8 +132,8 @@ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c
|
|||||||
+{
|
+{
|
||||||
+}
|
+}
|
||||||
diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c
|
diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c
|
||||||
--- openssh-5.8p1/kex.c.audit4 2011-03-10 11:54:15.668854854 +0100
|
--- openssh-5.8p1/kex.c.audit4 2011-03-14 16:24:07.791854867 +0100
|
||||||
+++ openssh-5.8p1/kex.c 2011-03-10 11:54:16.328854758 +0100
|
+++ openssh-5.8p1/kex.c 2011-03-14 16:24:08.602854638 +0100
|
||||||
@@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i
|
@@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i
|
||||||
fprintf(stderr, "\n");
|
fprintf(stderr, "\n");
|
||||||
}
|
}
|
||||||
@ -171,7 +171,7 @@ diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c
|
|||||||
+
|
+
|
||||||
diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h
|
diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h
|
||||||
--- openssh-5.8p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200
|
--- openssh-5.8p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200
|
||||||
+++ openssh-5.8p1/kex.h 2011-03-10 11:54:16.375854867 +0100
|
+++ openssh-5.8p1/kex.h 2011-03-14 16:24:08.650854566 +0100
|
||||||
@@ -156,6 +156,8 @@ void kexgex_server(Kex *);
|
@@ -156,6 +156,8 @@ void kexgex_server(Kex *);
|
||||||
void kexecdh_client(Kex *);
|
void kexecdh_client(Kex *);
|
||||||
void kexecdh_server(Kex *);
|
void kexecdh_server(Kex *);
|
||||||
@ -183,7 +183,7 @@ diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h
|
|||||||
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
|
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
|
||||||
diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c
|
diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c
|
||||||
--- openssh-5.8p1/mac.c.audit4 2008-06-13 02:58:50.000000000 +0200
|
--- openssh-5.8p1/mac.c.audit4 2008-06-13 02:58:50.000000000 +0200
|
||||||
+++ openssh-5.8p1/mac.c 2011-03-10 11:54:16.414981731 +0100
|
+++ openssh-5.8p1/mac.c 2011-03-14 16:24:08.697854630 +0100
|
||||||
@@ -162,6 +162,20 @@ mac_clear(Mac *mac)
|
@@ -162,6 +162,20 @@ mac_clear(Mac *mac)
|
||||||
mac->umac_ctx = NULL;
|
mac->umac_ctx = NULL;
|
||||||
}
|
}
|
||||||
@ -207,15 +207,15 @@ diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c
|
|||||||
int
|
int
|
||||||
diff -up openssh-5.8p1/mac.h.audit4 openssh-5.8p1/mac.h
|
diff -up openssh-5.8p1/mac.h.audit4 openssh-5.8p1/mac.h
|
||||||
--- openssh-5.8p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200
|
--- openssh-5.8p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200
|
||||||
+++ openssh-5.8p1/mac.h 2011-03-10 11:54:16.459979897 +0100
|
+++ openssh-5.8p1/mac.h 2011-03-14 16:24:08.747854620 +0100
|
||||||
@@ -28,3 +28,4 @@ int mac_setup(Mac *, char *);
|
@@ -28,3 +28,4 @@ int mac_setup(Mac *, char *);
|
||||||
int mac_init(Mac *);
|
int mac_init(Mac *);
|
||||||
u_char *mac_compute(Mac *, u_int32_t, u_char *, int);
|
u_char *mac_compute(Mac *, u_int32_t, u_char *, int);
|
||||||
void mac_clear(Mac *);
|
void mac_clear(Mac *);
|
||||||
+void mac_destroy(Mac *);
|
+void mac_destroy(Mac *);
|
||||||
diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c
|
diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c
|
||||||
--- openssh-5.8p1/monitor.c.audit4 2011-03-10 11:54:15.772979889 +0100
|
--- openssh-5.8p1/monitor.c.audit4 2011-03-14 16:24:07.900854565 +0100
|
||||||
+++ openssh-5.8p1/monitor.c 2011-03-10 11:54:16.520854885 +0100
|
+++ openssh-5.8p1/monitor.c 2011-03-14 16:24:08.810854693 +0100
|
||||||
@@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer
|
@@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer
|
||||||
int mm_answer_audit_end_command(int, Buffer *);
|
int mm_answer_audit_end_command(int, Buffer *);
|
||||||
int mm_answer_audit_unsupported_body(int, Buffer *);
|
int mm_answer_audit_unsupported_body(int, Buffer *);
|
||||||
@ -311,8 +311,8 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c
|
|||||||
+}
|
+}
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h
|
diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h
|
||||||
--- openssh-5.8p1/monitor.h.audit4 2011-03-10 11:54:15.820855816 +0100
|
--- openssh-5.8p1/monitor.h.audit4 2011-03-14 16:24:07.956854553 +0100
|
||||||
+++ openssh-5.8p1/monitor.h 2011-03-10 11:54:16.564980955 +0100
|
+++ openssh-5.8p1/monitor.h 2011-03-14 16:24:08.857854697 +0100
|
||||||
@@ -69,6 +69,7 @@ enum monitor_reqtype {
|
@@ -69,6 +69,7 @@ enum monitor_reqtype {
|
||||||
MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM,
|
MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM,
|
||||||
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
|
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
|
||||||
@ -322,8 +322,8 @@ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h
|
|||||||
|
|
||||||
struct mm_master;
|
struct mm_master;
|
||||||
diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c
|
diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c
|
||||||
--- openssh-5.8p1/monitor_wrap.c.audit4 2011-03-10 11:54:15.867854835 +0100
|
--- openssh-5.8p1/monitor_wrap.c.audit4 2011-03-14 16:24:08.013854544 +0100
|
||||||
+++ openssh-5.8p1/monitor_wrap.c 2011-03-10 11:54:16.611855033 +0100
|
+++ openssh-5.8p1/monitor_wrap.c 2011-03-14 16:24:08.917854588 +0100
|
||||||
@@ -615,12 +615,14 @@ mm_send_keystate(struct monitor *monitor
|
@@ -615,12 +615,14 @@ mm_send_keystate(struct monitor *monitor
|
||||||
fatal("%s: conversion of newkeys failed", __func__);
|
fatal("%s: conversion of newkeys failed", __func__);
|
||||||
|
|
||||||
@ -360,8 +360,8 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c
|
|||||||
+}
|
+}
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h
|
diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h
|
||||||
--- openssh-5.8p1/monitor_wrap.h.audit4 2011-03-10 11:54:15.915854621 +0100
|
--- openssh-5.8p1/monitor_wrap.h.audit4 2011-03-14 16:24:08.061854654 +0100
|
||||||
+++ openssh-5.8p1/monitor_wrap.h 2011-03-10 11:54:16.655980759 +0100
|
+++ openssh-5.8p1/monitor_wrap.h 2011-03-14 16:24:08.962855020 +0100
|
||||||
@@ -78,6 +78,7 @@ int mm_audit_run_command(const char *);
|
@@ -78,6 +78,7 @@ int mm_audit_run_command(const char *);
|
||||||
void mm_audit_end_command(int, const char *);
|
void mm_audit_end_command(int, const char *);
|
||||||
void mm_audit_unsupported_body(int);
|
void mm_audit_unsupported_body(int);
|
||||||
@ -372,7 +372,7 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h
|
|||||||
struct Session;
|
struct Session;
|
||||||
diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c
|
diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c
|
||||||
--- openssh-5.8p1/packet.c.audit4 2010-11-24 00:46:37.000000000 +0100
|
--- openssh-5.8p1/packet.c.audit4 2010-11-24 00:46:37.000000000 +0100
|
||||||
+++ openssh-5.8p1/packet.c 2011-03-10 11:54:16.966855179 +0100
|
+++ openssh-5.8p1/packet.c 2011-03-14 16:24:09.027854309 +0100
|
||||||
@@ -60,6 +60,7 @@
|
@@ -60,6 +60,7 @@
|
||||||
#include <signal.h>
|
#include <signal.h>
|
||||||
|
|
||||||
@ -566,7 +566,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c
|
|||||||
+
|
+
|
||||||
diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h
|
diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h
|
||||||
--- openssh-5.8p1/packet.h.audit4 2010-11-20 05:19:38.000000000 +0100
|
--- openssh-5.8p1/packet.h.audit4 2010-11-20 05:19:38.000000000 +0100
|
||||||
+++ openssh-5.8p1/packet.h 2011-03-10 11:54:16.753854671 +0100
|
+++ openssh-5.8p1/packet.h 2011-03-14 16:24:09.080979550 +0100
|
||||||
@@ -125,4 +125,5 @@ void packet_restore_state(void);
|
@@ -125,4 +125,5 @@ void packet_restore_state(void);
|
||||||
void *packet_get_input(void);
|
void *packet_get_input(void);
|
||||||
void *packet_get_output(void);
|
void *packet_get_output(void);
|
||||||
@ -574,8 +574,8 @@ diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h
|
|||||||
+void packet_destroy_all(int, int);
|
+void packet_destroy_all(int, int);
|
||||||
#endif /* PACKET_H */
|
#endif /* PACKET_H */
|
||||||
diff -up openssh-5.8p1/session.c.audit4 openssh-5.8p1/session.c
|
diff -up openssh-5.8p1/session.c.audit4 openssh-5.8p1/session.c
|
||||||
--- openssh-5.8p1/session.c.audit4 2011-03-10 11:54:14.556854925 +0100
|
--- openssh-5.8p1/session.c.audit4 2011-03-14 16:24:06.386922297 +0100
|
||||||
+++ openssh-5.8p1/session.c 2011-03-10 11:54:16.805855439 +0100
|
+++ openssh-5.8p1/session.c 2011-03-14 16:24:09.143048206 +0100
|
||||||
@@ -1627,6 +1627,9 @@ do_child(Session *s, const char *command
|
@@ -1627,6 +1627,9 @@ do_child(Session *s, const char *command
|
||||||
|
|
||||||
/* remove hostkey from the child's memory */
|
/* remove hostkey from the child's memory */
|
||||||
@ -587,8 +587,8 @@ diff -up openssh-5.8p1/session.c.audit4 openssh-5.8p1/session.c
|
|||||||
/* Force a password change */
|
/* Force a password change */
|
||||||
if (s->authctxt->force_pwchange) {
|
if (s->authctxt->force_pwchange) {
|
||||||
diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c
|
diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c
|
||||||
--- openssh-5.8p1/sshd.c.audit4 2011-03-10 11:54:15.966980273 +0100
|
--- openssh-5.8p1/sshd.c.audit4 2011-03-14 16:24:08.127854626 +0100
|
||||||
+++ openssh-5.8p1/sshd.c 2011-03-10 11:54:17.027854614 +0100
|
+++ openssh-5.8p1/sshd.c 2011-03-14 16:24:09.229855281 +0100
|
||||||
@@ -663,6 +663,8 @@ privsep_preauth(Authctxt *authctxt)
|
@@ -663,6 +663,8 @@ privsep_preauth(Authctxt *authctxt)
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c
|
diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c
|
||||||
--- openssh-5.8p1/audit-bsm.c.audit5 2011-03-10 11:58:54.075979941 +0100
|
--- openssh-5.8p1/audit-bsm.c.audit5 2011-03-15 12:09:02.819854798 +0100
|
||||||
+++ openssh-5.8p1/audit-bsm.c 2011-03-10 11:58:55.029855000 +0100
|
+++ openssh-5.8p1/audit-bsm.c 2011-03-15 12:09:03.832854653 +0100
|
||||||
@@ -414,4 +414,22 @@ audit_session_key_free_body(int ctos, pi
|
@@ -414,4 +414,22 @@ audit_session_key_free_body(int ctos, pi
|
||||||
{
|
{
|
||||||
/* not implemented */
|
/* not implemented */
|
||||||
@ -25,8 +25,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c
|
|||||||
+}
|
+}
|
||||||
#endif /* BSM */
|
#endif /* BSM */
|
||||||
diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c
|
diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c
|
||||||
--- openssh-5.8p1/audit.c.audit5 2011-03-10 11:58:54.121980174 +0100
|
--- openssh-5.8p1/audit.c.audit5 2011-03-15 12:09:02.863854800 +0100
|
||||||
+++ openssh-5.8p1/audit.c 2011-03-10 11:58:55.077854964 +0100
|
+++ openssh-5.8p1/audit.c 2011-03-15 12:09:03.883982586 +0100
|
||||||
@@ -290,5 +290,24 @@ audit_session_key_free_body(int ctos, pi
|
@@ -290,5 +290,24 @@ audit_session_key_free_body(int ctos, pi
|
||||||
debug("audit session key discard euid %u direction %d from pid %ld uid %u",
|
debug("audit session key discard euid %u direction %d from pid %ld uid %u",
|
||||||
(unsigned)geteuid(), ctos, (long)pid, (unsigned)uid);
|
(unsigned)geteuid(), ctos, (long)pid, (unsigned)uid);
|
||||||
@ -53,8 +53,8 @@ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c
|
|||||||
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h
|
diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h
|
||||||
--- openssh-5.8p1/audit.h.audit5 2011-03-10 11:58:54.167979998 +0100
|
--- openssh-5.8p1/audit.h.audit5 2011-03-15 12:09:02.906855169 +0100
|
||||||
+++ openssh-5.8p1/audit.h 2011-03-10 11:58:55.126854627 +0100
|
+++ openssh-5.8p1/audit.h 2011-03-15 12:09:03.935980417 +0100
|
||||||
@@ -48,6 +48,8 @@ enum ssh_audit_event_type {
|
@@ -48,6 +48,8 @@ enum ssh_audit_event_type {
|
||||||
};
|
};
|
||||||
typedef enum ssh_audit_event_type ssh_audit_event_t;
|
typedef enum ssh_audit_event_type ssh_audit_event_t;
|
||||||
@ -73,8 +73,8 @@ diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h
|
|||||||
|
|
||||||
#endif /* _SSH_AUDIT_H */
|
#endif /* _SSH_AUDIT_H */
|
||||||
diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c
|
diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c
|
||||||
--- openssh-5.8p1/audit-linux.c.audit5 2011-03-10 11:58:54.215855001 +0100
|
--- openssh-5.8p1/audit-linux.c.audit5 2011-03-15 12:09:02.955855142 +0100
|
||||||
+++ openssh-5.8p1/audit-linux.c 2011-03-10 11:58:55.170980918 +0100
|
+++ openssh-5.8p1/audit-linux.c 2011-03-15 12:09:04.018854944 +0100
|
||||||
@@ -350,4 +350,50 @@ audit_session_key_free_body(int ctos, pi
|
@@ -350,4 +350,50 @@ audit_session_key_free_body(int ctos, pi
|
||||||
error("cannot write into audit");
|
error("cannot write into audit");
|
||||||
}
|
}
|
||||||
@ -127,8 +127,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c
|
|||||||
+}
|
+}
|
||||||
#endif /* USE_LINUX_AUDIT */
|
#endif /* USE_LINUX_AUDIT */
|
||||||
diff -up openssh-5.8p1/key.c.audit5 openssh-5.8p1/key.c
|
diff -up openssh-5.8p1/key.c.audit5 openssh-5.8p1/key.c
|
||||||
--- openssh-5.8p1/key.c.audit5 2011-03-10 11:58:51.406979467 +0100
|
--- openssh-5.8p1/key.c.audit5 2011-03-15 12:08:59.815855291 +0100
|
||||||
+++ openssh-5.8p1/key.c 2011-03-10 11:58:55.229855219 +0100
|
+++ openssh-5.8p1/key.c 2011-03-15 12:09:04.094854601 +0100
|
||||||
@@ -1797,6 +1797,30 @@ key_demote(const Key *k)
|
@@ -1797,6 +1797,30 @@ key_demote(const Key *k)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -161,8 +161,8 @@ diff -up openssh-5.8p1/key.c.audit5 openssh-5.8p1/key.c
|
|||||||
{
|
{
|
||||||
if (k == NULL)
|
if (k == NULL)
|
||||||
diff -up openssh-5.8p1/key.h.audit5 openssh-5.8p1/key.h
|
diff -up openssh-5.8p1/key.h.audit5 openssh-5.8p1/key.h
|
||||||
--- openssh-5.8p1/key.h.audit5 2011-03-10 11:58:51.452981181 +0100
|
--- openssh-5.8p1/key.h.audit5 2011-03-15 12:08:59.869855119 +0100
|
||||||
+++ openssh-5.8p1/key.h 2011-03-10 11:58:55.276854914 +0100
|
+++ openssh-5.8p1/key.h 2011-03-15 12:09:04.139854762 +0100
|
||||||
@@ -109,6 +109,7 @@ Key *key_generate(int, u_int);
|
@@ -109,6 +109,7 @@ Key *key_generate(int, u_int);
|
||||||
Key *key_from_private(const Key *);
|
Key *key_from_private(const Key *);
|
||||||
int key_type_from_name(char *);
|
int key_type_from_name(char *);
|
||||||
@ -172,8 +172,8 @@ diff -up openssh-5.8p1/key.h.audit5 openssh-5.8p1/key.h
|
|||||||
int key_to_certified(Key *, int);
|
int key_to_certified(Key *, int);
|
||||||
int key_drop_cert(Key *);
|
int key_drop_cert(Key *);
|
||||||
diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c
|
diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c
|
||||||
--- openssh-5.8p1/monitor.c.audit5 2011-03-10 11:58:54.503854586 +0100
|
--- openssh-5.8p1/monitor.c.audit5 2011-03-15 12:09:03.261856010 +0100
|
||||||
+++ openssh-5.8p1/monitor.c 2011-03-10 11:58:55.333855125 +0100
|
+++ openssh-5.8p1/monitor.c 2011-03-15 12:09:04.190980939 +0100
|
||||||
@@ -106,6 +106,8 @@ extern Buffer auth_debug;
|
@@ -106,6 +106,8 @@ extern Buffer auth_debug;
|
||||||
extern int auth_debug_init;
|
extern int auth_debug_init;
|
||||||
extern Buffer loginmsg;
|
extern Buffer loginmsg;
|
||||||
@ -258,8 +258,8 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c
|
|||||||
+}
|
+}
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h
|
diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h
|
||||||
--- openssh-5.8p1/monitor.h.audit5 2011-03-10 11:58:54.545980156 +0100
|
--- openssh-5.8p1/monitor.h.audit5 2011-03-15 12:09:03.307855051 +0100
|
||||||
+++ openssh-5.8p1/monitor.h 2011-03-10 11:58:55.378854631 +0100
|
+++ openssh-5.8p1/monitor.h 2011-03-15 12:09:04.232980242 +0100
|
||||||
@@ -70,6 +70,7 @@ enum monitor_reqtype {
|
@@ -70,6 +70,7 @@ enum monitor_reqtype {
|
||||||
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
|
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
|
||||||
MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,
|
MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,
|
||||||
@ -269,8 +269,8 @@ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h
|
|||||||
|
|
||||||
struct mm_master;
|
struct mm_master;
|
||||||
diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c
|
diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c
|
||||||
--- openssh-5.8p1/monitor_wrap.c.audit5 2011-03-10 11:58:54.602854916 +0100
|
--- openssh-5.8p1/monitor_wrap.c.audit5 2011-03-15 12:09:03.363854906 +0100
|
||||||
+++ openssh-5.8p1/monitor_wrap.c 2011-03-10 11:58:55.432980073 +0100
|
+++ openssh-5.8p1/monitor_wrap.c 2011-03-15 12:09:04.308855115 +0100
|
||||||
@@ -1501,4 +1501,20 @@ mm_audit_session_key_free_body(int ctos,
|
@@ -1501,4 +1501,20 @@ mm_audit_session_key_free_body(int ctos,
|
||||||
&m);
|
&m);
|
||||||
buffer_free(&m);
|
buffer_free(&m);
|
||||||
@ -293,8 +293,8 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c
|
|||||||
+}
|
+}
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h
|
diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h
|
||||||
--- openssh-5.8p1/monitor_wrap.h.audit5 2011-03-10 11:58:54.648980503 +0100
|
--- openssh-5.8p1/monitor_wrap.h.audit5 2011-03-15 12:09:03.419855029 +0100
|
||||||
+++ openssh-5.8p1/monitor_wrap.h 2011-03-10 11:58:55.480855200 +0100
|
+++ openssh-5.8p1/monitor_wrap.h 2011-03-15 12:09:04.355854646 +0100
|
||||||
@@ -79,6 +79,7 @@ void mm_audit_end_command(int, const cha
|
@@ -79,6 +79,7 @@ void mm_audit_end_command(int, const cha
|
||||||
void mm_audit_unsupported_body(int);
|
void mm_audit_unsupported_body(int);
|
||||||
void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
|
void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
|
||||||
@ -304,8 +304,8 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h
|
|||||||
|
|
||||||
struct Session;
|
struct Session;
|
||||||
diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c
|
diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c
|
||||||
--- openssh-5.8p1/session.c.audit5 2011-03-10 11:58:54.800854988 +0100
|
--- openssh-5.8p1/session.c.audit5 2011-03-15 12:09:03.580854904 +0100
|
||||||
+++ openssh-5.8p1/session.c 2011-03-10 11:58:55.540854785 +0100
|
+++ openssh-5.8p1/session.c 2011-03-15 12:09:04.414980438 +0100
|
||||||
@@ -132,7 +132,7 @@ extern int log_stderr;
|
@@ -132,7 +132,7 @@ extern int log_stderr;
|
||||||
extern int debug_flag;
|
extern int debug_flag;
|
||||||
extern u_int utmp_len;
|
extern u_int utmp_len;
|
||||||
@ -325,8 +325,8 @@ diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c
|
|||||||
monitor over a single socket, with no synchronization. */
|
monitor over a single socket, with no synchronization. */
|
||||||
packet_destroy_all(0, 1);
|
packet_destroy_all(0, 1);
|
||||||
diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c
|
diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c
|
||||||
--- openssh-5.8p1/sshd.c.audit5 2011-03-10 11:58:54.856979886 +0100
|
--- openssh-5.8p1/sshd.c.audit5 2011-03-15 12:09:03.635855069 +0100
|
||||||
+++ openssh-5.8p1/sshd.c 2011-03-10 11:58:55.728855905 +0100
|
+++ openssh-5.8p1/sshd.c 2011-03-15 12:10:19.893854987 +0100
|
||||||
@@ -253,7 +253,7 @@ Buffer loginmsg;
|
@@ -253,7 +253,7 @@ Buffer loginmsg;
|
||||||
struct passwd *privsep_pw = NULL;
|
struct passwd *privsep_pw = NULL;
|
||||||
|
|
||||||
@ -447,7 +447,7 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c
|
|||||||
+ destroy_sensitive_data(0);
|
+ destroy_sensitive_data(0);
|
||||||
close_listen_socks();
|
close_listen_socks();
|
||||||
unlink(options.pid_file);
|
unlink(options.pid_file);
|
||||||
exit(255);
|
exit(0);
|
||||||
@@ -2023,7 +2074,7 @@ main(int ac, char **av)
|
@@ -2023,7 +2074,7 @@ main(int ac, char **av)
|
||||||
privsep_postauth(authctxt);
|
privsep_postauth(authctxt);
|
||||||
/* the monitor process [priv] will not return */
|
/* the monitor process [priv] will not return */
|
||||||
|
13
openssh-5.8p1-entropy.patch
Normal file
13
openssh-5.8p1-entropy.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff -up openssh-5.8p1/entropy.c.reseed openssh-5.8p1/entropy.c
|
||||||
|
--- openssh-5.8p1/entropy.c.reseed 2011-01-13 11:05:29.000000000 +0100
|
||||||
|
+++ openssh-5.8p1/entropy.c 2011-03-15 10:18:16.623980109 +0100
|
||||||
|
@@ -70,6 +70,9 @@ static uid_t original_uid, original_euid
|
||||||
|
void
|
||||||
|
seed_rng(void)
|
||||||
|
{
|
||||||
|
+#ifdef USE_PRNG_DEVICE
|
||||||
|
+/* not yet */
|
||||||
|
+#endif
|
||||||
|
#ifndef OPENSSL_PRNG_ONLY
|
||||||
|
int devnull;
|
||||||
|
int p[2];
|
12
openssh-5.8p1-exit.patch
Normal file
12
openssh-5.8p1-exit.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff -up openssh-5.8p1/sshd.c.exit openssh-5.8p1/sshd.c
|
||||||
|
--- openssh-5.8p1/sshd.c.exit 2011-01-11 07:20:31.000000000 +0100
|
||||||
|
+++ openssh-5.8p1/sshd.c 2011-03-15 12:06:20.623854928 +0100
|
||||||
|
@@ -1115,7 +1115,7 @@ server_accept_loop(int *sock_in, int *so
|
||||||
|
(int) received_sigterm);
|
||||||
|
close_listen_socks();
|
||||||
|
unlink(options.pid_file);
|
||||||
|
- exit(255);
|
||||||
|
+ exit(0);
|
||||||
|
}
|
||||||
|
if (key_used && key_do_regen) {
|
||||||
|
generate_ephemeral_server_key();
|
52
openssh-5.8p1-reseed.patch
Normal file
52
openssh-5.8p1-reseed.patch
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
diff -up openssh-5.8p1/sshd.c.reseed openssh-5.8p1/sshd.c
|
||||||
|
--- openssh-5.8p1/sshd.c.reseed 2011-03-16 15:48:47.870648161 +0100
|
||||||
|
+++ openssh-5.8p1/sshd.c 2011-03-16 18:55:52.998648933 +0100
|
||||||
|
@@ -225,6 +225,8 @@ static volatile sig_atomic_t key_do_rege
|
||||||
|
static volatile sig_atomic_t received_sighup = 0;
|
||||||
|
static volatile sig_atomic_t received_sigterm = 0;
|
||||||
|
|
||||||
|
+static volatile int need_reseed = 0;
|
||||||
|
+
|
||||||
|
/* session identifier, used by RSA-auth */
|
||||||
|
u_char session_id[16];
|
||||||
|
|
||||||
|
@@ -396,6 +398,9 @@ generate_ephemeral_server_key(void)
|
||||||
|
arc4random_stir();
|
||||||
|
}
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * Signal handler for the alarm in the accept loop.
|
||||||
|
+ */
|
||||||
|
/*ARGSUSED*/
|
||||||
|
static void
|
||||||
|
key_regeneration_alarm(int sig)
|
||||||
|
@@ -405,6 +410,7 @@ key_regeneration_alarm(int sig)
|
||||||
|
signal(SIGALRM, SIG_DFL);
|
||||||
|
errno = save_errno;
|
||||||
|
key_do_regen = 1;
|
||||||
|
+ need_reseed = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
@@ -1277,6 +1285,12 @@ server_accept_loop(int *sock_in, int *so
|
||||||
|
* the child process the connection. The
|
||||||
|
* parent continues listening.
|
||||||
|
*/
|
||||||
|
+ if (need_reseed) {
|
||||||
|
+ seed_rng();
|
||||||
|
+ logit("random reseeded");
|
||||||
|
+ need_reseed = 0;
|
||||||
|
+ alarm(options.key_regeneration_time);
|
||||||
|
+ }
|
||||||
|
platform_pre_fork();
|
||||||
|
if ((pid = fork()) == 0) {
|
||||||
|
/*
|
||||||
|
@@ -1836,6 +1852,8 @@ main(int ac, char **av)
|
||||||
|
signal(SIGCHLD, main_sigchld_handler);
|
||||||
|
signal(SIGTERM, sigterm_handler);
|
||||||
|
signal(SIGQUIT, sigterm_handler);
|
||||||
|
+ signal(SIGALRM, key_regeneration_alarm);
|
||||||
|
+ alarm(options.key_regeneration_time);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Write out the pid file after the sigterm handler
|
90
openssh-5.8p1-sftpcontext.patch
Normal file
90
openssh-5.8p1-sftpcontext.patch
Normal file
@ -0,0 +1,90 @@
|
|||||||
|
diff -up openssh-5.8p1/session.c.sftpcontext openssh-5.8p1/session.c
|
||||||
|
--- openssh-5.8p1/session.c.sftpcontext 2011-03-17 06:20:41.651773603 +0100
|
||||||
|
+++ openssh-5.8p1/session.c 2011-03-17 06:39:11.947648737 +0100
|
||||||
|
@@ -1479,12 +1479,21 @@ safely_chroot(const char *path, uid_t ui
|
||||||
|
|
||||||
|
/* Set login name, uid, gid, and groups. */
|
||||||
|
void
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+do_setusercontext(struct passwd *pw, const char *context)
|
||||||
|
+#else
|
||||||
|
do_setusercontext(struct passwd *pw)
|
||||||
|
+#endif
|
||||||
|
{
|
||||||
|
char *chroot_path, *tmp;
|
||||||
|
|
||||||
|
platform_setusercontext(pw);
|
||||||
|
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+ if (context)
|
||||||
|
+ ssh_selinux_change_context(context);
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
if (platform_privileged_uidswap()) {
|
||||||
|
#ifdef HAVE_LOGIN_CAP
|
||||||
|
if (setusercontext(lc, pw, pw->pw_uid,
|
||||||
|
@@ -1633,7 +1642,11 @@ do_child(Session *s, const char *command
|
||||||
|
|
||||||
|
/* Force a password change */
|
||||||
|
if (s->authctxt->force_pwchange) {
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+ do_setusercontext(pw, NULL); //should be passwd_t context set here?
|
||||||
|
+#else
|
||||||
|
do_setusercontext(pw);
|
||||||
|
+#endif
|
||||||
|
child_close_fds();
|
||||||
|
do_pwchange(s);
|
||||||
|
exit(1);
|
||||||
|
@@ -1660,7 +1673,11 @@ do_child(Session *s, const char *command
|
||||||
|
/* When PAM is enabled we rely on it to do the nologin check */
|
||||||
|
if (!options.use_pam)
|
||||||
|
do_nologin(pw);
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+ do_setusercontext(pw, s->is_subsystem == SUBSYSTEM_INT_SFTP ? "sftpd_t" : NULL);
|
||||||
|
+#else
|
||||||
|
do_setusercontext(pw);
|
||||||
|
+#endif
|
||||||
|
/*
|
||||||
|
* PAM session modules in do_setusercontext may have
|
||||||
|
* generated messages, so if this in an interactive
|
||||||
|
@@ -1780,9 +1797,6 @@ do_child(Session *s, const char *command
|
||||||
|
argv[i] = NULL;
|
||||||
|
optind = optreset = 1;
|
||||||
|
__progname = argv[0];
|
||||||
|
-#ifdef WITH_SELINUX
|
||||||
|
- ssh_selinux_change_context("sftpd_t");
|
||||||
|
-#endif
|
||||||
|
exit(sftp_server_main(i, argv, s->pw));
|
||||||
|
}
|
||||||
|
|
||||||
|
diff -up openssh-5.8p1/session.h.sftpcontext openssh-5.8p1/session.h
|
||||||
|
--- openssh-5.8p1/session.h.sftpcontext 2011-03-17 06:38:15.287648531 +0100
|
||||||
|
+++ openssh-5.8p1/session.h 2011-03-17 06:40:25.907648653 +0100
|
||||||
|
@@ -84,7 +84,11 @@ Session *session_new(void);
|
||||||
|
Session *session_by_id(int);
|
||||||
|
Session *session_by_tty(char *);
|
||||||
|
void session_close(Session *);
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+void do_setusercontext(struct passwd *, const char *);
|
||||||
|
+#else
|
||||||
|
void do_setusercontext(struct passwd *);
|
||||||
|
+#endif
|
||||||
|
void child_set_env(char ***envp, u_int *envsizep, const char *name,
|
||||||
|
const char *value);
|
||||||
|
|
||||||
|
diff -up openssh-5.8p1/sshd.c.sftpcontext openssh-5.8p1/sshd.c
|
||||||
|
--- openssh-5.8p1/sshd.c.sftpcontext 2011-03-17 06:40:55.961663207 +0100
|
||||||
|
+++ openssh-5.8p1/sshd.c 2011-03-17 06:45:14.037735849 +0100
|
||||||
|
@@ -772,7 +772,11 @@ privsep_postauth(Authctxt *authctxt)
|
||||||
|
RAND_seed(rnd, sizeof(rnd));
|
||||||
|
|
||||||
|
/* Drop privileges */
|
||||||
|
- do_setusercontext(authctxt->pw);
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+ do_setusercontext(authctxt->pw, NULL);
|
||||||
|
+#else
|
||||||
|
+ do_setusercontext(authctxt->pw);
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
skip:
|
||||||
|
/* It is safe now to apply the key state */
|
@ -5,8 +5,8 @@ diff -up openssh-5.8p1/log.h.wIm openssh-5.8p1/log.h
|
|||||||
void debug(const char *, ...) __attribute__((format(printf, 1, 2)));
|
void debug(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||||
void debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
|
void debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||||
void debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
|
void debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||||
+void _debug_wIm_body(const char *, const char *);
|
+void _debug_wIm_body(const char *, const char *, const char *, int);
|
||||||
+#define debug_wIm(a) _debug_wIm_body(a,__func__)
|
+#define debug_wIm(a) _debug_wIm_body(a,__func__,__FILE__,__LINE__)
|
||||||
|
|
||||||
void do_log(LogLevel, const char *, va_list);
|
void do_log(LogLevel, const char *, va_list);
|
||||||
void cleanup_exit(int) __attribute__((noreturn));
|
void cleanup_exit(int) __attribute__((noreturn));
|
||||||
@ -67,9 +67,9 @@ diff -up openssh-5.8p1/whereIam.c.wIm openssh-5.8p1/whereIam.c
|
|||||||
+
|
+
|
||||||
+int whereIam = -1;
|
+int whereIam = -1;
|
||||||
+
|
+
|
||||||
+void _debug_wIm_body(const char *txt, const char *func)
|
+void _debug_wIm_body(const char *txt, const char *func, const char *file, int line)
|
||||||
+{
|
+{
|
||||||
+ debug("%s: %s wIm = %d, uid=%d, euid=%d", txt, func, whereIam, getuid(), geteuid());
|
+ debug("%s: %s(%s:%d) wIm = %d, uid=%d, euid=%d", txt, func, file, line, whereIam, getuid(), geteuid());
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+
|
+
|
||||||
|
23
openssh.spec
23
openssh.spec
@ -71,7 +71,7 @@
|
|||||||
|
|
||||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||||
%define openssh_ver 5.8p1
|
%define openssh_ver 5.8p1
|
||||||
%define openssh_rel 17
|
%define openssh_rel 18
|
||||||
%define pam_ssh_agent_ver 0.9.2
|
%define pam_ssh_agent_ver 0.9.2
|
||||||
%define pam_ssh_agent_rel 30
|
%define pam_ssh_agent_rel 30
|
||||||
|
|
||||||
@ -98,6 +98,8 @@ Patch99: openssh-5.8p1-wIm.patch
|
|||||||
Patch0: openssh-5.6p1-redhat.patch
|
Patch0: openssh-5.6p1-redhat.patch
|
||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1872
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1872
|
||||||
Patch100: openssh-5.8p1-fingerprint.patch
|
Patch100: openssh-5.8p1-fingerprint.patch
|
||||||
|
#?
|
||||||
|
Patch200: openssh-5.8p1-exit.patch
|
||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1402
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1402
|
||||||
Patch8: openssh-5.8p1-audit0.patch
|
Patch8: openssh-5.8p1-audit0.patch
|
||||||
Patch108: openssh-5.8p1-audit0a.patch
|
Patch108: openssh-5.8p1-audit0a.patch
|
||||||
@ -111,6 +113,10 @@ Patch4: openssh-5.8p1-audit4.patch
|
|||||||
Patch104: openssh-5.8p1-audit4a.patch
|
Patch104: openssh-5.8p1-audit4a.patch
|
||||||
Patch5: openssh-5.8p1-audit5.patch
|
Patch5: openssh-5.8p1-audit5.patch
|
||||||
Patch105: openssh-5.8p1-audit5a.patch
|
Patch105: openssh-5.8p1-audit5a.patch
|
||||||
|
#?
|
||||||
|
Patch6: openssh-5.8p1-reseed.patch
|
||||||
|
#?
|
||||||
|
Patch7: openssh-5.8p1-entropy.patch
|
||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640
|
||||||
Patch9: openssh-5.8p1-vendor.patch
|
Patch9: openssh-5.8p1-vendor.patch
|
||||||
# --- pam_ssh-agent ---
|
# --- pam_ssh-agent ---
|
||||||
@ -128,6 +134,8 @@ Patch23: openssh-5.8p1-selinux-role.patch
|
|||||||
Patch24: openssh-5.8p1-mls.patch
|
Patch24: openssh-5.8p1-mls.patch
|
||||||
# #https://bugzilla.mindrot.org/show_bug.cgi?id=1614
|
# #https://bugzilla.mindrot.org/show_bug.cgi?id=1614
|
||||||
# Patch25: openssh-5.6p1-selabel.patch
|
# Patch25: openssh-5.6p1-selabel.patch
|
||||||
|
#?
|
||||||
|
Patch26: openssh-5.8p1-sftpcontext.patch
|
||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1668
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1668
|
||||||
Patch30: openssh-5.6p1-keygen.patch
|
Patch30: openssh-5.6p1-keygen.patch
|
||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1644
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1644
|
||||||
@ -161,8 +169,8 @@ Patch158: openssh-5.8p1-keycat2.patch
|
|||||||
Patch60: openssh-5.8p1-gsskex.patch
|
Patch60: openssh-5.8p1-gsskex.patch
|
||||||
#?
|
#?
|
||||||
Patch61: openssh-5.8p1-gssapi-canohost.patch
|
Patch61: openssh-5.8p1-gssapi-canohost.patch
|
||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1873
|
#---
|
||||||
#=>https://bugzilla.redhat.com/show_bug.cgi?id=668993
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1873 => https://bugzilla.redhat.com/show_bug.cgi?id=668993
|
||||||
|
|
||||||
License: BSD
|
License: BSD
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
@ -312,6 +320,7 @@ The module is most useful for su and sudo service stacks.
|
|||||||
###%patch99 -p1 -b .wIm
|
###%patch99 -p1 -b .wIm
|
||||||
%patch0 -p1 -b .redhat
|
%patch0 -p1 -b .redhat
|
||||||
%patch100 -p1 -b .fingerprint
|
%patch100 -p1 -b .fingerprint
|
||||||
|
%patch200 -p1 -b .exit
|
||||||
%patch8 -p1 -b .audit0
|
%patch8 -p1 -b .audit0
|
||||||
%patch108 -p1 -b .audit0a
|
%patch108 -p1 -b .audit0a
|
||||||
%patch1 -p1 -b .audit1
|
%patch1 -p1 -b .audit1
|
||||||
@ -324,6 +333,8 @@ The module is most useful for su and sudo service stacks.
|
|||||||
%patch104 -p1 -b .audit4a
|
%patch104 -p1 -b .audit4a
|
||||||
%patch5 -p1 -b .audit5
|
%patch5 -p1 -b .audit5
|
||||||
%patch105 -p1 -b .audit5a
|
%patch105 -p1 -b .audit5a
|
||||||
|
%patch6 -p1 -b .reseed
|
||||||
|
%patch7 -p1 -b .entropy
|
||||||
%patch9 -p1 -b .vendor
|
%patch9 -p1 -b .vendor
|
||||||
%if %{pam_ssh_agent}
|
%if %{pam_ssh_agent}
|
||||||
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
||||||
@ -343,6 +354,7 @@ popd
|
|||||||
%patch22 -p1 -b .selinux
|
%patch22 -p1 -b .selinux
|
||||||
%patch23 -p1 -b .role
|
%patch23 -p1 -b .role
|
||||||
%patch24 -p1 -b .mls
|
%patch24 -p1 -b .mls
|
||||||
|
%patch26 -p1 -b .sftpcontext
|
||||||
%endif
|
%endif
|
||||||
%patch30 -p1 -b .keygen
|
%patch30 -p1 -b .keygen
|
||||||
%patch31 -p1 -b .ip-opts
|
%patch31 -p1 -b .ip-opts
|
||||||
@ -652,6 +664,11 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Mar 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-18 + 0.9.2-30
|
||||||
|
- add periodical reseeding of random generator
|
||||||
|
- change selinux contex for internal sftp in do_usercontext
|
||||||
|
- exit(0) after sigterm
|
||||||
|
|
||||||
* Thu Mar 10 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-17 + 0.9.2-30
|
* Thu Mar 10 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-17 + 0.9.2-30
|
||||||
- improove ssh-ldap (documentation)
|
- improove ssh-ldap (documentation)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user