selinux sandbox rewrite

two factor authentication tweaking
2011-09-19 07:26:32 +02:00 · 2011-09-19 07:26:32 +02:00 · 28b0dc63f4
commit 28b0dc63f4
parent cff1d0c39d
4 changed files with 206 additions and 195 deletions
--- a/openssh-5.9p1-2auth.patch
+++ b/openssh-5.9p1-2auth.patch
@ -1,6 +1,6 @@
 diff -up openssh-5.9p1/auth.h.2auth openssh-5.9p1/auth.h
 --- openssh-5.9p1/auth.h.2auth	2011-05-29 13:39:38.000000000 +0200
-+++ openssh-5.9p1/auth.h	2011-09-13 20:25:22.250474950 +0200
+++ openssh-5.9p1/auth.h	2011-09-17 11:36:54.314522599 +0200
@@ -149,6 +149,8 @@ int	auth_root_allowed(char *);
 
 char	*auth2_read_banner(void);
@ -12,8 +12,8 @@ diff -up openssh-5.9p1/auth.h.2auth openssh-5.9p1/auth.h
 int	auth2_challenge(Authctxt *, char *);
 diff -up openssh-5.9p1/auth2.c.2auth openssh-5.9p1/auth2.c
 --- openssh-5.9p1/auth2.c.2auth	2011-05-05 06:04:11.000000000 +0200
-+++ openssh-5.9p1/auth2.c	2011-09-13 20:25:22.348458588 +0200
-@@ -290,6 +290,23 @@ input_userauth_request(int type, u_int32
+++ openssh-5.9p1/auth2.c	2011-09-17 11:36:54.402521709 +0200
+@@ -290,6 +290,24 @@ input_userauth_request(int type, u_int32
 }
 
 void
@ -21,6 +21,7 @@ diff -up openssh-5.9p1/auth2.c.2auth openssh-5.9p1/auth2.c
 +{
 +	options.two_factor_authentication = 0;
 +
+	debug2("userauth restart, method = %s", method);
 +	options.pubkey_authentication = options.second_pubkey_authentication && strcmp(method, method_pubkey.name);
 +#ifdef GSSAPI
 +	options.gss_authentication = options.second_gss_authentication && strcmp(method, method_gssapi.name);
@ -37,15 +38,12 @@ diff -up openssh-5.9p1/auth2.c.2auth openssh-5.9p1/auth2.c
 userauth_finish(Authctxt *authctxt, int authenticated, char *method)
 {
 	char *methods;
-@@ -337,6 +354,15 @@ userauth_finish(Authctxt *authctxt, int
+@@ -337,6 +355,12 @@ userauth_finish(Authctxt *authctxt, int
 
 	/* XXX todo: check if multiple auth methods are needed */
 	if (authenticated == 1) {
 +		if (options.two_factor_authentication) {
 +			userauth_restart(method);
-+			if (use_privsep) 
-+				PRIVSEP(userauth_restart(method));
-+
 +			debug("1st factor authentication done go to 2nd factor");
 +			goto ask_methods;
 +		}
@ -53,131 +51,33 @@ diff -up openssh-5.9p1/auth2.c.2auth openssh-5.9p1/auth2.c
 		/* turn off userauth */
 		dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
 		packet_start(SSH2_MSG_USERAUTH_SUCCESS);
-@@ -356,6 +382,7 @@ userauth_finish(Authctxt *authctxt, int
+@@ -356,7 +380,9 @@ userauth_finish(Authctxt *authctxt, int
 #endif
 			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
 		}
 +ask_methods:
 		methods = authmethods_get();
+		debug2("next auth methods = %s", methods);
 		packet_start(SSH2_MSG_USERAUTH_FAILURE);
 		packet_put_cstring(methods);
+ 		packet_put_char(0);	/* XXX partial success, unused */
 diff -up openssh-5.9p1/monitor.c.2auth openssh-5.9p1/monitor.c
--- openssh-5.9p1/monitor.c.2auth	2011-09-13 20:25:18.031458843 +0200
-+++ openssh-5.9p1/monitor.c	2011-09-13 20:53:29.345644462 +0200
-@@ -165,6 +165,7 @@ int mm_answer_jpake_step1(int, Buffer *)
- int mm_answer_jpake_step2(int, Buffer *);
- int mm_answer_jpake_key_confirm(int, Buffer *);
- int mm_answer_jpake_check_confirm(int, Buffer *);
-+int mm_answer_userauth_restart(int, Buffer *);
- 
- #ifdef USE_PAM
- int mm_answer_pam_start(int, Buffer *);
-@@ -259,6 +260,7 @@ struct mon_table mon_dispatch_proto20[]
-     {MONITOR_REQ_JPAKE_KEY_CONFIRM, MON_ONCE, mm_answer_jpake_key_confirm},
-     {MONITOR_REQ_JPAKE_CHECK_CONFIRM, MON_AUTH, mm_answer_jpake_check_confirm},
+--- openssh-5.9p1/monitor.c.2auth	2011-08-05 22:15:18.000000000 +0200
+++ openssh-5.9p1/monitor.c	2011-09-17 11:36:54.513491937 +0200
+@@ -417,6 +417,10 @@ monitor_child_preauth(Authctxt *_authctx
+ 			}
+ 		}
 #endif
-+    {MONITOR_REQ_USERAUTH_RESTART, MON_PERMIT, mm_answer_userauth_restart},
-     {0, 0, NULL}
- };
- 
-@@ -378,7 +380,7 @@ monitor_child_preauth(Authctxt *_authctx
+		if (authenticated && options.two_factor_authentication) {
+			userauth_restart(auth_method);
+			authenticated = 0;
+		}
 	}
 
- 	/* The first few requests do not require asynchronous access */
-	while (!authenticated) {
-+	while (!authenticated || options.two_factor_authentication) {
- 		auth_method = "unknown";
- 		authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
- 		if (authenticated) {
-@@ -390,7 +392,7 @@ monitor_child_preauth(Authctxt *_authctx
- 				authenticated = 0;
- #ifdef USE_PAM
- 			/* PAM needs to perform account checks after auth */
-			if (options.use_pam && authenticated) {
-+			if (options.use_pam && authenticated && !options.two_factor_authentication) {
- 				Buffer m;
- 
- 				buffer_init(&m);
-@@ -2001,6 +2003,24 @@ monitor_reinit(struct monitor *mon)
- 	monitor_openfds(mon, 0);
- }
- 
-+int
-+mm_answer_userauth_restart(int sock, Buffer *m)
-+{
-+	char *method;
-+	u_int method_len;
-+
-+	method = buffer_get_string(m, &method_len);
-+
-+	userauth_restart(method);
-+
-+	xfree(method);
-+	buffer_clear(m);
-+
-+	mm_request_send(sock, MONITOR_ANS_USERAUTH_RESTART, m);
-+
-+	return (0);
-+}
-+
- #ifdef GSSAPI
- int
- mm_answer_gss_setup_ctx(int sock, Buffer *m)
-diff -up openssh-5.9p1/monitor.h.2auth openssh-5.9p1/monitor.h
--- openssh-5.9p1/monitor.h.2auth	2011-06-20 06:42:23.000000000 +0200
-+++ openssh-5.9p1/monitor.h	2011-09-13 20:25:22.615458574 +0200
-@@ -66,6 +66,7 @@ enum monitor_reqtype {
- 	MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2,
- 	MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM,
- 	MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM,
-+	MONITOR_REQ_USERAUTH_RESTART, MONITOR_ANS_USERAUTH_RESTART,
- };
- 
- struct mm_master;
-diff -up openssh-5.9p1/monitor_wrap.c.2auth openssh-5.9p1/monitor_wrap.c
--- openssh-5.9p1/monitor_wrap.c.2auth	2011-06-20 06:42:23.000000000 +0200
-+++ openssh-5.9p1/monitor_wrap.c	2011-09-13 20:25:22.735468462 +0200
-@@ -1173,6 +1173,26 @@ mm_auth_rsa_verify_response(Key *key, BI
- 	return (success);
- }
- 
-+void
-+mm_userauth_restart(const char *monitor)
-+{
-+	Buffer m;
-+
-+	debug3("%s entering", __func__);
-+
-+	buffer_init(&m);
-+
-+	buffer_put_cstring(&m, monitor);
-+
-+	mm_request_send(pmonitor->m_recvfd,
-+	    MONITOR_REQ_USERAUTH_RESTART, &m);
-+	debug3("%s: waiting for MONITOR_ANS_USERAUTH_RESTART", __func__);
-+	mm_request_receive_expect(pmonitor->m_recvfd,
-+	    MONITOR_ANS_USERAUTH_RESTART, &m);
-+
-+	buffer_free(&m);
-+}
-+
- #ifdef SSH_AUDIT_EVENTS
- void
- mm_audit_event(ssh_audit_event_t event)
-diff -up openssh-5.9p1/monitor_wrap.h.2auth openssh-5.9p1/monitor_wrap.h
--- openssh-5.9p1/monitor_wrap.h.2auth	2011-06-20 06:42:23.000000000 +0200
-+++ openssh-5.9p1/monitor_wrap.h	2011-09-13 20:25:22.847457505 +0200
-@@ -53,6 +53,7 @@ int mm_key_verify(Key *, u_char *, u_int
- int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
- int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *);
- BIGNUM *mm_auth_rsa_generate_challenge(Key *);
-+void mm_userauth_restart(const char *);
- 
- #ifdef GSSAPI
- OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
+ 	/* Drain any buffered messages from the child */
 diff -up openssh-5.9p1/servconf.c.2auth openssh-5.9p1/servconf.c
--- openssh-5.9p1/servconf.c.2auth	2011-09-13 20:25:18.836495701 +0200
-+++ openssh-5.9p1/servconf.c	2011-09-13 20:25:22.994584169 +0200
+--- openssh-5.9p1/servconf.c.2auth	2011-06-23 00:30:03.000000000 +0200
+++ openssh-5.9p1/servconf.c	2011-09-17 11:36:54.632461730 +0200
@@ -92,6 +92,13 @@ initialize_server_options(ServerOptions
 	options->hostbased_uses_name_from_packet_only = -1;
 	options->rsa_authentication = -1;
@ -333,7 +233,7 @@ diff -up openssh-5.9p1/servconf.c.2auth openssh-5.9p1/servconf.c
 	dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
 diff -up openssh-5.9p1/servconf.h.2auth openssh-5.9p1/servconf.h
 --- openssh-5.9p1/servconf.h.2auth	2011-06-23 00:30:03.000000000 +0200
-+++ openssh-5.9p1/servconf.h	2011-09-13 20:25:23.103459846 +0200
+++ openssh-5.9p1/servconf.h	2011-09-17 11:36:54.749584245 +0200
@@ -112,6 +112,14 @@ typedef struct {
 					/* If true, permit jpake auth */
 	int     permit_empty_passwd;	/* If false, do not permit empty
@ -351,7 +251,7 @@ diff -up openssh-5.9p1/servconf.h.2auth openssh-5.9p1/servconf.h
 	int     compression;	/* If true, compression is allowed */
 diff -up openssh-5.9p1/sshd_config.2auth openssh-5.9p1/sshd_config
 --- openssh-5.9p1/sshd_config.2auth	2011-05-29 13:39:39.000000000 +0200
-+++ openssh-5.9p1/sshd_config	2011-09-13 20:25:23.221458447 +0200
+++ openssh-5.9p1/sshd_config	2011-09-17 11:36:54.859588726 +0200
@@ -87,6 +87,13 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # and ChallengeResponseAuthentication to 'no'.
 #UsePAM no
@ -360,7 +260,7 @@ diff -up openssh-5.9p1/sshd_config.2auth openssh-5.9p1/sshd_config
 +#SecondPubkeyAuthentication yes
 +#SecondHostbasedAuthentication no
 +#SecondPasswordAuthentication yes
-+#SecondChallengeResponseAuthentication yes
+#SecondKBDInteractiveAuthentication yes
 +#SecondGSSAPIAuthentication no
 +
 #AllowAgentForwarding yes
@ -368,7 +268,7 @@ diff -up openssh-5.9p1/sshd_config.2auth openssh-5.9p1/sshd_config
 #GatewayPorts no
 diff -up openssh-5.9p1/sshd_config.5.2auth openssh-5.9p1/sshd_config.5
 --- openssh-5.9p1/sshd_config.5.2auth	2011-08-05 22:17:33.000000000 +0200
-+++ openssh-5.9p1/sshd_config.5	2011-09-13 20:25:23.416458539 +0200
+++ openssh-5.9p1/sshd_config.5	2011-09-17 13:45:49.022521436 +0200
@@ -726,6 +726,12 @@ Available keywords are
 .Cm PubkeyAuthentication ,
 .Cm RhostsRSAAuthentication ,
@ -382,7 +282,7 @@ diff -up openssh-5.9p1/sshd_config.5.2auth openssh-5.9p1/sshd_config.5
 .Cm X11DisplayOffset ,
 .Cm X11Forwarding
 and
-@@ -931,6 +937,41 @@ Specifies whether pure RSA authenticatio
+@@ -931,6 +937,45 @@ Specifies whether pure RSA authenticatio
 The default is
 .Dq yes .
 This option applies to protocol version 1 only.
@ -392,39 +292,43 @@ diff -up openssh-5.9p1/sshd_config.5.2auth openssh-5.9p1/sshd_config.5
 +may be used on the second authentication while
 +.Cm TwoFactorAuthentication
 +is set.
-+The argument must be “yes” or “no”.  The default is “no”.
+The default is
+.Dq no .
 +.It Cm SecondHostbasedAuthentication
 +Specifies whether the
 +.Cm HostbasedAuthentication
 +may be used on the second authentication while
 +.Cm TwoFactorAuthentication
 +is set.
-+The argument must be “yes” or “no”.  The default is “no”.
+The default is
+.Dq no .
 +.It Cm SecondKbdInteractiveAuthentication
 +Specifies whether the
 +.Cm KbdInteractiveAuthentication
 +may be used on the second authentication while
 +.Cm TwoFactorAuthentication
 +is set.
-+The argument must be “yes” or “no”.  The default is “no”.
+The default is
+.Dq yes .
 +.It Cm SecondPasswordAuthentication
 +Specifies whether the
 +.Cm PasswordAuthentication
 +may be used on the second authentication while
 +.Cm TwoFactorAuthentication
 +is set.
-+The argument must be “yes” or “no”.  The default is “yes”.
-+.It Cm SecondPubkeyAuthentication 
+The default is
+.Dq yes .
 +Specifies whether the
 +.Cm PubkeyAuthentication
 +may be used on the second authentication while
 +.Cm TwoFactorAuthentication
 +is set.
-+The argument must be “yes” or “no”.  The default is “yes”.
+The default is
+.Dq yes .
 .It Cm ServerKeyBits
 Defines the number of bits in the ephemeral protocol version 1 server key.
 The minimum value is 512, and the default is 1024.
-@@ -1011,6 +1052,22 @@ For more details on certificates, see th
+@@ -1011,6 +1056,23 @@ For more details on certificates, see th
 .Sx CERTIFICATES
 section in
 .Xr ssh-keygen 1 .
@ -443,7 +347,8 @@ diff -up openssh-5.9p1/sshd_config.5.2auth openssh-5.9p1/sshd_config.5
 +.Cm SecondPasswordAuthentication ,
 +.Cm SecondPubkeyAuthentication 
 +without the method used for the first authentication.
-+The argument must be “yes” or “no”.  The default is “no”.
+The default is
+.Dq no .
 .It Cm UseDNS
 Specifies whether
 .Xr sshd 8
--- a/openssh-5.9p1-audit4.patch
+++ b/openssh-5.9p1-audit4.patch
@ -1,6 +1,6 @@
 diff -up openssh-5.9p1/audit-bsm.c.audit4 openssh-5.9p1/audit-bsm.c
--- openssh-5.9p1/audit-bsm.c.audit4	2011-09-14 07:20:13.580471755 +0200
-+++ openssh-5.9p1/audit-bsm.c	2011-09-14 07:20:15.087521491 +0200
+--- openssh-5.9p1/audit-bsm.c.audit4	2011-09-18 05:13:24.922458521 +0200
+++ openssh-5.9p1/audit-bsm.c	2011-09-18 05:13:26.808459314 +0200
@@ -408,4 +408,10 @@ audit_kex_body(int ctos, char *enc, char
 {
 	/* not implemented */
@ -13,8 +13,8 @@ diff -up openssh-5.9p1/audit-bsm.c.audit4 openssh-5.9p1/audit-bsm.c
 +}
 #endif /* BSM */
 diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c
--- openssh-5.9p1/audit-linux.c.audit4	2011-09-14 07:20:13.692465249 +0200
-+++ openssh-5.9p1/audit-linux.c	2011-09-14 07:21:51.559462876 +0200
+--- openssh-5.9p1/audit-linux.c.audit4	2011-09-18 05:13:25.041460630 +0200
+++ openssh-5.9p1/audit-linux.c	2011-09-18 05:13:26.897563551 +0200
@@ -294,6 +294,8 @@ audit_unsupported_body(int what)
 #endif
 }
@ -66,8 +66,8 @@ diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c
 +
 #endif /* USE_LINUX_AUDIT */
 diff -up openssh-5.9p1/audit.c.audit4 openssh-5.9p1/audit.c
--- openssh-5.9p1/audit.c.audit4	2011-09-14 07:20:13.787520896 +0200
-+++ openssh-5.9p1/audit.c	2011-09-14 07:20:15.619521843 +0200
+--- openssh-5.9p1/audit.c.audit4	2011-09-18 05:13:25.151459504 +0200
+++ openssh-5.9p1/audit.c	2011-09-18 05:13:26.995548664 +0200
@@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac
 	PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
 }
@ -98,8 +98,8 @@ diff -up openssh-5.9p1/audit.c.audit4 openssh-5.9p1/audit.c
 # endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
 #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.9p1/audit.h.audit4 openssh-5.9p1/audit.h
--- openssh-5.9p1/audit.h.audit4	2011-09-14 07:20:13.893524944 +0200
-+++ openssh-5.9p1/audit.h	2011-09-14 07:20:15.739523476 +0200
+--- openssh-5.9p1/audit.h.audit4	2011-09-18 05:13:25.247587021 +0200
+++ openssh-5.9p1/audit.h	2011-09-18 05:13:27.107531553 +0200
@@ -62,5 +62,7 @@ void	audit_unsupported(int);
 void	audit_kex(int, char *, char *, char *);
 void	audit_unsupported_body(int);
@ -109,8 +109,8 @@ diff -up openssh-5.9p1/audit.h.audit4 openssh-5.9p1/audit.h
 
 #endif /* _SSH_AUDIT_H */
 diff -up openssh-5.9p1/auditstub.c.audit4 openssh-5.9p1/auditstub.c
--- openssh-5.9p1/auditstub.c.audit4	2011-09-14 07:20:13.993523515 +0200
-+++ openssh-5.9p1/auditstub.c	2011-09-14 07:20:15.843531733 +0200
+--- openssh-5.9p1/auditstub.c.audit4	2011-09-18 05:13:25.350459598 +0200
+++ openssh-5.9p1/auditstub.c	2011-09-18 05:13:27.209523920 +0200
@@ -27,6 +27,8 @@
  * Red Hat author: Jan F. Chadima <jchadima@redhat.com>
  */
@ -134,8 +134,8 @@ diff -up openssh-5.9p1/auditstub.c.audit4 openssh-5.9p1/auditstub.c
 +{
 +}
 diff -up openssh-5.9p1/kex.c.audit4 openssh-5.9p1/kex.c
--- openssh-5.9p1/kex.c.audit4	2011-09-14 07:20:14.294645864 +0200
-+++ openssh-5.9p1/kex.c	2011-09-14 07:20:15.948646500 +0200
+--- openssh-5.9p1/kex.c.audit4	2011-09-18 05:13:25.656459960 +0200
+++ openssh-5.9p1/kex.c	2011-09-18 05:13:27.309500951 +0200
@@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i
 	fprintf(stderr, "\n");
 }
@ -173,7 +173,7 @@ diff -up openssh-5.9p1/kex.c.audit4 openssh-5.9p1/kex.c
 +
 diff -up openssh-5.9p1/kex.h.audit4 openssh-5.9p1/kex.h
 --- openssh-5.9p1/kex.h.audit4	2010-09-24 14:11:14.000000000 +0200
-+++ openssh-5.9p1/kex.h	2011-09-14 07:20:16.045521582 +0200
+++ openssh-5.9p1/kex.h	2011-09-18 05:13:27.419492884 +0200
@@ -156,6 +156,8 @@ void	 kexgex_server(Kex *);
 void	 kexecdh_client(Kex *);
 void	 kexecdh_server(Kex *);
@ -185,7 +185,7 @@ diff -up openssh-5.9p1/kex.h.audit4 openssh-5.9p1/kex.h
     BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
 diff -up openssh-5.9p1/mac.c.audit4 openssh-5.9p1/mac.c
 --- openssh-5.9p1/mac.c.audit4	2011-08-17 02:29:03.000000000 +0200
-+++ openssh-5.9p1/mac.c	2011-09-14 07:20:16.173477847 +0200
+++ openssh-5.9p1/mac.c	2011-09-18 05:13:27.545464964 +0200
@@ -168,6 +168,20 @@ mac_clear(Mac *mac)
 	mac->umac_ctx = NULL;
 }
@ -209,16 +209,16 @@ diff -up openssh-5.9p1/mac.c.audit4 openssh-5.9p1/mac.c
 int
 diff -up openssh-5.9p1/mac.h.audit4 openssh-5.9p1/mac.h
 --- openssh-5.9p1/mac.h.audit4	2007-06-11 06:01:42.000000000 +0200
-+++ openssh-5.9p1/mac.h	2011-09-14 07:20:16.287522108 +0200
+++ openssh-5.9p1/mac.h	2011-09-18 05:13:27.675473027 +0200
@@ -28,3 +28,4 @@ int	 mac_setup(Mac *, char *);
 int	 mac_init(Mac *);
 u_char	*mac_compute(Mac *, u_int32_t, u_char *, int);
 void	 mac_clear(Mac *);
 +void	 mac_destroy(Mac *);
 diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
--- openssh-5.9p1/monitor.c.audit4	2011-09-14 07:20:14.404521153 +0200
-+++ openssh-5.9p1/monitor.c	2011-09-14 07:20:16.400462714 +0200
-@@ -190,6 +190,7 @@ int mm_answer_audit_command(int, Buffer
+--- openssh-5.9p1/monitor.c.audit4	2011-09-18 05:13:25.778584691 +0200
+++ openssh-5.9p1/monitor.c	2011-09-18 05:15:22.786522699 +0200
+@@ -189,6 +189,7 @@ int mm_answer_audit_command(int, Buffer
 int mm_answer_audit_end_command(int, Buffer *);
 int mm_answer_audit_unsupported_body(int, Buffer *);
 int mm_answer_audit_kex_body(int, Buffer *);
@ -226,7 +226,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
 #endif
 
 static int monitor_read_log(struct monitor *);
-@@ -242,6 +243,7 @@ struct mon_table mon_dispatch_proto20[]
+@@ -241,6 +242,7 @@ struct mon_table mon_dispatch_proto20[]
     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
     {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
     {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
@ -234,7 +234,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
 #endif
 #ifdef BSD_AUTH
     {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
-@@ -282,6 +284,7 @@ struct mon_table mon_dispatch_postauth20
+@@ -280,6 +282,7 @@ struct mon_table mon_dispatch_postauth20
     {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
     {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
     {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
@ -242,7 +242,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
 #endif
     {0, 0, NULL}
 };
-@@ -315,6 +318,7 @@ struct mon_table mon_dispatch_proto15[]
+@@ -313,6 +316,7 @@ struct mon_table mon_dispatch_proto15[]
     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
     {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
     {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
@ -250,7 +250,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
 #endif
     {0, 0, NULL}
 };
-@@ -329,6 +333,7 @@ struct mon_table mon_dispatch_postauth15
+@@ -327,6 +331,7 @@ struct mon_table mon_dispatch_postauth15
     {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
     {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
     {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
@ -258,8 +258,8 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
 #endif
     {0, 0, NULL}
 };
-@@ -435,10 +440,6 @@ monitor_child_preauth(Authctxt *_authctx
- #endif
+@@ -437,10 +442,6 @@ monitor_child_preauth(Authctxt *_authctx
+ 		}
 	}
 
 -	/* Drain any buffered messages from the child */
@ -269,7 +269,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
 	if (!authctxt->valid)
 		fatal("%s: authenticated invalid user", __func__);
 	if (strcmp(auth_method, "unknown") == 0)
-@@ -1925,11 +1926,13 @@ mm_get_keystate(struct monitor *pmonitor
+@@ -1927,11 +1928,13 @@ mm_get_keystate(struct monitor *pmonitor
 
 	blob = buffer_get_string(&m, &bloblen);
 	current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen);
@ -283,7 +283,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
 	xfree(blob);
 
 	/* Now get sequence numbers for the packets */
-@@ -1975,6 +1978,21 @@ mm_get_keystate(struct monitor *pmonitor
+@@ -1977,6 +1980,21 @@ mm_get_keystate(struct monitor *pmonitor
 	}
 
 	buffer_free(&m);
@ -305,7 +305,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
 }
 
 
-@@ -2437,4 +2455,22 @@ mm_answer_audit_kex_body(int sock, Buffe
+@@ -2421,4 +2439,22 @@ mm_answer_audit_kex_body(int sock, Buffe
 	return 0;
 }
 
@ -329,8 +329,8 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
 +}
 #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.9p1/monitor.h.audit4 openssh-5.9p1/monitor.h
--- openssh-5.9p1/monitor.h.audit4	2011-09-14 07:20:14.518521791 +0200
-+++ openssh-5.9p1/monitor.h	2011-09-14 07:20:16.512585387 +0200
+--- openssh-5.9p1/monitor.h.audit4	2011-09-18 05:13:25.887586033 +0200
+++ openssh-5.9p1/monitor.h	2011-09-18 05:13:27.934522919 +0200
@@ -63,6 +63,7 @@ enum monitor_reqtype {
 	MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND,
 	MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
@ -340,8 +340,8 @@ diff -up openssh-5.9p1/monitor.h.audit4 openssh-5.9p1/monitor.h
 	MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
 	MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
 diff -up openssh-5.9p1/monitor_wrap.c.audit4 openssh-5.9p1/monitor_wrap.c
--- openssh-5.9p1/monitor_wrap.c.audit4	2011-09-14 07:20:14.713521378 +0200
-+++ openssh-5.9p1/monitor_wrap.c	2011-09-14 07:20:16.640587362 +0200
+--- openssh-5.9p1/monitor_wrap.c.audit4	2011-09-18 05:13:26.013583317 +0200
+++ openssh-5.9p1/monitor_wrap.c	2011-09-18 05:13:28.049519981 +0200
@@ -653,12 +653,14 @@ mm_send_keystate(struct monitor *monitor
 		fatal("%s: conversion of newkeys failed", __func__);
 
@ -357,7 +357,7 @@ diff -up openssh-5.9p1/monitor_wrap.c.audit4 openssh-5.9p1/monitor_wrap.c
 	xfree(blob);
 
 	packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes);
-@@ -1542,4 +1544,19 @@ mm_audit_kex_body(int ctos, char *cipher
+@@ -1522,4 +1524,19 @@ mm_audit_kex_body(int ctos, char *cipher
 
 	buffer_free(&m);
 }
@ -378,9 +378,9 @@ diff -up openssh-5.9p1/monitor_wrap.c.audit4 openssh-5.9p1/monitor_wrap.c
 +}
 #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.9p1/monitor_wrap.h.audit4 openssh-5.9p1/monitor_wrap.h
--- openssh-5.9p1/monitor_wrap.h.audit4	2011-09-14 07:20:14.821520100 +0200
-+++ openssh-5.9p1/monitor_wrap.h	2011-09-14 07:20:16.749585355 +0200
-@@ -80,6 +80,7 @@ int mm_audit_run_command(const char *);
+--- openssh-5.9p1/monitor_wrap.h.audit4	2011-09-18 05:13:26.119474152 +0200
+++ openssh-5.9p1/monitor_wrap.h	2011-09-18 05:13:28.151521539 +0200
+@@ -79,6 +79,7 @@ int mm_audit_run_command(const char *);
 void mm_audit_end_command(int, const char *);
 void mm_audit_unsupported_body(int);
 void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
@ -389,8 +389,8 @@ diff -up openssh-5.9p1/monitor_wrap.h.audit4 openssh-5.9p1/monitor_wrap.h
 
 struct Session;
 diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
--- openssh-5.9p1/packet.c.audit4	2011-09-14 07:20:09.337458270 +0200
-+++ openssh-5.9p1/packet.c	2011-09-14 07:20:16.892461022 +0200
+--- openssh-5.9p1/packet.c.audit4	2011-09-18 05:13:20.417548627 +0200
+++ openssh-5.9p1/packet.c	2011-09-18 05:13:28.278520968 +0200
@@ -60,6 +60,7 @@
 #include <signal.h>
 
@ -584,7 +584,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
 +
 diff -up openssh-5.9p1/packet.h.audit4 openssh-5.9p1/packet.h
 --- openssh-5.9p1/packet.h.audit4	2011-05-15 00:43:13.000000000 +0200
-+++ openssh-5.9p1/packet.h	2011-09-14 07:20:17.003583853 +0200
+++ openssh-5.9p1/packet.h	2011-09-18 05:13:28.385521238 +0200
@@ -124,4 +124,5 @@ void	 packet_restore_state(void);
 void	*packet_get_input(void);
 void	*packet_get_output(void);
@ -592,8 +592,8 @@ diff -up openssh-5.9p1/packet.h.audit4 openssh-5.9p1/packet.h
 +void	 packet_destroy_all(int, int);
 #endif				/* PACKET_H */
 diff -up openssh-5.9p1/session.c.audit4 openssh-5.9p1/session.c
--- openssh-5.9p1/session.c.audit4	2011-09-14 07:20:11.774521404 +0200
-+++ openssh-5.9p1/session.c	2011-09-14 07:20:17.134462420 +0200
+--- openssh-5.9p1/session.c.audit4	2011-09-18 05:13:22.842504192 +0200
+++ openssh-5.9p1/session.c	2011-09-18 05:13:28.511522576 +0200
@@ -1634,6 +1634,9 @@ do_child(Session *s, const char *command
 
 	/* remove hostkey from the child's memory */
@ -605,8 +605,8 @@ diff -up openssh-5.9p1/session.c.audit4 openssh-5.9p1/session.c
 	/* Force a password change */
 	if (s->authctxt->force_pwchange) {
 diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
--- openssh-5.9p1/sshd.c.audit4	2011-09-14 07:20:14.946521214 +0200
-+++ openssh-5.9p1/sshd.c	2011-09-14 07:20:17.258458657 +0200
+--- openssh-5.9p1/sshd.c.audit4	2011-09-18 05:13:26.617460032 +0200
+++ openssh-5.9p1/sshd.c	2011-09-18 05:13:28.621521065 +0200
@@ -686,6 +686,8 @@ privsep_preauth(Authctxt *authctxt)
 	}
 }
--- a/openssh-5.9p1-sesandbox.patch
+++ b/openssh-5.9p1-sesandbox.patch
@ -1,6 +1,6 @@
 diff -up openssh-5.9p1/Makefile.in.sesandbox openssh-5.9p1/Makefile.in
--- openssh-5.9p1/Makefile.in.sesandbox	2011-09-13 16:00:58.201646362 +0200
-+++ openssh-5.9p1/Makefile.in	2011-09-13 16:01:08.284466746 +0200
+--- openssh-5.9p1/Makefile.in.sesandbox	2011-09-19 04:10:05.706521484 +0200
+++ openssh-5.9p1/Makefile.in	2011-09-19 04:10:15.092646473 +0200
@@ -90,7 +90,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
 	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
 	sftp-server.o sftp-common.o \
@ -12,7 +12,7 @@ diff -up openssh-5.9p1/Makefile.in.sesandbox openssh-5.9p1/Makefile.in
 MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
 diff -up openssh-5.9p1/configure.ac.sesandbox openssh-5.9p1/configure.ac
 --- openssh-5.9p1/configure.ac.sesandbox	2011-08-18 06:48:24.000000000 +0200
-+++ openssh-5.9p1/configure.ac	2011-09-13 16:01:08.537509294 +0200
+++ openssh-5.9p1/configure.ac	2011-09-19 04:10:15.193521356 +0200
@@ -2476,7 +2476,7 @@ AC_SUBST([SSH_PRIVSEP_USER])
 # Decide which sandbox style to use
 sandbox_arg=""
@ -34,8 +34,8 @@ diff -up openssh-5.9p1/configure.ac.sesandbox openssh-5.9p1/configure.ac
      ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
 	test "x$ac_cv_func_setrlimit" != "xyes" && \
 diff -up openssh-5.9p1/openbsd-compat/port-linux.c.sesandbox openssh-5.9p1/openbsd-compat/port-linux.c
--- openssh-5.9p1/openbsd-compat/port-linux.c.sesandbox	2011-09-13 16:09:04.534585160 +0200
-+++ openssh-5.9p1/openbsd-compat/port-linux.c	2011-09-13 16:13:51.827640965 +0200
+--- openssh-5.9p1/openbsd-compat/port-linux.c.sesandbox	2011-09-19 04:10:14.731521450 +0200
+++ openssh-5.9p1/openbsd-compat/port-linux.c	2011-09-19 04:10:15.292521265 +0200
@@ -459,24 +459,24 @@ ssh_selinux_setup_pty(char *pwname, cons
 	debug3("%s: done", __func__);
 }
@ -91,8 +91,8 @@ diff -up openssh-5.9p1/openbsd-compat/port-linux.c.sesandbox openssh-5.9p1/openb
 
 void
 diff -up openssh-5.9p1/openbsd-compat/port-linux.h.sesandbox openssh-5.9p1/openbsd-compat/port-linux.h
--- openssh-5.9p1/openbsd-compat/port-linux.h.sesandbox	2011-09-13 16:14:10.371460199 +0200
-+++ openssh-5.9p1/openbsd-compat/port-linux.h	2011-09-13 16:14:40.377646062 +0200
+--- openssh-5.9p1/openbsd-compat/port-linux.h.sesandbox	2011-09-19 04:10:14.817647868 +0200
+++ openssh-5.9p1/openbsd-compat/port-linux.h	2011-09-19 04:10:15.401648009 +0200
@@ -23,7 +23,7 @@
 int ssh_selinux_enabled(void);
 void ssh_selinux_setup_pty(char *, const char *);
@ -102,10 +102,58 @@ diff -up openssh-5.9p1/openbsd-compat/port-linux.h.sesandbox openssh-5.9p1/openb
 void ssh_selinux_chopy_context(void);
 void ssh_selinux_setfscreatecon(const char *);
 #endif
+diff -up openssh-5.9p1/sandbox-darwin.c.sesandbox openssh-5.9p1/sandbox-darwin.c
+--- openssh-5.9p1/sandbox-darwin.c.sesandbox	2011-06-26 23:18:21.000000000 +0200
+++ openssh-5.9p1/sandbox-darwin.c	2011-09-19 04:10:15.490523231 +0200
+@@ -83,6 +83,12 @@ ssh_sandbox_child(struct ssh_sandbox *bo
+ }
+ 
+ void
+ssh_sandbox_privileged_child(struct ssh_sandbox *box)
+{
+	/* empty */
+}
+
+void
+ ssh_sandbox_parent_finish(struct ssh_sandbox *box)
+ {
+ 	free(box);
+diff -up openssh-5.9p1/sandbox-null.c.sesandbox openssh-5.9p1/sandbox-null.c
+--- openssh-5.9p1/sandbox-null.c.sesandbox	2011-06-23 11:45:51.000000000 +0200
+++ openssh-5.9p1/sandbox-null.c	2011-09-19 04:10:15.599458687 +0200
+@@ -58,6 +58,12 @@ ssh_sandbox_child(struct ssh_sandbox *bo
+ }
+ 
+ void
+ssh_sandbox_privileged_child(struct ssh_sandbox *box)
+{
+	/* empty */
+}
+
+void
+ ssh_sandbox_parent_finish(struct ssh_sandbox *box)
+ {
+ 	free(box);
+diff -up openssh-5.9p1/sandbox-rlimit.c.sesandbox openssh-5.9p1/sandbox-rlimit.c
+--- openssh-5.9p1/sandbox-rlimit.c.sesandbox	2011-06-23 11:45:51.000000000 +0200
+++ openssh-5.9p1/sandbox-rlimit.c	2011-09-19 04:10:16.077647289 +0200
+@@ -78,6 +78,12 @@ ssh_sandbox_child(struct ssh_sandbox *bo
+ }
+ 
+ void
+ssh_sandbox_privileged_child(struct ssh_sandbox *box)
+{
+	/* empty */
+}
+
+void
+ ssh_sandbox_parent_finish(struct ssh_sandbox *box)
+ {
+ 	free(box);
 diff -up openssh-5.9p1/sandbox-selinux.c.sesandbox openssh-5.9p1/sandbox-selinux.c
--- openssh-5.9p1/sandbox-selinux.c.sesandbox	2011-09-13 16:01:08.715520826 +0200
-+++ openssh-5.9p1/sandbox-selinux.c	2011-09-13 16:20:02.463511312 +0200
-@@ -0,0 +1,121 @@
+--- openssh-5.9p1/sandbox-selinux.c.sesandbox	2011-09-19 04:10:16.179526059 +0200
+++ openssh-5.9p1/sandbox-selinux.c	2011-09-19 04:39:00.058646230 +0200
+@@ -0,0 +1,122 @@
 +/* $Id: sandbox-selinux.c,v 1.0 2011/01/17 10:15:30 jfch Exp $ */
 + 
 +/*
@ -170,13 +218,14 @@ diff -up openssh-5.9p1/sandbox-selinux.c.sesandbox openssh-5.9p1/sandbox-selinux
 +	 * Strictly, we don't need to maintain any state here but we need
 +	 * to return non-NULL to satisfy the API.
 +	 */
+	debug3("selinux sandbox init");
 +	box = xcalloc(1, sizeof(*box));
 +	box->child_pid = 0;
 +	return box;
 +}
 +
-+static void
-+rlimit_ssh_sandbox_child(struct ssh_sandbox *box)
+void
+ssh_sandbox_child(struct ssh_sandbox *box)
 +{
 +	struct rlimit rl_zero;
 +
@ -196,15 +245,14 @@ diff -up openssh-5.9p1/sandbox-selinux.c.sesandbox openssh-5.9p1/sandbox-selinux
 +}
 +
 +void
-+ssh_sandbox_child(struct ssh_sandbox *box)
+ssh_sandbox_privileged_child(struct ssh_sandbox *box)
 +{
 +	switch (ssh_selinux_change_context("sshd_sandbox_t")) {
 +	case 0:
-+		debug3("selinux sandbox sucessfully enabled");
+		debug3("selinux sandbox child sucessfully enabled");
 +		break;
 +	case -2:
-+		logit("selinux not useful, using rlimit sandbox instead");
-+		rlimit_ssh_sandbox_child(box);
+		logit("selinux sandbox not useful");
 +		break;
 +	case -1:
 +		fatal("cannot set up selinux sandbox");
@ -223,7 +271,51 @@ diff -up openssh-5.9p1/sandbox-selinux.c.sesandbox openssh-5.9p1/sandbox-selinux
 +void
 +ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
 +{
+	debug3("selinux sandbox parent sucessfully enabled");
 +	box->child_pid = child_pid;
 +}
 +
 +#endif /* SANDBOX_NULL */
+diff -up openssh-5.9p1/sandbox-systrace.c.sesandbox openssh-5.9p1/sandbox-systrace.c
+--- openssh-5.9p1/sandbox-systrace.c.sesandbox	2011-08-05 22:16:23.000000000 +0200
+++ openssh-5.9p1/sandbox-systrace.c	2011-09-19 04:10:16.268646532 +0200
+@@ -109,6 +109,12 @@ ssh_sandbox_child(struct ssh_sandbox *bo
+ 	close(box->child_sock);
+ }
+ 
+void
+ssh_sandbox_privileged_child(struct ssh_sandbox *box)
+{
+	/* empty */
+}
+
+ static void
+ ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid,
+     const struct sandbox_policy *allowed_syscalls)
+diff -up openssh-5.9p1/ssh-sandbox.h.sesandbox openssh-5.9p1/ssh-sandbox.h
+--- openssh-5.9p1/ssh-sandbox.h.sesandbox	2011-06-23 11:45:51.000000000 +0200
+++ openssh-5.9p1/ssh-sandbox.h	2011-09-19 04:10:16.392523931 +0200
+@@ -19,5 +19,6 @@ struct ssh_sandbox;
+ 
+ struct ssh_sandbox *ssh_sandbox_init(void);
+ void ssh_sandbox_child(struct ssh_sandbox *);
+void ssh_sandbox_privileged_child(struct ssh_sandbox *);
+ void ssh_sandbox_parent_finish(struct ssh_sandbox *);
+ void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t);
+diff -up openssh-5.9p1/sshd.c.sesandbox openssh-5.9p1/sshd.c
+--- openssh-5.9p1/sshd.c.sesandbox	2011-09-19 04:10:14.564467584 +0200
+++ openssh-5.9p1/sshd.c	2011-09-19 04:36:43.324520132 +0200
+@@ -728,10 +730,12 @@ privsep_preauth(Authctxt *authctxt)
+ 		set_log_handler(mm_log_handler, pmonitor);
+ 
+ 		/* Demote the child */
+-		if (getuid() == 0 || geteuid() == 0)
+		if (getuid() == 0 || geteuid() == 0) {
+			ssh_sandbox_privileged_child(box);
+ 			privsep_preauth_child();
+		}
+ 		setproctitle("%s", "[net]");
+ 		if (box != NULL) {
+ 			ssh_sandbox_child(box);
+ 			xfree(box);
+ 		}
--- a/openssh.spec
+++ b/openssh.spec
@ -75,7 +75,7 @@

 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %define openssh_ver 5.9p1
-%define openssh_rel 9
+%define openssh_rel 10
 %define pam_ssh_agent_ver 0.9.2
 %define pam_ssh_agent_rel 32

@ -378,7 +378,9 @@ The module is most useful for su and sudo service stacks.
 %prep
 %setup -q -a 4
 #Do not enable by default
-###%patch0 -p1 -b .wIm
+%if 0
+%patch0 -p1 -b .wIm
+%endif

 %patch100 -p1 -b .coverity
 %patch101 -p1 -b .fingerprint
@ -413,7 +415,6 @@ popd
 %if %{ldap}
 %patch501 -p1 -b .ldap
 %endif
-
 %patch502 -p1 -b .keycat

 %patch600 -p1 -b .keygen
@ -444,6 +445,10 @@ popd
 %patch900 -p1 -b .canohost
 %patch901 -p1 -b .kuserok

+%if 0
+# Nothing here yet
+%endif
+
 autoreconf
 pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
 autoreconf
@ -509,7 +514,12 @@ fi
 	--with-pam \
 %endif
 %if %{WITH_SELINUX}
-	--with-selinux --with-audit=linux --with-sandbox=selinux \
+	--with-selinux --with-audit=linux \
+%if 1
+	--with-sandbox=selinux \
+%else
+	--with-sandbox=no \
+%endif
 %endif
 %if %{kerberos5}
 	--with-kerberos5${krb5_prefix:+=${krb5_prefix}} \
@ -773,6 +783,10 @@ fi
 %endif

 %changelog
+* Mon Sep 19 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-10 + 0.9.2-32
+- selinux sandbox rewrite
+- two factor authentication tweaking
+
 * Wed Sep 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-9 + 0.9.2-32
 - coverity upgrade
 - wipe off nonfunctional nss