rebase to openssh-6.0p1
6.0p1-1 + 0.9.3-2
This commit is contained in:
parent
90e11f338c
commit
65ba94ef1a
1
.gitignore
vendored
1
.gitignore
vendored
@ -6,3 +6,4 @@ pam_ssh_agent_auth-0.9.2.tar.bz2
|
||||
/openssh-5.8p2-noacss.tar.bz2
|
||||
/openssh-5.9p1-noacss.tar.bz2
|
||||
/pam_ssh_agent_auth-0.9.3.tar.bz2
|
||||
/openssh-6.0p1-noacss.tar.bz2
|
||||
|
@ -1,7 +1,7 @@
|
||||
diff -up openssh-5.9p0/audit-bsm.c.audit1 openssh-5.9p0/audit-bsm.c
|
||||
--- openssh-5.9p0/audit-bsm.c.audit1 2011-01-17 11:15:29.000000000 +0100
|
||||
+++ openssh-5.9p0/audit-bsm.c 2011-08-30 10:46:57.704148875 +0200
|
||||
@@ -298,10 +298,23 @@ audit_connection_from(const char *host,
|
||||
diff -up openssh-6.0p1/audit-bsm.c.audit1 openssh-6.0p1/audit-bsm.c
|
||||
--- openssh-6.0p1/audit-bsm.c.audit1 2012-02-24 00:40:43.000000000 +0100
|
||||
+++ openssh-6.0p1/audit-bsm.c 2012-08-06 20:33:24.416382804 +0200
|
||||
@@ -375,10 +375,23 @@ audit_connection_from(const char *host,
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -26,9 +26,78 @@ diff -up openssh-5.9p0/audit-bsm.c.audit1 openssh-5.9p0/audit-bsm.c
|
||||
}
|
||||
|
||||
void
|
||||
diff -up openssh-5.9p0/audit-linux.c.audit1 openssh-5.9p0/audit-linux.c
|
||||
--- openssh-5.9p0/audit-linux.c.audit1 2011-01-17 11:15:30.000000000 +0100
|
||||
+++ openssh-5.9p0/audit-linux.c 2011-08-30 10:46:58.059024733 +0200
|
||||
diff -up openssh-6.0p1/audit.c.audit1 openssh-6.0p1/audit.c
|
||||
--- openssh-6.0p1/audit.c.audit1 2011-01-17 11:15:30.000000000 +0100
|
||||
+++ openssh-6.0p1/audit.c 2012-08-06 20:33:24.417382801 +0200
|
||||
@@ -140,6 +140,17 @@ audit_event(ssh_audit_event_t event)
|
||||
}
|
||||
|
||||
/*
|
||||
+ * Called when a child process has called, or will soon call,
|
||||
+ * audit_session_open.
|
||||
+ */
|
||||
+void
|
||||
+audit_count_session_open(void)
|
||||
+{
|
||||
+ debug("audit count session open euid %d user %s", geteuid(),
|
||||
+ audit_username());
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
* Called when a user session is started. Argument is the tty allocated to
|
||||
* the session, or NULL if no tty was allocated.
|
||||
*
|
||||
@@ -174,13 +185,29 @@ audit_session_close(struct logininfo *li
|
||||
/*
|
||||
* This will be called when a user runs a non-interactive command. Note that
|
||||
* it may be called multiple times for a single connection since SSH2 allows
|
||||
- * multiple sessions within a single connection.
|
||||
+ * multiple sessions within a single connection. Returns a "handle" for
|
||||
+ * audit_end_command.
|
||||
*/
|
||||
-void
|
||||
+int
|
||||
audit_run_command(const char *command)
|
||||
{
|
||||
debug("audit run command euid %d user %s command '%.200s'", geteuid(),
|
||||
audit_username(), command);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * This will be called when the non-interactive command finishes. Note that
|
||||
+ * it may be called multiple times for a single connection since SSH2 allows
|
||||
+ * multiple sessions within a single connection. "handle" should come from
|
||||
+ * the corresponding audit_run_command.
|
||||
+ */
|
||||
+void
|
||||
+audit_end_command(int handle, const char *command)
|
||||
+{
|
||||
+ debug("audit end nopty exec euid %d user %s command '%.200s'", geteuid(),
|
||||
+ audit_username(), command);
|
||||
}
|
||||
+
|
||||
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-6.0p1/audit.h.audit1 openssh-6.0p1/audit.h
|
||||
--- openssh-6.0p1/audit.h.audit1 2011-01-17 11:15:30.000000000 +0100
|
||||
+++ openssh-6.0p1/audit.h 2012-08-06 20:33:24.417382801 +0200
|
||||
@@ -49,9 +49,11 @@ typedef enum ssh_audit_event_type ssh_au
|
||||
|
||||
void audit_connection_from(const char *, int);
|
||||
void audit_event(ssh_audit_event_t);
|
||||
+void audit_count_session_open(void);
|
||||
void audit_session_open(struct logininfo *);
|
||||
void audit_session_close(struct logininfo *);
|
||||
-void audit_run_command(const char *);
|
||||
+int audit_run_command(const char *);
|
||||
+void audit_end_command(int, const char *);
|
||||
ssh_audit_event_t audit_classify_auth(const char *);
|
||||
|
||||
#endif /* _SSH_AUDIT_H */
|
||||
diff -up openssh-6.0p1/audit-linux.c.audit1 openssh-6.0p1/audit-linux.c
|
||||
--- openssh-6.0p1/audit-linux.c.audit1 2011-01-17 11:15:30.000000000 +0100
|
||||
+++ openssh-6.0p1/audit-linux.c 2012-08-06 20:33:24.416382804 +0200
|
||||
@@ -35,13 +35,20 @@
|
||||
|
||||
#include "log.h"
|
||||
@ -244,78 +313,9 @@ diff -up openssh-5.9p0/audit-linux.c.audit1 openssh-5.9p0/audit-linux.c
|
||||
break;
|
||||
|
||||
default:
|
||||
diff -up openssh-5.9p0/audit.c.audit1 openssh-5.9p0/audit.c
|
||||
--- openssh-5.9p0/audit.c.audit1 2011-01-17 11:15:30.000000000 +0100
|
||||
+++ openssh-5.9p0/audit.c 2011-08-30 10:46:57.822025769 +0200
|
||||
@@ -140,6 +140,17 @@ audit_event(ssh_audit_event_t event)
|
||||
}
|
||||
|
||||
/*
|
||||
+ * Called when a child process has called, or will soon call,
|
||||
+ * audit_session_open.
|
||||
+ */
|
||||
+void
|
||||
+audit_count_session_open(void)
|
||||
+{
|
||||
+ debug("audit count session open euid %d user %s", geteuid(),
|
||||
+ audit_username());
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
* Called when a user session is started. Argument is the tty allocated to
|
||||
* the session, or NULL if no tty was allocated.
|
||||
*
|
||||
@@ -174,13 +185,29 @@ audit_session_close(struct logininfo *li
|
||||
/*
|
||||
* This will be called when a user runs a non-interactive command. Note that
|
||||
* it may be called multiple times for a single connection since SSH2 allows
|
||||
- * multiple sessions within a single connection.
|
||||
+ * multiple sessions within a single connection. Returns a "handle" for
|
||||
+ * audit_end_command.
|
||||
*/
|
||||
-void
|
||||
+int
|
||||
audit_run_command(const char *command)
|
||||
{
|
||||
debug("audit run command euid %d user %s command '%.200s'", geteuid(),
|
||||
audit_username(), command);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * This will be called when the non-interactive command finishes. Note that
|
||||
+ * it may be called multiple times for a single connection since SSH2 allows
|
||||
+ * multiple sessions within a single connection. "handle" should come from
|
||||
+ * the corresponding audit_run_command.
|
||||
+ */
|
||||
+void
|
||||
+audit_end_command(int handle, const char *command)
|
||||
+{
|
||||
+ debug("audit end nopty exec euid %d user %s command '%.200s'", geteuid(),
|
||||
+ audit_username(), command);
|
||||
}
|
||||
+
|
||||
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-5.9p0/audit.h.audit1 openssh-5.9p0/audit.h
|
||||
--- openssh-5.9p0/audit.h.audit1 2011-01-17 11:15:30.000000000 +0100
|
||||
+++ openssh-5.9p0/audit.h 2011-08-30 10:46:57.952035525 +0200
|
||||
@@ -49,9 +49,11 @@ typedef enum ssh_audit_event_type ssh_au
|
||||
|
||||
void audit_connection_from(const char *, int);
|
||||
void audit_event(ssh_audit_event_t);
|
||||
+void audit_count_session_open(void);
|
||||
void audit_session_open(struct logininfo *);
|
||||
void audit_session_close(struct logininfo *);
|
||||
-void audit_run_command(const char *);
|
||||
+int audit_run_command(const char *);
|
||||
+void audit_end_command(int, const char *);
|
||||
ssh_audit_event_t audit_classify_auth(const char *);
|
||||
|
||||
#endif /* _SSH_AUDIT_H */
|
||||
diff -up openssh-5.9p0/monitor.c.audit1 openssh-5.9p0/monitor.c
|
||||
--- openssh-5.9p0/monitor.c.audit1 2011-08-05 22:15:18.000000000 +0200
|
||||
+++ openssh-5.9p0/monitor.c 2011-08-30 10:50:47.074038891 +0200
|
||||
diff -up openssh-6.0p1/monitor.c.audit1 openssh-6.0p1/monitor.c
|
||||
--- openssh-6.0p1/monitor.c.audit1 2012-08-06 20:33:24.410382828 +0200
|
||||
+++ openssh-6.0p1/monitor.c 2012-08-06 20:33:24.418382797 +0200
|
||||
@@ -185,6 +185,7 @@ int mm_answer_gss_checkmic(int, Buffer *
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
int mm_answer_audit_event(int, Buffer *);
|
||||
@ -324,7 +324,7 @@ diff -up openssh-5.9p0/monitor.c.audit1 openssh-5.9p0/monitor.c
|
||||
#endif
|
||||
|
||||
static int monitor_read_log(struct monitor *);
|
||||
@@ -271,6 +272,7 @@ struct mon_table mon_dispatch_postauth20
|
||||
@@ -272,6 +273,7 @@ struct mon_table mon_dispatch_postauth20
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
|
||||
{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
|
||||
@ -332,7 +332,7 @@ diff -up openssh-5.9p0/monitor.c.audit1 openssh-5.9p0/monitor.c
|
||||
#endif
|
||||
{0, 0, NULL}
|
||||
};
|
||||
@@ -313,6 +315,7 @@ struct mon_table mon_dispatch_postauth15
|
||||
@@ -314,6 +316,7 @@ struct mon_table mon_dispatch_postauth15
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
|
||||
{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
|
||||
@ -340,7 +340,7 @@ diff -up openssh-5.9p0/monitor.c.audit1 openssh-5.9p0/monitor.c
|
||||
#endif
|
||||
{0, 0, NULL}
|
||||
};
|
||||
@@ -1398,6 +1401,12 @@ mm_session_close(Session *s)
|
||||
@@ -1427,6 +1430,12 @@ mm_session_close(Session *s)
|
||||
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
|
||||
session_pty_cleanup2(s);
|
||||
}
|
||||
@ -353,7 +353,7 @@ diff -up openssh-5.9p0/monitor.c.audit1 openssh-5.9p0/monitor.c
|
||||
session_unused(s->self);
|
||||
}
|
||||
|
||||
@@ -1720,11 +1729,44 @@ mm_answer_audit_command(int socket, Buff
|
||||
@@ -1751,11 +1760,44 @@ mm_answer_audit_command(int socket, Buff
|
||||
{
|
||||
u_int len;
|
||||
char *cmd;
|
||||
@ -399,9 +399,9 @@ diff -up openssh-5.9p0/monitor.c.audit1 openssh-5.9p0/monitor.c
|
||||
xfree(cmd);
|
||||
return (0);
|
||||
}
|
||||
diff -up openssh-5.9p0/monitor.h.audit1 openssh-5.9p0/monitor.h
|
||||
--- openssh-5.9p0/monitor.h.audit1 2011-06-20 06:42:23.000000000 +0200
|
||||
+++ openssh-5.9p0/monitor.h 2011-08-30 10:46:58.392112520 +0200
|
||||
diff -up openssh-6.0p1/monitor.h.audit1 openssh-6.0p1/monitor.h
|
||||
--- openssh-6.0p1/monitor.h.audit1 2011-06-20 06:42:23.000000000 +0200
|
||||
+++ openssh-6.0p1/monitor.h 2012-08-06 20:33:24.418382797 +0200
|
||||
@@ -60,6 +60,7 @@ enum monitor_reqtype {
|
||||
MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
|
||||
MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
|
||||
@ -410,9 +410,9 @@ diff -up openssh-5.9p0/monitor.h.audit1 openssh-5.9p0/monitor.h
|
||||
MONITOR_REQ_TERM,
|
||||
MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
|
||||
MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
|
||||
diff -up openssh-5.9p0/monitor_wrap.c.audit1 openssh-5.9p0/monitor_wrap.c
|
||||
--- openssh-5.9p0/monitor_wrap.c.audit1 2011-06-20 06:42:23.000000000 +0200
|
||||
+++ openssh-5.9p0/monitor_wrap.c 2011-08-30 10:46:58.505031574 +0200
|
||||
diff -up openssh-6.0p1/monitor_wrap.c.audit1 openssh-6.0p1/monitor_wrap.c
|
||||
--- openssh-6.0p1/monitor_wrap.c.audit1 2012-08-06 20:33:24.384382930 +0200
|
||||
+++ openssh-6.0p1/monitor_wrap.c 2012-08-06 20:33:24.419382793 +0200
|
||||
@@ -1188,10 +1188,11 @@ mm_audit_event(ssh_audit_event_t event)
|
||||
buffer_free(&m);
|
||||
}
|
||||
@ -453,9 +453,9 @@ diff -up openssh-5.9p0/monitor_wrap.c.audit1 openssh-5.9p0/monitor_wrap.c
|
||||
buffer_free(&m);
|
||||
}
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-5.9p0/monitor_wrap.h.audit1 openssh-5.9p0/monitor_wrap.h
|
||||
--- openssh-5.9p0/monitor_wrap.h.audit1 2011-06-20 06:42:23.000000000 +0200
|
||||
+++ openssh-5.9p0/monitor_wrap.h 2011-08-30 10:46:58.616212835 +0200
|
||||
diff -up openssh-6.0p1/monitor_wrap.h.audit1 openssh-6.0p1/monitor_wrap.h
|
||||
--- openssh-6.0p1/monitor_wrap.h.audit1 2011-06-20 06:42:23.000000000 +0200
|
||||
+++ openssh-6.0p1/monitor_wrap.h 2012-08-06 20:33:24.419382793 +0200
|
||||
@@ -74,7 +74,8 @@ void mm_sshpam_free_ctx(void *);
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
#include "audit.h"
|
||||
@ -466,9 +466,9 @@ diff -up openssh-5.9p0/monitor_wrap.h.audit1 openssh-5.9p0/monitor_wrap.h
|
||||
#endif
|
||||
|
||||
struct Session;
|
||||
diff -up openssh-5.9p0/session.c.audit1 openssh-5.9p0/session.c
|
||||
--- openssh-5.9p0/session.c.audit1 2011-05-20 03:23:10.000000000 +0200
|
||||
+++ openssh-5.9p0/session.c 2011-08-30 10:46:58.756024849 +0200
|
||||
diff -up openssh-6.0p1/session.c.audit1 openssh-6.0p1/session.c
|
||||
--- openssh-6.0p1/session.c.audit1 2011-11-04 00:55:24.000000000 +0100
|
||||
+++ openssh-6.0p1/session.c 2012-08-06 20:33:24.420382789 +0200
|
||||
@@ -742,6 +742,14 @@ do_exec_pty(Session *s, const char *comm
|
||||
/* Parent. Close the slave side of the pseudo tty. */
|
||||
close(ttyfd);
|
||||
@ -599,9 +599,9 @@ diff -up openssh-5.9p0/session.c.audit1 openssh-5.9p0/session.c
|
||||
- session_destroy_all(session_pty_cleanup2);
|
||||
+ session_destroy_all(do_cleanup_one_session);
|
||||
}
|
||||
diff -up openssh-5.9p0/session.h.audit1 openssh-5.9p0/session.h
|
||||
--- openssh-5.9p0/session.h.audit1 2008-05-19 07:34:50.000000000 +0200
|
||||
+++ openssh-5.9p0/session.h 2011-08-30 10:46:58.884024597 +0200
|
||||
diff -up openssh-6.0p1/session.h.audit1 openssh-6.0p1/session.h
|
||||
--- openssh-6.0p1/session.h.audit1 2008-05-19 07:34:50.000000000 +0200
|
||||
+++ openssh-6.0p1/session.h 2012-08-06 20:33:24.420382789 +0200
|
||||
@@ -60,6 +60,12 @@ struct Session {
|
||||
char *name;
|
||||
char *val;
|
||||
@ -626,11 +626,11 @@ diff -up openssh-5.9p0/session.h.audit1 openssh-5.9p0/session.h
|
||||
Session *session_by_tty(char *);
|
||||
void session_close(Session *);
|
||||
void do_setusercontext(struct passwd *);
|
||||
diff -up openssh-5.9p0/sshd.c.audit1 openssh-5.9p0/sshd.c
|
||||
--- openssh-5.9p0/sshd.c.audit1 2011-06-23 11:45:51.000000000 +0200
|
||||
+++ openssh-5.9p0/sshd.c 2011-08-30 10:46:59.009025421 +0200
|
||||
@@ -2364,7 +2364,8 @@ cleanup_exit(int i)
|
||||
do_cleanup(the_authctxt);
|
||||
diff -up openssh-6.0p1/sshd.c.audit1 openssh-6.0p1/sshd.c
|
||||
--- openssh-6.0p1/sshd.c.audit1 2012-08-06 20:33:24.392382898 +0200
|
||||
+++ openssh-6.0p1/sshd.c 2012-08-06 20:33:24.421382785 +0200
|
||||
@@ -2381,7 +2381,8 @@ cleanup_exit(int i)
|
||||
}
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
/* done after do_cleanup so it can cancel the PAM auth 'thread' */
|
||||
- if (!use_privsep || mm_is_monitor())
|
@ -1,7 +1,7 @@
|
||||
diff -up openssh-5.9p1/audit-bsm.c.audit4 openssh-5.9p1/audit-bsm.c
|
||||
--- openssh-5.9p1/audit-bsm.c.audit4 2012-07-27 14:27:56.149474798 +0200
|
||||
+++ openssh-5.9p1/audit-bsm.c 2012-07-27 14:27:56.164474882 +0200
|
||||
@@ -408,4 +408,10 @@ audit_kex_body(int ctos, char *enc, char
|
||||
diff -up openssh-6.0p1/audit-bsm.c.audit4 openssh-6.0p1/audit-bsm.c
|
||||
--- openssh-6.0p1/audit-bsm.c.audit4 2012-08-06 20:35:56.306789054 +0200
|
||||
+++ openssh-6.0p1/audit-bsm.c 2012-08-06 20:35:56.314789022 +0200
|
||||
@@ -485,4 +485,10 @@ audit_kex_body(int ctos, char *enc, char
|
||||
{
|
||||
/* not implemented */
|
||||
}
|
||||
@ -12,9 +12,9 @@ diff -up openssh-5.9p1/audit-bsm.c.audit4 openssh-5.9p1/audit-bsm.c
|
||||
+ /* not implemented */
|
||||
+}
|
||||
#endif /* BSM */
|
||||
diff -up openssh-5.9p1/audit.c.audit4 openssh-5.9p1/audit.c
|
||||
--- openssh-5.9p1/audit.c.audit4 2012-07-27 14:27:56.150474804 +0200
|
||||
+++ openssh-5.9p1/audit.c 2012-07-27 14:27:56.165474888 +0200
|
||||
diff -up openssh-6.0p1/audit.c.audit4 openssh-6.0p1/audit.c
|
||||
--- openssh-6.0p1/audit.c.audit4 2012-08-06 20:35:56.307789050 +0200
|
||||
+++ openssh-6.0p1/audit.c 2012-08-06 20:35:56.315789018 +0200
|
||||
@@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac
|
||||
PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
|
||||
}
|
||||
@ -44,9 +44,9 @@ diff -up openssh-5.9p1/audit.c.audit4 openssh-5.9p1/audit.c
|
||||
+}
|
||||
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-5.9p1/audit.h.audit4 openssh-5.9p1/audit.h
|
||||
--- openssh-5.9p1/audit.h.audit4 2012-07-27 14:27:56.151474810 +0200
|
||||
+++ openssh-5.9p1/audit.h 2012-07-27 14:27:56.165474888 +0200
|
||||
diff -up openssh-6.0p1/audit.h.audit4 openssh-6.0p1/audit.h
|
||||
--- openssh-6.0p1/audit.h.audit4 2012-08-06 20:35:56.308789046 +0200
|
||||
+++ openssh-6.0p1/audit.h 2012-08-06 20:35:56.315789018 +0200
|
||||
@@ -62,5 +62,7 @@ void audit_unsupported(int);
|
||||
void audit_kex(int, char *, char *, char *);
|
||||
void audit_unsupported_body(int);
|
||||
@ -55,9 +55,9 @@ diff -up openssh-5.9p1/audit.h.audit4 openssh-5.9p1/audit.h
|
||||
+void audit_session_key_free_body(int ctos, pid_t, uid_t);
|
||||
|
||||
#endif /* _SSH_AUDIT_H */
|
||||
diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c
|
||||
--- openssh-5.9p1/audit-linux.c.audit4 2012-07-27 14:27:56.149474798 +0200
|
||||
+++ openssh-5.9p1/audit-linux.c 2012-07-27 14:27:56.166474894 +0200
|
||||
diff -up openssh-6.0p1/audit-linux.c.audit4 openssh-6.0p1/audit-linux.c
|
||||
--- openssh-6.0p1/audit-linux.c.audit4 2012-08-06 20:35:56.307789050 +0200
|
||||
+++ openssh-6.0p1/audit-linux.c 2012-08-06 20:35:56.315789018 +0200
|
||||
@@ -294,6 +294,8 @@ audit_unsupported_body(int what)
|
||||
#endif
|
||||
}
|
||||
@ -108,9 +108,9 @@ diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c
|
||||
+}
|
||||
+
|
||||
#endif /* USE_LINUX_AUDIT */
|
||||
diff -up openssh-5.9p1/auditstub.c.audit4 openssh-5.9p1/auditstub.c
|
||||
--- openssh-5.9p1/auditstub.c.audit4 2012-07-27 14:27:56.151474810 +0200
|
||||
+++ openssh-5.9p1/auditstub.c 2012-07-27 14:27:56.166474894 +0200
|
||||
diff -up openssh-6.0p1/auditstub.c.audit4 openssh-6.0p1/auditstub.c
|
||||
--- openssh-6.0p1/auditstub.c.audit4 2012-08-06 20:35:56.308789046 +0200
|
||||
+++ openssh-6.0p1/auditstub.c 2012-08-06 20:35:56.316789015 +0200
|
||||
@@ -27,6 +27,8 @@
|
||||
* Red Hat author: Jan F. Chadima <jchadima@redhat.com>
|
||||
*/
|
||||
@ -133,9 +133,9 @@ diff -up openssh-5.9p1/auditstub.c.audit4 openssh-5.9p1/auditstub.c
|
||||
+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
|
||||
+{
|
||||
+}
|
||||
diff -up openssh-5.9p1/kex.c.audit4 openssh-5.9p1/kex.c
|
||||
--- openssh-5.9p1/kex.c.audit4 2012-07-27 14:27:56.153474822 +0200
|
||||
+++ openssh-5.9p1/kex.c 2012-07-27 14:27:56.167474900 +0200
|
||||
diff -up openssh-6.0p1/kex.c.audit4 openssh-6.0p1/kex.c
|
||||
--- openssh-6.0p1/kex.c.audit4 2012-08-06 20:35:56.309789042 +0200
|
||||
+++ openssh-6.0p1/kex.c 2012-08-06 20:35:56.317789011 +0200
|
||||
@@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i
|
||||
fprintf(stderr, "\n");
|
||||
}
|
||||
@ -171,9 +171,9 @@ diff -up openssh-5.9p1/kex.c.audit4 openssh-5.9p1/kex.c
|
||||
+ memset(&newkeys->comp, 0, sizeof(newkeys->comp));
|
||||
+}
|
||||
+
|
||||
diff -up openssh-5.9p1/kex.h.audit4 openssh-5.9p1/kex.h
|
||||
--- openssh-5.9p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200
|
||||
+++ openssh-5.9p1/kex.h 2012-07-27 14:27:56.168474905 +0200
|
||||
diff -up openssh-6.0p1/kex.h.audit4 openssh-6.0p1/kex.h
|
||||
--- openssh-6.0p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200
|
||||
+++ openssh-6.0p1/kex.h 2012-08-06 20:35:56.317789011 +0200
|
||||
@@ -156,6 +156,8 @@ void kexgex_server(Kex *);
|
||||
void kexecdh_client(Kex *);
|
||||
void kexecdh_server(Kex *);
|
||||
@ -183,10 +183,10 @@ diff -up openssh-5.9p1/kex.h.audit4 openssh-5.9p1/kex.h
|
||||
void
|
||||
kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
|
||||
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
|
||||
diff -up openssh-5.9p1/mac.c.audit4 openssh-5.9p1/mac.c
|
||||
--- openssh-5.9p1/mac.c.audit4 2011-08-17 02:29:03.000000000 +0200
|
||||
+++ openssh-5.9p1/mac.c 2012-07-27 14:27:56.168474905 +0200
|
||||
@@ -168,6 +168,20 @@ mac_clear(Mac *mac)
|
||||
diff -up openssh-6.0p1/mac.c.audit4 openssh-6.0p1/mac.c
|
||||
--- openssh-6.0p1/mac.c.audit4 2012-01-17 04:03:38.000000000 +0100
|
||||
+++ openssh-6.0p1/mac.c 2012-08-06 20:35:56.318789007 +0200
|
||||
@@ -171,6 +171,20 @@ mac_clear(Mac *mac)
|
||||
mac->umac_ctx = NULL;
|
||||
}
|
||||
|
||||
@ -207,17 +207,17 @@ diff -up openssh-5.9p1/mac.c.audit4 openssh-5.9p1/mac.c
|
||||
/* XXX copied from ciphers_valid */
|
||||
#define MAC_SEP ","
|
||||
int
|
||||
diff -up openssh-5.9p1/mac.h.audit4 openssh-5.9p1/mac.h
|
||||
--- openssh-5.9p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200
|
||||
+++ openssh-5.9p1/mac.h 2012-07-27 14:27:56.169474910 +0200
|
||||
diff -up openssh-6.0p1/mac.h.audit4 openssh-6.0p1/mac.h
|
||||
--- openssh-6.0p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200
|
||||
+++ openssh-6.0p1/mac.h 2012-08-06 20:35:56.318789007 +0200
|
||||
@@ -28,3 +28,4 @@ int mac_setup(Mac *, char *);
|
||||
int mac_init(Mac *);
|
||||
u_char *mac_compute(Mac *, u_int32_t, u_char *, int);
|
||||
void mac_clear(Mac *);
|
||||
+void mac_destroy(Mac *);
|
||||
diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
|
||||
--- openssh-5.9p1/monitor.c.audit4 2012-07-27 14:27:56.154474827 +0200
|
||||
+++ openssh-5.9p1/monitor.c 2012-07-27 14:31:20.311655098 +0200
|
||||
diff -up openssh-6.0p1/monitor.c.audit4 openssh-6.0p1/monitor.c
|
||||
--- openssh-6.0p1/monitor.c.audit4 2012-08-06 20:35:56.310789038 +0200
|
||||
+++ openssh-6.0p1/monitor.c 2012-08-06 20:35:56.319789003 +0200
|
||||
@@ -189,6 +189,7 @@ int mm_answer_audit_command(int, Buffer
|
||||
int mm_answer_audit_end_command(int, Buffer *);
|
||||
int mm_answer_audit_unsupported_body(int, Buffer *);
|
||||
@ -269,7 +269,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
|
||||
if (!authctxt->valid)
|
||||
fatal("%s: authenticated invalid user", __func__);
|
||||
if (strcmp(auth_method, "unknown") == 0)
|
||||
@@ -1952,11 +1953,13 @@ mm_get_keystate(struct monitor *pmonitor
|
||||
@@ -1953,11 +1954,13 @@ mm_get_keystate(struct monitor *pmonitor
|
||||
|
||||
blob = buffer_get_string(&m, &bloblen);
|
||||
current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen);
|
||||
@ -283,7 +283,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
|
||||
xfree(blob);
|
||||
|
||||
/* Now get sequence numbers for the packets */
|
||||
@@ -2002,6 +2005,21 @@ mm_get_keystate(struct monitor *pmonitor
|
||||
@@ -2003,6 +2006,21 @@ mm_get_keystate(struct monitor *pmonitor
|
||||
}
|
||||
|
||||
buffer_free(&m);
|
||||
@ -305,7 +305,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
|
||||
}
|
||||
|
||||
|
||||
@@ -2448,4 +2466,22 @@ mm_answer_audit_kex_body(int sock, Buffe
|
||||
@@ -2449,4 +2467,22 @@ mm_answer_audit_kex_body(int sock, Buffe
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -328,9 +328,9 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
|
||||
+ return 0;
|
||||
+}
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-5.9p1/monitor.h.audit4 openssh-5.9p1/monitor.h
|
||||
--- openssh-5.9p1/monitor.h.audit4 2012-07-27 14:27:56.155474832 +0200
|
||||
+++ openssh-5.9p1/monitor.h 2012-07-27 14:27:56.171474920 +0200
|
||||
diff -up openssh-6.0p1/monitor.h.audit4 openssh-6.0p1/monitor.h
|
||||
--- openssh-6.0p1/monitor.h.audit4 2012-08-06 20:35:56.310789038 +0200
|
||||
+++ openssh-6.0p1/monitor.h 2012-08-06 20:35:56.319789003 +0200
|
||||
@@ -63,6 +63,7 @@ enum monitor_reqtype {
|
||||
MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND,
|
||||
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
|
||||
@ -339,9 +339,9 @@ diff -up openssh-5.9p1/monitor.h.audit4 openssh-5.9p1/monitor.h
|
||||
MONITOR_REQ_TERM,
|
||||
MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
|
||||
MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
|
||||
diff -up openssh-5.9p1/monitor_wrap.c.audit4 openssh-5.9p1/monitor_wrap.c
|
||||
--- openssh-5.9p1/monitor_wrap.c.audit4 2012-07-27 14:27:56.156474837 +0200
|
||||
+++ openssh-5.9p1/monitor_wrap.c 2012-07-27 14:27:56.172474926 +0200
|
||||
diff -up openssh-6.0p1/monitor_wrap.c.audit4 openssh-6.0p1/monitor_wrap.c
|
||||
--- openssh-6.0p1/monitor_wrap.c.audit4 2012-08-06 20:35:56.311789034 +0200
|
||||
+++ openssh-6.0p1/monitor_wrap.c 2012-08-06 20:35:56.320788999 +0200
|
||||
@@ -653,12 +653,14 @@ mm_send_keystate(struct monitor *monitor
|
||||
fatal("%s: conversion of newkeys failed", __func__);
|
||||
|
||||
@ -377,9 +377,9 @@ diff -up openssh-5.9p1/monitor_wrap.c.audit4 openssh-5.9p1/monitor_wrap.c
|
||||
+ buffer_free(&m);
|
||||
+}
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-5.9p1/monitor_wrap.h.audit4 openssh-5.9p1/monitor_wrap.h
|
||||
--- openssh-5.9p1/monitor_wrap.h.audit4 2012-07-27 14:27:56.157474843 +0200
|
||||
+++ openssh-5.9p1/monitor_wrap.h 2012-07-27 14:27:56.173474932 +0200
|
||||
diff -up openssh-6.0p1/monitor_wrap.h.audit4 openssh-6.0p1/monitor_wrap.h
|
||||
--- openssh-6.0p1/monitor_wrap.h.audit4 2012-08-06 20:35:56.311789034 +0200
|
||||
+++ openssh-6.0p1/monitor_wrap.h 2012-08-06 20:35:56.320788999 +0200
|
||||
@@ -79,6 +79,7 @@ int mm_audit_run_command(const char *);
|
||||
void mm_audit_end_command(int, const char *);
|
||||
void mm_audit_unsupported_body(int);
|
||||
@ -388,9 +388,9 @@ diff -up openssh-5.9p1/monitor_wrap.h.audit4 openssh-5.9p1/monitor_wrap.h
|
||||
#endif
|
||||
|
||||
struct Session;
|
||||
diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
|
||||
--- openssh-5.9p1/packet.c.audit4 2012-07-27 14:27:56.099474520 +0200
|
||||
+++ openssh-5.9p1/packet.c 2012-07-27 14:27:56.174474938 +0200
|
||||
diff -up openssh-6.0p1/packet.c.audit4 openssh-6.0p1/packet.c
|
||||
--- openssh-6.0p1/packet.c.audit4 2012-08-06 20:35:56.282789147 +0200
|
||||
+++ openssh-6.0p1/packet.c 2012-08-06 20:35:56.321788995 +0200
|
||||
@@ -60,6 +60,7 @@
|
||||
#include <signal.h>
|
||||
|
||||
@ -399,7 +399,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
|
||||
#include "buffer.h"
|
||||
#include "packet.h"
|
||||
#include "crc32.h"
|
||||
@@ -472,6 +473,13 @@ packet_get_connection_out(void)
|
||||
@@ -470,6 +471,13 @@ packet_get_connection_out(void)
|
||||
return active_state->connection_out;
|
||||
}
|
||||
|
||||
@ -413,7 +413,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
|
||||
/* Closes the connection and clears and frees internal data structures. */
|
||||
|
||||
void
|
||||
@@ -480,13 +488,6 @@ packet_close(void)
|
||||
@@ -478,13 +486,6 @@ packet_close(void)
|
||||
if (!active_state->initialized)
|
||||
return;
|
||||
active_state->initialized = 0;
|
||||
@ -427,7 +427,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
|
||||
buffer_free(&active_state->input);
|
||||
buffer_free(&active_state->output);
|
||||
buffer_free(&active_state->outgoing_packet);
|
||||
@@ -495,8 +496,18 @@ packet_close(void)
|
||||
@@ -493,8 +494,18 @@ packet_close(void)
|
||||
buffer_free(&active_state->compression_buffer);
|
||||
buffer_compress_uninit();
|
||||
}
|
||||
@ -448,7 +448,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
|
||||
}
|
||||
|
||||
/* Sets remote side protocol flags. */
|
||||
@@ -731,6 +742,23 @@ packet_send1(void)
|
||||
@@ -729,6 +740,23 @@ packet_send1(void)
|
||||
*/
|
||||
}
|
||||
|
||||
@ -472,7 +472,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
|
||||
void
|
||||
set_newkeys(int mode)
|
||||
{
|
||||
@@ -756,18 +784,9 @@ set_newkeys(int mode)
|
||||
@@ -754,18 +782,9 @@ set_newkeys(int mode)
|
||||
}
|
||||
if (active_state->newkeys[mode] != NULL) {
|
||||
debug("set_newkeys: rekeying");
|
||||
@ -493,7 +493,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
|
||||
}
|
||||
active_state->newkeys[mode] = kex_get_newkeys(mode);
|
||||
if (active_state->newkeys[mode] == NULL)
|
||||
@@ -1927,6 +1946,47 @@ packet_get_newkeys(int mode)
|
||||
@@ -1921,6 +1940,47 @@ packet_get_newkeys(int mode)
|
||||
return (void *)active_state->newkeys[mode];
|
||||
}
|
||||
|
||||
@ -541,7 +541,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
|
||||
/*
|
||||
* Save the state for the real connection, and use a separate state when
|
||||
* resuming a suspended connection.
|
||||
@@ -1934,18 +1994,12 @@ packet_get_newkeys(int mode)
|
||||
@@ -1928,18 +1988,12 @@ packet_get_newkeys(int mode)
|
||||
void
|
||||
packet_backup_state(void)
|
||||
{
|
||||
@ -561,7 +561,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1962,9 +2016,7 @@ packet_restore_state(void)
|
||||
@@ -1956,9 +2010,7 @@ packet_restore_state(void)
|
||||
backup_state = active_state;
|
||||
active_state = tmp;
|
||||
active_state->connection_in = backup_state->connection_in;
|
||||
@ -571,7 +571,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
|
||||
len = buffer_len(&backup_state->input);
|
||||
if (len > 0) {
|
||||
buf = buffer_ptr(&backup_state->input);
|
||||
@@ -1972,4 +2024,10 @@ packet_restore_state(void)
|
||||
@@ -1966,4 +2018,10 @@ packet_restore_state(void)
|
||||
buffer_clear(&backup_state->input);
|
||||
add_recv_bytes(len);
|
||||
}
|
||||
@ -582,18 +582,18 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
|
||||
+ backup_state = NULL;
|
||||
}
|
||||
+
|
||||
diff -up openssh-5.9p1/packet.h.audit4 openssh-5.9p1/packet.h
|
||||
--- openssh-5.9p1/packet.h.audit4 2011-05-15 00:43:13.000000000 +0200
|
||||
+++ openssh-5.9p1/packet.h 2012-07-27 14:27:56.175474944 +0200
|
||||
@@ -124,4 +124,5 @@ void packet_restore_state(void);
|
||||
diff -up openssh-6.0p1/packet.h.audit4 openssh-6.0p1/packet.h
|
||||
--- openssh-6.0p1/packet.h.audit4 2012-02-10 22:19:21.000000000 +0100
|
||||
+++ openssh-6.0p1/packet.h 2012-08-06 20:35:56.321788995 +0200
|
||||
@@ -123,4 +123,5 @@ void packet_restore_state(void);
|
||||
void *packet_get_input(void);
|
||||
void *packet_get_output(void);
|
||||
|
||||
+void packet_destroy_all(int, int);
|
||||
#endif /* PACKET_H */
|
||||
diff -up openssh-5.9p1/session.c.audit4 openssh-5.9p1/session.c
|
||||
--- openssh-5.9p1/session.c.audit4 2012-07-27 14:27:56.130474693 +0200
|
||||
+++ openssh-5.9p1/session.c 2012-07-27 14:27:56.176474950 +0200
|
||||
diff -up openssh-6.0p1/session.c.audit4 openssh-6.0p1/session.c
|
||||
--- openssh-6.0p1/session.c.audit4 2012-08-06 20:35:56.296789093 +0200
|
||||
+++ openssh-6.0p1/session.c 2012-08-06 20:35:56.322788991 +0200
|
||||
@@ -1634,6 +1634,9 @@ do_child(Session *s, const char *command
|
||||
|
||||
/* remove hostkey from the child's memory */
|
||||
@ -604,10 +604,10 @@ diff -up openssh-5.9p1/session.c.audit4 openssh-5.9p1/session.c
|
||||
|
||||
/* Force a password change */
|
||||
if (s->authctxt->force_pwchange) {
|
||||
diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
|
||||
--- openssh-5.9p1/sshd.c.audit4 2012-07-27 14:27:56.159474855 +0200
|
||||
+++ openssh-5.9p1/sshd.c 2012-07-27 14:27:56.178474961 +0200
|
||||
@@ -686,6 +686,8 @@ privsep_preauth(Authctxt *authctxt)
|
||||
diff -up openssh-6.0p1/sshd.c.audit4 openssh-6.0p1/sshd.c
|
||||
--- openssh-6.0p1/sshd.c.audit4 2012-08-06 20:35:56.312789030 +0200
|
||||
+++ openssh-6.0p1/sshd.c 2012-08-06 20:35:56.323788987 +0200
|
||||
@@ -690,6 +690,8 @@ privsep_preauth(Authctxt *authctxt)
|
||||
}
|
||||
}
|
||||
|
||||
@ -616,7 +616,7 @@ diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
|
||||
static void
|
||||
privsep_postauth(Authctxt *authctxt)
|
||||
{
|
||||
@@ -710,6 +712,10 @@ privsep_postauth(Authctxt *authctxt)
|
||||
@@ -714,6 +716,10 @@ privsep_postauth(Authctxt *authctxt)
|
||||
else if (pmonitor->m_pid != 0) {
|
||||
verbose("User child is on pid %ld", (long)pmonitor->m_pid);
|
||||
buffer_clear(&loginmsg);
|
||||
@ -627,7 +627,7 @@ diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
|
||||
monitor_child_postauth(pmonitor);
|
||||
|
||||
/* NEVERREACHED */
|
||||
@@ -2001,6 +2007,7 @@ main(int ac, char **av)
|
||||
@@ -2005,6 +2011,7 @@ main(int ac, char **av)
|
||||
*/
|
||||
if (use_privsep) {
|
||||
mm_send_keystate(pmonitor);
|
||||
@ -635,7 +635,7 @@ diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
|
||||
exit(0);
|
||||
}
|
||||
|
||||
@@ -2053,6 +2060,8 @@ main(int ac, char **av)
|
||||
@@ -2057,6 +2064,8 @@ main(int ac, char **av)
|
||||
do_authenticated(authctxt);
|
||||
|
||||
/* The connection has been terminated. */
|
||||
@ -644,7 +644,7 @@ diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
|
||||
packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
|
||||
packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
|
||||
verbose("Transferred: sent %llu, received %llu bytes",
|
||||
@@ -2370,8 +2379,20 @@ do_ssh2_kex(void)
|
||||
@@ -2374,6 +2383,16 @@ do_ssh2_kex(void)
|
||||
void
|
||||
cleanup_exit(int i)
|
||||
{
|
||||
@ -658,8 +658,13 @@ diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
|
||||
+ _exit(i);
|
||||
+ in_cleanup = 1;
|
||||
+
|
||||
if (the_authctxt)
|
||||
if (the_authctxt) {
|
||||
do_cleanup(the_authctxt);
|
||||
if (use_privsep && privsep_is_preauth && pmonitor->m_pid > 1) {
|
||||
@@ -2384,6 +2403,8 @@ cleanup_exit(int i)
|
||||
pmonitor->m_pid, strerror(errno));
|
||||
}
|
||||
}
|
||||
+ is_privsep_child = use_privsep && pmonitor != NULL && !mm_is_monitor();
|
||||
+ packet_destroy_all(1, is_privsep_child);
|
||||
#ifdef SSH_AUDIT_EVENTS
|
@ -1,7 +1,7 @@
|
||||
diff -up openssh-5.9p1/audit-bsm.c.audit5 openssh-5.9p1/audit-bsm.c
|
||||
--- openssh-5.9p1/audit-bsm.c.audit5 2011-09-13 22:07:31.262575526 +0200
|
||||
+++ openssh-5.9p1/audit-bsm.c 2011-09-13 22:07:33.268491813 +0200
|
||||
@@ -414,4 +414,22 @@ audit_session_key_free_body(int ctos, pi
|
||||
diff -up openssh-6.0p1/audit-bsm.c.audit5 openssh-6.0p1/audit-bsm.c
|
||||
--- openssh-6.0p1/audit-bsm.c.audit5 2012-08-06 20:37:50.036345216 +0200
|
||||
+++ openssh-6.0p1/audit-bsm.c 2012-08-06 20:37:50.046345177 +0200
|
||||
@@ -491,4 +491,22 @@ audit_session_key_free_body(int ctos, pi
|
||||
{
|
||||
/* not implemented */
|
||||
}
|
||||
@ -24,10 +24,58 @@ diff -up openssh-5.9p1/audit-bsm.c.audit5 openssh-5.9p1/audit-bsm.c
|
||||
+ /* not implemented */
|
||||
+}
|
||||
#endif /* BSM */
|
||||
diff -up openssh-5.9p1/audit-linux.c.audit5 openssh-5.9p1/audit-linux.c
|
||||
--- openssh-5.9p1/audit-linux.c.audit5 2011-09-13 22:07:31.400584308 +0200
|
||||
+++ openssh-5.9p1/audit-linux.c 2011-09-13 22:07:33.357460348 +0200
|
||||
@@ -350,4 +350,50 @@ audit_session_key_free_body(int ctos, pi
|
||||
diff -up openssh-6.0p1/audit.c.audit5 openssh-6.0p1/audit.c
|
||||
--- openssh-6.0p1/audit.c.audit5 2012-08-06 20:37:50.036345216 +0200
|
||||
+++ openssh-6.0p1/audit.c 2012-08-06 20:37:50.047345173 +0200
|
||||
@@ -290,5 +290,24 @@ audit_session_key_free_body(int ctos, pi
|
||||
debug("audit session key discard euid %u direction %d from pid %ld uid %u",
|
||||
(unsigned)geteuid(), ctos, (long)pid, (unsigned)uid);
|
||||
}
|
||||
+
|
||||
+/*
|
||||
+ * This will be called on destroy private part of the server key
|
||||
+ */
|
||||
+void
|
||||
+audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
|
||||
+{
|
||||
+ debug("audit destroy sensitive data euid %d fingerprint %s from pid %ld uid %u",
|
||||
+ geteuid(), fp, (long)pid, (unsigned)uid);
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * This will be called on generation of the ephemeral server key
|
||||
+ */
|
||||
+void
|
||||
+audit_generate_ephemeral_server_key(const char *)
|
||||
+{
|
||||
+ debug("audit create ephemeral server key euid %d fingerprint %s", geteuid(), fp);
|
||||
+}
|
||||
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-6.0p1/audit.h.audit5 openssh-6.0p1/audit.h
|
||||
--- openssh-6.0p1/audit.h.audit5 2012-08-06 20:37:50.037345212 +0200
|
||||
+++ openssh-6.0p1/audit.h 2012-08-06 20:37:50.047345173 +0200
|
||||
@@ -48,6 +48,8 @@ enum ssh_audit_event_type {
|
||||
};
|
||||
typedef enum ssh_audit_event_type ssh_audit_event_t;
|
||||
|
||||
+int listening_for_clients(void);
|
||||
+
|
||||
void audit_connection_from(const char *, int);
|
||||
void audit_event(ssh_audit_event_t);
|
||||
void audit_count_session_open(void);
|
||||
@@ -64,5 +66,7 @@ void audit_unsupported_body(int);
|
||||
void audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
|
||||
void audit_session_key_free(int ctos);
|
||||
void audit_session_key_free_body(int ctos, pid_t, uid_t);
|
||||
+void audit_destroy_sensitive_data(const char *, pid_t, uid_t);
|
||||
+void audit_generate_ephemeral_server_key(const char *);
|
||||
|
||||
#endif /* _SSH_AUDIT_H */
|
||||
diff -up openssh-6.0p1/audit-linux.c.audit5 openssh-6.0p1/audit-linux.c
|
||||
--- openssh-6.0p1/audit-linux.c.audit5 2012-08-06 20:37:50.037345212 +0200
|
||||
+++ openssh-6.0p1/audit-linux.c 2012-08-06 20:37:50.046345177 +0200
|
||||
@@ -356,4 +356,50 @@ audit_session_key_free_body(int ctos, pi
|
||||
error("cannot write into audit");
|
||||
}
|
||||
|
||||
@ -78,58 +126,10 @@ diff -up openssh-5.9p1/audit-linux.c.audit5 openssh-5.9p1/audit-linux.c
|
||||
+ error("cannot write into audit");
|
||||
+}
|
||||
#endif /* USE_LINUX_AUDIT */
|
||||
diff -up openssh-5.9p1/audit.c.audit5 openssh-5.9p1/audit.c
|
||||
--- openssh-5.9p1/audit.c.audit5 2011-09-13 22:07:31.495458797 +0200
|
||||
+++ openssh-5.9p1/audit.c 2011-09-13 22:07:33.478458341 +0200
|
||||
@@ -290,5 +290,24 @@ audit_session_key_free_body(int ctos, pi
|
||||
debug("audit session key discard euid %u direction %d from pid %ld uid %u",
|
||||
(unsigned)geteuid(), ctos, (long)pid, (unsigned)uid);
|
||||
}
|
||||
+
|
||||
+/*
|
||||
+ * This will be called on destroy private part of the server key
|
||||
+ */
|
||||
+void
|
||||
+audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
|
||||
+{
|
||||
+ debug("audit destroy sensitive data euid %d fingerprint %s from pid %ld uid %u",
|
||||
+ geteuid(), fp, (long)pid, (unsigned)uid);
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * This will be called on generation of the ephemeral server key
|
||||
+ */
|
||||
+void
|
||||
+audit_generate_ephemeral_server_key(const char *)
|
||||
+{
|
||||
+ debug("audit create ephemeral server key euid %d fingerprint %s", geteuid(), fp);
|
||||
+}
|
||||
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-5.9p1/audit.h.audit5 openssh-5.9p1/audit.h
|
||||
--- openssh-5.9p1/audit.h.audit5 2011-09-13 22:07:31.616459125 +0200
|
||||
+++ openssh-5.9p1/audit.h 2011-09-13 22:07:33.612458074 +0200
|
||||
@@ -48,6 +48,8 @@ enum ssh_audit_event_type {
|
||||
};
|
||||
typedef enum ssh_audit_event_type ssh_audit_event_t;
|
||||
|
||||
+int listening_for_clients(void);
|
||||
+
|
||||
void audit_connection_from(const char *, int);
|
||||
void audit_event(ssh_audit_event_t);
|
||||
void audit_count_session_open(void);
|
||||
@@ -64,5 +66,7 @@ void audit_unsupported_body(int);
|
||||
void audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
|
||||
void audit_session_key_free(int ctos);
|
||||
void audit_session_key_free_body(int ctos, pid_t, uid_t);
|
||||
+void audit_destroy_sensitive_data(const char *, pid_t, uid_t);
|
||||
+void audit_generate_ephemeral_server_key(const char *);
|
||||
|
||||
#endif /* _SSH_AUDIT_H */
|
||||
diff -up openssh-5.9p1/key.c.audit5 openssh-5.9p1/key.c
|
||||
--- openssh-5.9p1/key.c.audit5 2011-09-13 22:07:23.054490740 +0200
|
||||
+++ openssh-5.9p1/key.c 2011-09-13 22:07:33.721583661 +0200
|
||||
@@ -1799,6 +1799,30 @@ key_demote(const Key *k)
|
||||
diff -up openssh-6.0p1/key.c.audit5 openssh-6.0p1/key.c
|
||||
--- openssh-6.0p1/key.c.audit5 2012-08-06 20:37:49.992345388 +0200
|
||||
+++ openssh-6.0p1/key.c 2012-08-06 20:37:50.048345169 +0200
|
||||
@@ -1794,6 +1794,30 @@ key_demote(const Key *k)
|
||||
}
|
||||
|
||||
int
|
||||
@ -160,9 +160,9 @@ diff -up openssh-5.9p1/key.c.audit5 openssh-5.9p1/key.c
|
||||
key_is_cert(const Key *k)
|
||||
{
|
||||
if (k == NULL)
|
||||
diff -up openssh-5.9p1/key.h.audit5 openssh-5.9p1/key.h
|
||||
--- openssh-5.9p1/key.h.audit5 2011-09-13 22:07:23.160459285 +0200
|
||||
+++ openssh-5.9p1/key.h 2011-09-13 22:07:33.847459341 +0200
|
||||
diff -up openssh-6.0p1/key.h.audit5 openssh-6.0p1/key.h
|
||||
--- openssh-6.0p1/key.h.audit5 2012-08-06 20:37:49.993345384 +0200
|
||||
+++ openssh-6.0p1/key.h 2012-08-06 20:37:50.049345165 +0200
|
||||
@@ -109,6 +109,7 @@ Key *key_generate(int, u_int);
|
||||
Key *key_from_private(const Key *);
|
||||
int key_type_from_name(char *);
|
||||
@ -171,9 +171,9 @@ diff -up openssh-5.9p1/key.h.audit5 openssh-5.9p1/key.h
|
||||
int key_type_plain(int);
|
||||
int key_to_certified(Key *, int);
|
||||
int key_drop_cert(Key *);
|
||||
diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
|
||||
--- openssh-5.9p1/monitor.c.audit5 2011-09-13 22:07:32.285495537 +0200
|
||||
+++ openssh-5.9p1/monitor.c 2011-09-13 22:10:04.148554239 +0200
|
||||
diff -up openssh-6.0p1/monitor.c.audit5 openssh-6.0p1/monitor.c
|
||||
--- openssh-6.0p1/monitor.c.audit5 2012-08-06 20:37:50.040345200 +0200
|
||||
+++ openssh-6.0p1/monitor.c 2012-08-06 20:37:50.049345165 +0200
|
||||
@@ -114,6 +114,8 @@ extern Buffer auth_debug;
|
||||
extern int auth_debug_init;
|
||||
extern Buffer loginmsg;
|
||||
@ -183,7 +183,7 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
|
||||
/* State exported from the child */
|
||||
|
||||
struct {
|
||||
@@ -191,6 +193,7 @@ int mm_answer_audit_end_command(int, Buf
|
||||
@@ -190,6 +192,7 @@ int mm_answer_audit_end_command(int, Buf
|
||||
int mm_answer_audit_unsupported_body(int, Buffer *);
|
||||
int mm_answer_audit_kex_body(int, Buffer *);
|
||||
int mm_answer_audit_session_key_free_body(int, Buffer *);
|
||||
@ -199,7 +199,7 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
|
||||
#endif
|
||||
#ifdef BSD_AUTH
|
||||
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
|
||||
@@ -285,6 +289,7 @@ struct mon_table mon_dispatch_postauth20
|
||||
@@ -284,6 +288,7 @@ struct mon_table mon_dispatch_postauth20
|
||||
{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
|
||||
{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
|
||||
{MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body},
|
||||
@ -207,7 +207,7 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
|
||||
#endif
|
||||
{0, 0, NULL}
|
||||
};
|
||||
@@ -319,6 +324,7 @@ struct mon_table mon_dispatch_proto15[]
|
||||
@@ -318,6 +323,7 @@ struct mon_table mon_dispatch_proto15[]
|
||||
{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
|
||||
{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
|
||||
{MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body},
|
||||
@ -215,7 +215,7 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
|
||||
#endif
|
||||
{0, 0, NULL}
|
||||
};
|
||||
@@ -334,6 +340,7 @@ struct mon_table mon_dispatch_postauth15
|
||||
@@ -333,6 +339,7 @@ struct mon_table mon_dispatch_postauth15
|
||||
{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
|
||||
{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
|
||||
{MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body},
|
||||
@ -223,7 +223,7 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
|
||||
#endif
|
||||
{0, 0, NULL}
|
||||
};
|
||||
@@ -1716,6 +1723,8 @@ mm_answer_term(int sock, Buffer *req)
|
||||
@@ -1744,6 +1751,8 @@ mm_answer_term(int sock, Buffer *req)
|
||||
sshpam_cleanup();
|
||||
#endif
|
||||
|
||||
@ -232,7 +232,7 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
|
||||
while (waitpid(pmonitor->m_pid, &status, 0) == -1)
|
||||
if (errno != EINTR)
|
||||
exit(1);
|
||||
@@ -2470,4 +2479,25 @@ mm_answer_audit_session_key_free_body(in
|
||||
@@ -2485,4 +2494,25 @@ mm_answer_audit_session_key_free_body(in
|
||||
mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m);
|
||||
return 0;
|
||||
}
|
||||
@ -258,9 +258,9 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
|
||||
+ return 0;
|
||||
+}
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-5.9p1/monitor.h.audit5 openssh-5.9p1/monitor.h
|
||||
--- openssh-5.9p1/monitor.h.audit5 2011-09-13 22:07:32.385522626 +0200
|
||||
+++ openssh-5.9p1/monitor.h 2011-09-13 22:07:34.098459356 +0200
|
||||
diff -up openssh-6.0p1/monitor.h.audit5 openssh-6.0p1/monitor.h
|
||||
--- openssh-6.0p1/monitor.h.audit5 2012-08-06 20:37:50.040345200 +0200
|
||||
+++ openssh-6.0p1/monitor.h 2012-08-06 20:37:50.050345161 +0200
|
||||
@@ -64,6 +64,7 @@ enum monitor_reqtype {
|
||||
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
|
||||
MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,
|
||||
@ -269,10 +269,10 @@ diff -up openssh-5.9p1/monitor.h.audit5 openssh-5.9p1/monitor.h
|
||||
MONITOR_REQ_TERM,
|
||||
MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
|
||||
MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
|
||||
diff -up openssh-5.9p1/monitor_wrap.c.audit5 openssh-5.9p1/monitor_wrap.c
|
||||
--- openssh-5.9p1/monitor_wrap.c.audit5 2011-09-13 22:07:32.510521163 +0200
|
||||
+++ openssh-5.9p1/monitor_wrap.c 2011-09-13 22:07:34.610458275 +0200
|
||||
@@ -1559,4 +1559,20 @@ mm_audit_session_key_free_body(int ctos,
|
||||
diff -up openssh-6.0p1/monitor_wrap.c.audit5 openssh-6.0p1/monitor_wrap.c
|
||||
--- openssh-6.0p1/monitor_wrap.c.audit5 2012-08-06 20:37:50.041345196 +0200
|
||||
+++ openssh-6.0p1/monitor_wrap.c 2012-08-06 20:37:50.050345161 +0200
|
||||
@@ -1539,4 +1539,20 @@ mm_audit_session_key_free_body(int ctos,
|
||||
&m);
|
||||
buffer_free(&m);
|
||||
}
|
||||
@ -293,10 +293,10 @@ diff -up openssh-5.9p1/monitor_wrap.c.audit5 openssh-5.9p1/monitor_wrap.c
|
||||
+ buffer_free(&m);
|
||||
+}
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-5.9p1/monitor_wrap.h.audit5 openssh-5.9p1/monitor_wrap.h
|
||||
--- openssh-5.9p1/monitor_wrap.h.audit5 2011-09-13 22:07:32.607520810 +0200
|
||||
+++ openssh-5.9p1/monitor_wrap.h 2011-09-13 22:07:34.716458214 +0200
|
||||
@@ -81,6 +81,7 @@ void mm_audit_end_command(int, const cha
|
||||
diff -up openssh-6.0p1/monitor_wrap.h.audit5 openssh-6.0p1/monitor_wrap.h
|
||||
--- openssh-6.0p1/monitor_wrap.h.audit5 2012-08-06 20:37:50.041345196 +0200
|
||||
+++ openssh-6.0p1/monitor_wrap.h 2012-08-06 20:37:50.051345157 +0200
|
||||
@@ -80,6 +80,7 @@ void mm_audit_end_command(int, const cha
|
||||
void mm_audit_unsupported_body(int);
|
||||
void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
|
||||
void mm_audit_session_key_free_body(int, pid_t, uid_t);
|
||||
@ -304,9 +304,9 @@ diff -up openssh-5.9p1/monitor_wrap.h.audit5 openssh-5.9p1/monitor_wrap.h
|
||||
#endif
|
||||
|
||||
struct Session;
|
||||
diff -up openssh-5.9p1/session.c.audit5 openssh-5.9p1/session.c
|
||||
--- openssh-5.9p1/session.c.audit5 2011-09-13 22:07:32.973544819 +0200
|
||||
+++ openssh-5.9p1/session.c 2011-09-13 22:07:34.849585578 +0200
|
||||
diff -up openssh-6.0p1/session.c.audit5 openssh-6.0p1/session.c
|
||||
--- openssh-6.0p1/session.c.audit5 2012-08-06 20:37:50.043345189 +0200
|
||||
+++ openssh-6.0p1/session.c 2012-08-06 20:37:50.052345153 +0200
|
||||
@@ -136,7 +136,7 @@ extern int log_stderr;
|
||||
extern int debug_flag;
|
||||
extern u_int utmp_len;
|
||||
@ -325,10 +325,10 @@ diff -up openssh-5.9p1/session.c.audit5 openssh-5.9p1/session.c
|
||||
/* Don't audit this - both us and the parent would be talking to the
|
||||
monitor over a single socket, with no synchronization. */
|
||||
packet_destroy_all(0, 1);
|
||||
diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
|
||||
--- openssh-5.9p1/sshd.c.audit5 2011-09-13 22:07:33.106516378 +0200
|
||||
+++ openssh-5.9p1/sshd.c 2011-09-13 22:07:34.989470331 +0200
|
||||
@@ -254,7 +254,7 @@ Buffer loginmsg;
|
||||
diff -up openssh-6.0p1/sshd.c.audit5 openssh-6.0p1/sshd.c
|
||||
--- openssh-6.0p1/sshd.c.audit5 2012-08-06 20:37:50.044345185 +0200
|
||||
+++ openssh-6.0p1/sshd.c 2012-08-06 20:37:50.053345149 +0200
|
||||
@@ -255,7 +255,7 @@ Buffer loginmsg;
|
||||
struct passwd *privsep_pw = NULL;
|
||||
|
||||
/* Prototypes for various functions defined later in this file. */
|
||||
@ -337,7 +337,7 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
|
||||
void demote_sensitive_data(void);
|
||||
|
||||
static void do_ssh1_kex(void);
|
||||
@@ -273,6 +273,15 @@ close_listen_socks(void)
|
||||
@@ -274,6 +274,15 @@ close_listen_socks(void)
|
||||
num_listen_socks = -1;
|
||||
}
|
||||
|
||||
@ -353,7 +353,7 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
|
||||
static void
|
||||
close_startup_pipes(void)
|
||||
{
|
||||
@@ -533,22 +542,47 @@ sshd_exchange_identification(int sock_in
|
||||
@@ -534,22 +543,47 @@ sshd_exchange_identification(int sock_in
|
||||
}
|
||||
}
|
||||
|
||||
@ -404,7 +404,7 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
|
||||
key_free(sensitive_data.host_certificates[i]);
|
||||
sensitive_data.host_certificates[i] = NULL;
|
||||
}
|
||||
@@ -562,6 +596,8 @@ void
|
||||
@@ -563,6 +597,8 @@ void
|
||||
demote_sensitive_data(void)
|
||||
{
|
||||
Key *tmp;
|
||||
@ -413,7 +413,7 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
|
||||
int i;
|
||||
|
||||
if (sensitive_data.server_key) {
|
||||
@@ -570,13 +606,27 @@ demote_sensitive_data(void)
|
||||
@@ -571,13 +607,27 @@ demote_sensitive_data(void)
|
||||
sensitive_data.server_key = tmp;
|
||||
}
|
||||
|
||||
@ -441,7 +441,7 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
|
||||
}
|
||||
/* Certs do not need demotion */
|
||||
}
|
||||
@@ -1145,6 +1195,7 @@ server_accept_loop(int *sock_in, int *so
|
||||
@@ -1149,6 +1199,7 @@ server_accept_loop(int *sock_in, int *so
|
||||
if (received_sigterm) {
|
||||
logit("Received signal %d; terminating.",
|
||||
(int) received_sigterm);
|
||||
@ -449,7 +449,7 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
|
||||
close_listen_socks();
|
||||
unlink(options.pid_file);
|
||||
exit(received_sigterm == SIGTERM ? 0 : 255);
|
||||
@@ -2050,7 +2101,7 @@ main(int ac, char **av)
|
||||
@@ -2054,7 +2105,7 @@ main(int ac, char **av)
|
||||
privsep_postauth(authctxt);
|
||||
/* the monitor process [priv] will not return */
|
||||
if (!compat20)
|
||||
@ -458,7 +458,7 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
|
||||
}
|
||||
|
||||
packet_set_timeout(options.client_alive_interval,
|
||||
@@ -2061,6 +2112,7 @@ main(int ac, char **av)
|
||||
@@ -2065,6 +2116,7 @@ main(int ac, char **av)
|
||||
|
||||
/* The connection has been terminated. */
|
||||
packet_destroy_all(1, 1);
|
||||
@ -466,7 +466,7 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
|
||||
|
||||
packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
|
||||
packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
|
||||
@@ -2289,7 +2341,7 @@ do_ssh1_kex(void)
|
||||
@@ -2293,7 +2345,7 @@ do_ssh1_kex(void)
|
||||
session_id[i] = session_key[i] ^ session_key[i + 16];
|
||||
}
|
||||
/* Destroy the private and public keys. No longer. */
|
||||
@ -475,9 +475,9 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
|
||||
|
||||
if (use_privsep)
|
||||
mm_ssh1_session_id(session_id);
|
||||
@@ -2392,6 +2444,8 @@ cleanup_exit(int i)
|
||||
if (the_authctxt)
|
||||
do_cleanup(the_authctxt);
|
||||
@@ -2404,6 +2456,8 @@ cleanup_exit(int i)
|
||||
}
|
||||
}
|
||||
is_privsep_child = use_privsep && pmonitor != NULL && !mm_is_monitor();
|
||||
+ if (sensitive_data.host_keys != NULL)
|
||||
+ destroy_sensitive_data(is_privsep_child);
|
@ -1,7 +1,7 @@
|
||||
diff -up openssh-5.9p0/entropy.c.entropy openssh-5.9p0/entropy.c
|
||||
--- openssh-5.9p0/entropy.c.entropy 2011-08-31 13:20:59.660150441 +0200
|
||||
+++ openssh-5.9p0/entropy.c 2011-08-31 13:21:05.072024970 +0200
|
||||
@@ -232,6 +232,9 @@ seed_rng(void)
|
||||
diff -up openssh-6.0p1/entropy.c.entropy openssh-6.0p1/entropy.c
|
||||
--- openssh-6.0p1/entropy.c.entropy 2012-08-06 20:51:59.131033413 +0200
|
||||
+++ openssh-6.0p1/entropy.c 2012-08-06 20:51:59.171033257 +0200
|
||||
@@ -237,6 +237,9 @@ seed_rng(void)
|
||||
memset(buf, '\0', sizeof(buf));
|
||||
|
||||
#endif /* OPENSSL_PRNG_ONLY */
|
||||
@ -11,21 +11,21 @@ diff -up openssh-5.9p0/entropy.c.entropy openssh-5.9p0/entropy.c
|
||||
if (RAND_status() != 1)
|
||||
fatal("PRNG is not seeded");
|
||||
}
|
||||
diff -up openssh-5.9p0/openbsd-compat/Makefile.in.entropy openssh-5.9p0/openbsd-compat/Makefile.in
|
||||
--- openssh-5.9p0/openbsd-compat/Makefile.in.entropy 2011-08-31 13:20:54.000000000 +0200
|
||||
+++ openssh-5.9p0/openbsd-compat/Makefile.in 2011-08-31 13:44:25.138151565 +0200
|
||||
diff -up openssh-6.0p1/openbsd-compat/Makefile.in.entropy openssh-6.0p1/openbsd-compat/Makefile.in
|
||||
--- openssh-6.0p1/openbsd-compat/Makefile.in.entropy 2012-08-06 20:51:59.100033534 +0200
|
||||
+++ openssh-6.0p1/openbsd-compat/Makefile.in 2012-08-06 20:51:59.171033257 +0200
|
||||
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport
|
||||
|
||||
COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
|
||||
COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
|
||||
|
||||
-PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-solaris.o port-tun.o port-uw.o
|
||||
+PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-linux-prng.o port-solaris.o port-tun.o port-uw.o
|
||||
|
||||
.c.o:
|
||||
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
|
||||
diff -up openssh-5.9p0/openbsd-compat/port-linux-prng.c.entropy openssh-5.9p0/openbsd-compat/port-linux-prng.c
|
||||
--- openssh-5.9p0/openbsd-compat/port-linux-prng.c.entropy 2011-08-31 13:21:05.382024083 +0200
|
||||
+++ openssh-5.9p0/openbsd-compat/port-linux-prng.c 2011-08-31 13:21:05.386024776 +0200
|
||||
diff -up openssh-6.0p1/openbsd-compat/port-linux-prng.c.entropy openssh-6.0p1/openbsd-compat/port-linux-prng.c
|
||||
--- openssh-6.0p1/openbsd-compat/port-linux-prng.c.entropy 2012-08-06 20:51:59.171033257 +0200
|
||||
+++ openssh-6.0p1/openbsd-compat/port-linux-prng.c 2012-08-06 20:51:59.171033257 +0200
|
||||
@@ -0,0 +1,59 @@
|
||||
+/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
|
||||
+
|
||||
@ -86,10 +86,37 @@ diff -up openssh-5.9p0/openbsd-compat/port-linux-prng.c.entropy openssh-5.9p0/op
|
||||
+ fatal ("EOF reading %s", random);
|
||||
+ }
|
||||
+}
|
||||
diff -up openssh-5.9p0/ssh-add.1.entropy openssh-5.9p0/ssh-add.1
|
||||
--- openssh-5.9p0/ssh-add.1.entropy 2010-11-05 00:20:14.000000000 +0100
|
||||
+++ openssh-5.9p0/ssh-add.1 2011-08-31 13:21:05.597122030 +0200
|
||||
@@ -158,6 +158,20 @@ Identifies the path of a
|
||||
diff -up openssh-6.0p1/ssh.1.entropy openssh-6.0p1/ssh.1
|
||||
--- openssh-6.0p1/ssh.1.entropy 2012-08-06 20:51:59.139033382 +0200
|
||||
+++ openssh-6.0p1/ssh.1 2012-08-06 20:51:59.174033245 +0200
|
||||
@@ -1269,6 +1269,23 @@ For more information, see the
|
||||
.Cm PermitUserEnvironment
|
||||
option in
|
||||
.Xr sshd_config 5 .
|
||||
+.Sh ENVIRONMENT
|
||||
+.Bl -tag -width Ds -compact
|
||||
+.It Ev SSH_USE_STRONG_RNG
|
||||
+The reseeding of the OpenSSL random generator is usually done from
|
||||
+.Cm /dev/urandom .
|
||||
+If the
|
||||
+.Cm SSH_USE_STRONG_RNG
|
||||
+environment variable is set to value other than
|
||||
+.Cm 0
|
||||
+the OpenSSL random generator is reseeded from
|
||||
+.Cm /dev/random .
|
||||
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
|
||||
+Minimum is 6 bytes.
|
||||
+This setting is not recommended on the computers without the hardware
|
||||
+random generator because insufficient entropy causes the connection to
|
||||
+be blocked until enough entropy is available.
|
||||
+.El
|
||||
.Sh FILES
|
||||
.Bl -tag -width Ds -compact
|
||||
.It Pa ~/.rhosts
|
||||
diff -up openssh-6.0p1/ssh-add.1.entropy openssh-6.0p1/ssh-add.1
|
||||
--- openssh-6.0p1/ssh-add.1.entropy 2011-10-18 07:06:33.000000000 +0200
|
||||
+++ openssh-6.0p1/ssh-add.1 2012-08-06 20:51:59.172033253 +0200
|
||||
@@ -161,6 +161,20 @@ Identifies the path of a
|
||||
.Ux Ns -domain
|
||||
socket used to communicate with the agent.
|
||||
.El
|
||||
@ -110,9 +137,9 @@ diff -up openssh-5.9p0/ssh-add.1.entropy openssh-5.9p0/ssh-add.1
|
||||
.Sh FILES
|
||||
.Bl -tag -width Ds
|
||||
.It Pa ~/.ssh/identity
|
||||
diff -up openssh-5.9p0/ssh-agent.1.entropy openssh-5.9p0/ssh-agent.1
|
||||
--- openssh-5.9p0/ssh-agent.1.entropy 2010-12-01 01:50:35.000000000 +0100
|
||||
+++ openssh-5.9p0/ssh-agent.1 2011-08-31 13:21:05.735150196 +0200
|
||||
diff -up openssh-6.0p1/ssh-agent.1.entropy openssh-6.0p1/ssh-agent.1
|
||||
--- openssh-6.0p1/ssh-agent.1.entropy 2010-12-01 01:50:35.000000000 +0100
|
||||
+++ openssh-6.0p1/ssh-agent.1 2012-08-06 20:51:59.172033253 +0200
|
||||
@@ -198,6 +198,24 @@ sockets used to contain the connection t
|
||||
These sockets should only be readable by the owner.
|
||||
The sockets should get automatically removed when the agent exits.
|
||||
@ -138,10 +165,38 @@ diff -up openssh-5.9p0/ssh-agent.1.entropy openssh-5.9p0/ssh-agent.1
|
||||
.Sh SEE ALSO
|
||||
.Xr ssh 1 ,
|
||||
.Xr ssh-add 1 ,
|
||||
diff -up openssh-5.9p0/ssh-keygen.1.entropy openssh-5.9p0/ssh-keygen.1
|
||||
--- openssh-5.9p0/ssh-keygen.1.entropy 2011-08-31 13:20:59.200212619 +0200
|
||||
+++ openssh-5.9p0/ssh-keygen.1 2011-08-31 13:21:06.077150115 +0200
|
||||
@@ -669,6 +669,24 @@ Contains Diffie-Hellman groups used for
|
||||
diff -up openssh-6.0p1/sshd.8.entropy openssh-6.0p1/sshd.8
|
||||
--- openssh-6.0p1/sshd.8.entropy 2012-08-06 20:51:59.139033382 +0200
|
||||
+++ openssh-6.0p1/sshd.8 2012-08-06 20:51:59.174033245 +0200
|
||||
@@ -943,6 +943,24 @@ concurrently for different ports, this c
|
||||
started last).
|
||||
The content of this file is not sensitive; it can be world-readable.
|
||||
.El
|
||||
+.Sh ENVIRONMENT
|
||||
+.Bl -tag -width Ds -compact
|
||||
+.Pp
|
||||
+.It Pa SSH_USE_STRONG_RNG
|
||||
+The reseeding of the OpenSSL random generator is usually done from
|
||||
+.Cm /dev/urandom .
|
||||
+If the
|
||||
+.Cm SSH_USE_STRONG_RNG
|
||||
+environment variable is set to value other than
|
||||
+.Cm 0
|
||||
+the OpenSSL random generator is reseeded from
|
||||
+.Cm /dev/random .
|
||||
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
|
||||
+Minimum is 6 bytes.
|
||||
+This setting is not recommended on the computers without the hardware
|
||||
+random generator because insufficient entropy causes the connection to
|
||||
+be blocked until enough entropy is available.
|
||||
+.El
|
||||
.Sh IPV6
|
||||
IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
|
||||
.Sh SEE ALSO
|
||||
diff -up openssh-6.0p1/ssh-keygen.1.entropy openssh-6.0p1/ssh-keygen.1
|
||||
--- openssh-6.0p1/ssh-keygen.1.entropy 2011-10-18 07:05:21.000000000 +0200
|
||||
+++ openssh-6.0p1/ssh-keygen.1 2012-08-06 20:51:59.173033249 +0200
|
||||
@@ -675,6 +675,24 @@ Contains Diffie-Hellman groups used for
|
||||
The file format is described in
|
||||
.Xr moduli 5 .
|
||||
.El
|
||||
@ -166,9 +221,9 @@ diff -up openssh-5.9p0/ssh-keygen.1.entropy openssh-5.9p0/ssh-keygen.1
|
||||
.Sh SEE ALSO
|
||||
.Xr ssh 1 ,
|
||||
.Xr ssh-add 1 ,
|
||||
diff -up openssh-5.9p0/ssh-keysign.8.entropy openssh-5.9p0/ssh-keysign.8
|
||||
--- openssh-5.9p0/ssh-keysign.8.entropy 2010-08-31 14:41:14.000000000 +0200
|
||||
+++ openssh-5.9p0/ssh-keysign.8 2011-08-31 13:21:06.207024356 +0200
|
||||
diff -up openssh-6.0p1/ssh-keysign.8.entropy openssh-6.0p1/ssh-keysign.8
|
||||
--- openssh-6.0p1/ssh-keysign.8.entropy 2010-08-31 14:41:14.000000000 +0200
|
||||
+++ openssh-6.0p1/ssh-keysign.8 2012-08-06 20:51:59.173033249 +0200
|
||||
@@ -78,6 +78,24 @@ must be set-uid root if host-based authe
|
||||
If these files exist they are assumed to contain public certificate
|
||||
information corresponding with the private keys above.
|
||||
@ -194,58 +249,3 @@ diff -up openssh-5.9p0/ssh-keysign.8.entropy openssh-5.9p0/ssh-keysign.8
|
||||
.Sh SEE ALSO
|
||||
.Xr ssh 1 ,
|
||||
.Xr ssh-keygen 1 ,
|
||||
diff -up openssh-5.9p0/ssh.1.entropy openssh-5.9p0/ssh.1
|
||||
--- openssh-5.9p0/ssh.1.entropy 2011-08-31 13:21:00.835103535 +0200
|
||||
+++ openssh-5.9p0/ssh.1 2011-08-31 13:21:05.482032754 +0200
|
||||
@@ -1255,6 +1255,23 @@ For more information, see the
|
||||
.Cm PermitUserEnvironment
|
||||
option in
|
||||
.Xr sshd_config 5 .
|
||||
+.Sh ENVIRONMENT
|
||||
+.Bl -tag -width Ds -compact
|
||||
+.It Ev SSH_USE_STRONG_RNG
|
||||
+The reseeding of the OpenSSL random generator is usually done from
|
||||
+.Cm /dev/urandom .
|
||||
+If the
|
||||
+.Cm SSH_USE_STRONG_RNG
|
||||
+environment variable is set to value other than
|
||||
+.Cm 0
|
||||
+the OpenSSL random generator is reseeded from
|
||||
+.Cm /dev/random .
|
||||
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
|
||||
+Minimum is 6 bytes.
|
||||
+This setting is not recommended on the computers without the hardware
|
||||
+random generator because insufficient entropy causes the connection to
|
||||
+be blocked until enough entropy is available.
|
||||
+.El
|
||||
.Sh FILES
|
||||
.Bl -tag -width Ds -compact
|
||||
.It Pa ~/.rhosts
|
||||
diff -up openssh-5.9p0/sshd.8.entropy openssh-5.9p0/sshd.8
|
||||
--- openssh-5.9p0/sshd.8.entropy 2011-08-31 13:21:00.000000000 +0200
|
||||
+++ openssh-5.9p0/sshd.8 2011-08-31 13:46:27.341025537 +0200
|
||||
@@ -940,6 +940,24 @@ concurrently for different ports, this c
|
||||
started last).
|
||||
The content of this file is not sensitive; it can be world-readable.
|
||||
.El
|
||||
+.Sh ENVIRONMENT
|
||||
+.Bl -tag -width Ds -compact
|
||||
+.Pp
|
||||
+.It Pa SSH_USE_STRONG_RNG
|
||||
+The reseeding of the OpenSSL random generator is usually done from
|
||||
+.Cm /dev/urandom .
|
||||
+If the
|
||||
+.Cm SSH_USE_STRONG_RNG
|
||||
+environment variable is set to value other than
|
||||
+.Cm 0
|
||||
+the OpenSSL random generator is reseeded from
|
||||
+.Cm /dev/random .
|
||||
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
|
||||
+Minimum is 6 bytes.
|
||||
+This setting is not recommended on the computers without the hardware
|
||||
+random generator because insufficient entropy causes the connection to
|
||||
+be blocked until enough entropy is available.
|
||||
+.El
|
||||
.Sh IPV6
|
||||
IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
|
||||
.Sh SEE ALSO
|
File diff suppressed because it is too large
Load Diff
934
openssh-6.0p1-role-mls.patch
Normal file
934
openssh-6.0p1-role-mls.patch
Normal file
@ -0,0 +1,934 @@
|
||||
diff -up openssh-6.0p1/auth.h.role-mls openssh-6.0p1/auth.h
|
||||
--- openssh-6.0p1/auth.h.role-mls 2012-06-24 16:57:17.540262700 +0200
|
||||
+++ openssh-6.0p1/auth.h 2012-06-24 16:49:35.802071204 +0200
|
||||
@@ -59,6 +59,9 @@ struct Authctxt {
|
||||
char *service;
|
||||
struct passwd *pw; /* set if 'valid' */
|
||||
char *style;
|
||||
+#ifdef WITH_SELINUX
|
||||
+ char *role;
|
||||
+#endif
|
||||
void *kbdintctxt;
|
||||
void *jpake_ctx;
|
||||
#ifdef BSD_AUTH
|
||||
diff -up openssh-6.0p1/auth-pam.c.role-mls openssh-6.0p1/auth-pam.c
|
||||
--- openssh-6.0p1/auth-pam.c.role-mls 2012-06-24 16:57:17.532262382 +0200
|
||||
+++ openssh-6.0p1/auth-pam.c 2012-06-24 16:49:35.803071166 +0200
|
||||
@@ -1074,7 +1074,7 @@ is_pam_session_open(void)
|
||||
* during the ssh authentication process.
|
||||
*/
|
||||
int
|
||||
-do_pam_putenv(char *name, char *value)
|
||||
+do_pam_putenv(char *name, const char *value)
|
||||
{
|
||||
int ret = 1;
|
||||
#ifdef HAVE_PAM_PUTENV
|
||||
diff -up openssh-6.0p1/auth-pam.h.role-mls openssh-6.0p1/auth-pam.h
|
||||
--- openssh-6.0p1/auth-pam.h.role-mls 2012-06-24 16:57:17.515261702 +0200
|
||||
+++ openssh-6.0p1/auth-pam.h 2012-06-24 16:49:35.804071128 +0200
|
||||
@@ -38,7 +38,7 @@ void do_pam_session(void);
|
||||
void do_pam_set_tty(const char *);
|
||||
void do_pam_setcred(int );
|
||||
void do_pam_chauthtok(void);
|
||||
-int do_pam_putenv(char *, char *);
|
||||
+int do_pam_putenv(char *, const char *);
|
||||
char ** fetch_pam_environment(void);
|
||||
char ** fetch_pam_child_environment(void);
|
||||
void free_pam_environment(char **);
|
||||
diff -up openssh-6.0p1/auth1.c.role-mls openssh-6.0p1/auth1.c
|
||||
--- openssh-6.0p1/auth1.c.role-mls 2012-06-24 16:57:17.505261305 +0200
|
||||
+++ openssh-6.0p1/auth1.c 2012-06-24 16:49:35.805071090 +0200
|
||||
@@ -468,6 +468,9 @@ do_authentication(Authctxt *authctxt)
|
||||
{
|
||||
u_int ulen;
|
||||
char *user, *style = NULL;
|
||||
+#ifdef WITH_SELINUX
|
||||
+ char *role=NULL;
|
||||
+#endif
|
||||
|
||||
/* Get the name of the user that we wish to log in as. */
|
||||
packet_read_expect(SSH_CMSG_USER);
|
||||
@@ -476,11 +479,24 @@ do_authentication(Authctxt *authctxt)
|
||||
user = packet_get_cstring(&ulen);
|
||||
packet_check_eom();
|
||||
|
||||
+#ifdef WITH_SELINUX
|
||||
+ if ((role = strchr(user, '/')) != NULL)
|
||||
+ *role++ = '\0';
|
||||
+#endif
|
||||
+
|
||||
if ((style = strchr(user, ':')) != NULL)
|
||||
*style++ = '\0';
|
||||
+#ifdef WITH_SELINUX
|
||||
+ else
|
||||
+ if (role && (style = strchr(role, ':')) != NULL)
|
||||
+ *style++ = '\0';
|
||||
+#endif
|
||||
|
||||
authctxt->user = user;
|
||||
authctxt->style = style;
|
||||
+#ifdef WITH_SELINUX
|
||||
+ authctxt->role = role;
|
||||
+#endif
|
||||
|
||||
/* Verify that the user is a valid user. */
|
||||
if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
|
||||
diff -up openssh-6.0p1/auth2.c.role-mls openssh-6.0p1/auth2.c
|
||||
--- openssh-6.0p1/auth2.c.role-mls 2012-06-24 16:57:17.507261384 +0200
|
||||
+++ openssh-6.0p1/auth2.c 2012-06-24 16:49:35.806071052 +0200
|
||||
@@ -216,6 +216,9 @@ input_userauth_request(int type, u_int32
|
||||
Authctxt *authctxt = ctxt;
|
||||
Authmethod *m = NULL;
|
||||
char *user, *service, *method, *active_methods, *style = NULL;
|
||||
+#ifdef WITH_SELINUX
|
||||
+ char *role = NULL;
|
||||
+#endif
|
||||
int authenticated = 0;
|
||||
|
||||
if (authctxt == NULL)
|
||||
@@ -227,6 +230,11 @@ input_userauth_request(int type, u_int32
|
||||
debug("userauth-request for user %s service %s method %s", user, service, method);
|
||||
debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
|
||||
|
||||
+#ifdef WITH_SELINUX
|
||||
+ if ((role = strchr(user, '/')) != NULL)
|
||||
+ *role++ = 0;
|
||||
+#endif
|
||||
+
|
||||
if ((style = strchr(user, ':')) != NULL)
|
||||
*style++ = 0;
|
||||
|
||||
@@ -249,8 +257,15 @@ input_userauth_request(int type, u_int32
|
||||
use_privsep ? " [net]" : "");
|
||||
authctxt->service = xstrdup(service);
|
||||
authctxt->style = style ? xstrdup(style) : NULL;
|
||||
- if (use_privsep)
|
||||
+#ifdef WITH_SELINUX
|
||||
+ authctxt->role = role ? xstrdup(role) : NULL;
|
||||
+#endif
|
||||
+ if (use_privsep) {
|
||||
mm_inform_authserv(service, style);
|
||||
+#ifdef WITH_SELINUX
|
||||
+ mm_inform_authrole(role);
|
||||
+#endif
|
||||
+ }
|
||||
userauth_banner();
|
||||
} else if (strcmp(user, authctxt->user) != 0 ||
|
||||
strcmp(service, authctxt->service) != 0) {
|
||||
diff -up openssh-6.0p1/auth2-gss.c.role-mls openssh-6.0p1/auth2-gss.c
|
||||
--- openssh-6.0p1/auth2-gss.c.role-mls 2012-06-24 16:57:17.522261982 +0200
|
||||
+++ openssh-6.0p1/auth2-gss.c 2012-06-24 16:49:35.806071052 +0200
|
||||
@@ -260,6 +260,7 @@ input_gssapi_mic(int type, u_int32_t ple
|
||||
Authctxt *authctxt = ctxt;
|
||||
Gssctxt *gssctxt;
|
||||
int authenticated = 0;
|
||||
+ char *micuser;
|
||||
Buffer b;
|
||||
gss_buffer_desc mic, gssbuf;
|
||||
u_int len;
|
||||
@@ -272,7 +273,13 @@ input_gssapi_mic(int type, u_int32_t ple
|
||||
mic.value = packet_get_string(&len);
|
||||
mic.length = len;
|
||||
|
||||
- ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
|
||||
+#ifdef WITH_SELINUX
|
||||
+ if (authctxt->role && (strlen(authctxt->role) > 0))
|
||||
+ xasprintf(&micuser, "%s/%s", authctxt->user, authctxt->role);
|
||||
+ else
|
||||
+#endif
|
||||
+ micuser = authctxt->user;
|
||||
+ ssh_gssapi_buildmic(&b, micuser, authctxt->service,
|
||||
"gssapi-with-mic");
|
||||
|
||||
gssbuf.value = buffer_ptr(&b);
|
||||
@@ -284,6 +291,8 @@ input_gssapi_mic(int type, u_int32_t ple
|
||||
logit("GSSAPI MIC check failed");
|
||||
|
||||
buffer_free(&b);
|
||||
+ if (micuser != authctxt->user)
|
||||
+ xfree(micuser);
|
||||
xfree(mic.value);
|
||||
|
||||
authctxt->postponed = 0;
|
||||
diff -up openssh-6.0p1/auth2-hostbased.c.role-mls openssh-6.0p1/auth2-hostbased.c
|
||||
--- openssh-6.0p1/auth2-hostbased.c.role-mls 2012-06-24 16:57:17.535262501 +0200
|
||||
+++ openssh-6.0p1/auth2-hostbased.c 2012-06-24 16:49:35.807071014 +0200
|
||||
@@ -106,7 +106,15 @@ userauth_hostbased(Authctxt *authctxt)
|
||||
buffer_put_string(&b, session_id2, session_id2_len);
|
||||
/* reconstruct packet */
|
||||
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
|
||||
- buffer_put_cstring(&b, authctxt->user);
|
||||
+#ifdef WITH_SELINUX
|
||||
+ if (authctxt->role) {
|
||||
+ buffer_put_int(&b, strlen(authctxt->user)+strlen(authctxt->role)+1);
|
||||
+ buffer_append(&b, authctxt->user, strlen(authctxt->user));
|
||||
+ buffer_put_char(&b, '/');
|
||||
+ buffer_append(&b, authctxt->role, strlen(authctxt->role));
|
||||
+ } else
|
||||
+#endif
|
||||
+ buffer_put_cstring(&b, authctxt->user);
|
||||
buffer_put_cstring(&b, service);
|
||||
buffer_put_cstring(&b, "hostbased");
|
||||
buffer_put_string(&b, pkalg, alen);
|
||||
diff -up openssh-6.0p1/auth2-pubkey.c.role-mls openssh-6.0p1/auth2-pubkey.c
|
||||
--- openssh-6.0p1/auth2-pubkey.c.role-mls 2012-06-24 16:57:17.517261782 +0200
|
||||
+++ openssh-6.0p1/auth2-pubkey.c 2012-06-24 16:49:35.807071014 +0200
|
||||
@@ -121,7 +121,15 @@ userauth_pubkey(Authctxt *authctxt)
|
||||
}
|
||||
/* reconstruct packet */
|
||||
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
|
||||
- buffer_put_cstring(&b, authctxt->user);
|
||||
+#ifdef WITH_SELINUX
|
||||
+ if (authctxt->role) {
|
||||
+ buffer_put_int(&b, strlen(authctxt->user)+strlen(authctxt->role)+1);
|
||||
+ buffer_append(&b, authctxt->user, strlen(authctxt->user));
|
||||
+ buffer_put_char(&b, '/');
|
||||
+ buffer_append(&b, authctxt->role, strlen(authctxt->role));
|
||||
+ } else
|
||||
+#endif
|
||||
+ buffer_put_cstring(&b, authctxt->user);
|
||||
buffer_put_cstring(&b,
|
||||
datafellows & SSH_BUG_PKSERVICE ?
|
||||
"ssh-userauth" :
|
||||
diff -up openssh-6.0p1/misc.c.role-mls openssh-6.0p1/misc.c
|
||||
--- openssh-6.0p1/misc.c.role-mls 2012-06-24 17:02:27.116348979 +0200
|
||||
+++ openssh-6.0p1/misc.c 2012-06-24 16:58:09.631883672 +0200
|
||||
@@ -427,6 +427,7 @@ char *
|
||||
colon(char *cp)
|
||||
{
|
||||
int flag = 0;
|
||||
+ int start = 1;
|
||||
|
||||
if (*cp == ':') /* Leading colon is part of file name. */
|
||||
return NULL;
|
||||
@@ -442,6 +443,13 @@ colon(char *cp)
|
||||
return (cp);
|
||||
if (*cp == '/')
|
||||
return NULL;
|
||||
+ if (start) {
|
||||
+ /* Slash on beginning or after dots only denotes file name. */
|
||||
+ if (*cp == '/')
|
||||
+ return (0);
|
||||
+ if (*cp != '.')
|
||||
+ start = 0;
|
||||
+ }
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
diff -up openssh-6.0p1/monitor.c.role-mls openssh-6.0p1/monitor.c
|
||||
--- openssh-6.0p1/monitor.c.role-mls 2012-06-24 16:57:17.510261504 +0200
|
||||
+++ openssh-6.0p1/monitor.c 2012-06-24 16:49:35.809070938 +0200
|
||||
@@ -148,6 +148,9 @@ int mm_answer_sign(int, Buffer *);
|
||||
int mm_answer_pwnamallow(int, Buffer *);
|
||||
int mm_answer_auth2_read_banner(int, Buffer *);
|
||||
int mm_answer_authserv(int, Buffer *);
|
||||
+#ifdef WITH_SELINUX
|
||||
+int mm_answer_authrole(int, Buffer *);
|
||||
+#endif
|
||||
int mm_answer_authpassword(int, Buffer *);
|
||||
int mm_answer_bsdauthquery(int, Buffer *);
|
||||
int mm_answer_bsdauthrespond(int, Buffer *);
|
||||
@@ -232,6 +235,9 @@ struct mon_table mon_dispatch_proto20[]
|
||||
{MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
|
||||
{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
|
||||
{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
|
||||
+#ifdef WITH_SELINUX
|
||||
+ {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole},
|
||||
+#endif
|
||||
{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
|
||||
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
|
||||
#ifdef USE_PAM
|
||||
@@ -835,6 +841,9 @@ mm_answer_pwnamallow(int sock, Buffer *m
|
||||
else {
|
||||
/* Allow service/style information on the auth context */
|
||||
monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
|
||||
+#ifdef WITH_SELINUX
|
||||
+ monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
|
||||
+#endif
|
||||
monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
|
||||
}
|
||||
#ifdef USE_PAM
|
||||
@@ -878,6 +887,25 @@ mm_answer_authserv(int sock, Buffer *m)
|
||||
return (0);
|
||||
}
|
||||
|
||||
+#ifdef WITH_SELINUX
|
||||
+int
|
||||
+mm_answer_authrole(int sock, Buffer *m)
|
||||
+{
|
||||
+ monitor_permit_authentications(1);
|
||||
+
|
||||
+ authctxt->role = buffer_get_string(m, NULL);
|
||||
+ debug3("%s: role=%s",
|
||||
+ __func__, authctxt->role);
|
||||
+
|
||||
+ if (strlen(authctxt->role) == 0) {
|
||||
+ xfree(authctxt->role);
|
||||
+ authctxt->role = NULL;
|
||||
+ }
|
||||
+
|
||||
+ return (0);
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
int
|
||||
mm_answer_authpassword(int sock, Buffer *m)
|
||||
{
|
||||
@@ -1254,7 +1282,7 @@ static int
|
||||
monitor_valid_userblob(u_char *data, u_int datalen)
|
||||
{
|
||||
Buffer b;
|
||||
- char *p;
|
||||
+ char *p, *r;
|
||||
u_int len;
|
||||
int fail = 0;
|
||||
|
||||
@@ -1280,6 +1308,8 @@ monitor_valid_userblob(u_char *data, u_i
|
||||
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
|
||||
fail++;
|
||||
p = buffer_get_string(&b, NULL);
|
||||
+ if ((r = strchr(p, '/')) != NULL)
|
||||
+ *r = '\0';
|
||||
if (strcmp(authctxt->user, p) != 0) {
|
||||
logit("wrong user name passed to monitor: expected %s != %.100s",
|
||||
authctxt->user, p);
|
||||
@@ -1311,7 +1341,7 @@ monitor_valid_hostbasedblob(u_char *data
|
||||
char *chost)
|
||||
{
|
||||
Buffer b;
|
||||
- char *p;
|
||||
+ char *p, *r;
|
||||
u_int len;
|
||||
int fail = 0;
|
||||
|
||||
@@ -1328,6 +1358,8 @@ monitor_valid_hostbasedblob(u_char *data
|
||||
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
|
||||
fail++;
|
||||
p = buffer_get_string(&b, NULL);
|
||||
+ if ((r = strchr(p, '/')) != NULL)
|
||||
+ *r = '\0';
|
||||
if (strcmp(authctxt->user, p) != 0) {
|
||||
logit("wrong user name passed to monitor: expected %s != %.100s",
|
||||
authctxt->user, p);
|
||||
diff -up openssh-6.0p1/monitor.h.role-mls openssh-6.0p1/monitor.h
|
||||
--- openssh-6.0p1/monitor.h.role-mls 2012-06-24 16:57:17.520261902 +0200
|
||||
+++ openssh-6.0p1/monitor.h 2012-06-24 16:49:35.809070938 +0200
|
||||
@@ -31,6 +31,9 @@
|
||||
enum monitor_reqtype {
|
||||
MONITOR_REQ_MODULI, MONITOR_ANS_MODULI,
|
||||
MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV,
|
||||
+#ifdef WITH_SELINUX
|
||||
+ MONITOR_REQ_AUTHROLE,
|
||||
+#endif
|
||||
MONITOR_REQ_SIGN, MONITOR_ANS_SIGN,
|
||||
MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM,
|
||||
MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER,
|
||||
diff -up openssh-6.0p1/monitor_wrap.c.role-mls openssh-6.0p1/monitor_wrap.c
|
||||
--- openssh-6.0p1/monitor_wrap.c.role-mls 2012-06-24 16:57:17.537262580 +0200
|
||||
+++ openssh-6.0p1/monitor_wrap.c 2012-06-24 16:49:35.810070900 +0200
|
||||
@@ -336,6 +336,25 @@ mm_inform_authserv(char *service, char *
|
||||
buffer_free(&m);
|
||||
}
|
||||
|
||||
+/* Inform the privileged process about role */
|
||||
+
|
||||
+#ifdef WITH_SELINUX
|
||||
+void
|
||||
+mm_inform_authrole(char *role)
|
||||
+{
|
||||
+ Buffer m;
|
||||
+
|
||||
+ debug3("%s entering", __func__);
|
||||
+
|
||||
+ buffer_init(&m);
|
||||
+ buffer_put_cstring(&m, role ? role : "");
|
||||
+
|
||||
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, &m);
|
||||
+
|
||||
+ buffer_free(&m);
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
/* Do the password authentication */
|
||||
int
|
||||
mm_auth_password(Authctxt *authctxt, char *password)
|
||||
diff -up openssh-6.0p1/monitor_wrap.h.role-mls openssh-6.0p1/monitor_wrap.h
|
||||
--- openssh-6.0p1/monitor_wrap.h.role-mls 2012-06-24 16:57:17.513261623 +0200
|
||||
+++ openssh-6.0p1/monitor_wrap.h 2012-06-24 16:49:35.811070862 +0200
|
||||
@@ -42,6 +42,9 @@ int mm_is_monitor(void);
|
||||
DH *mm_choose_dh(int, int, int);
|
||||
int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);
|
||||
void mm_inform_authserv(char *, char *);
|
||||
+#ifdef WITH_SELINUX
|
||||
+void mm_inform_authrole(char *);
|
||||
+#endif
|
||||
struct passwd *mm_getpwnamallow(const char *);
|
||||
char *mm_auth2_read_banner(void);
|
||||
int mm_auth_password(struct Authctxt *, char *);
|
||||
diff -up openssh-6.0p1/openbsd-compat/Makefile.in.role-mls openssh-6.0p1/openbsd-compat/Makefile.in
|
||||
--- openssh-6.0p1/openbsd-compat/Makefile.in.role-mls 2012-06-24 16:57:17.525262102 +0200
|
||||
+++ openssh-6.0p1/openbsd-compat/Makefile.in 2012-06-24 16:51:38.087889399 +0200
|
||||
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport
|
||||
|
||||
COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
|
||||
|
||||
-PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
|
||||
+PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-solaris.o port-tun.o port-uw.o
|
||||
|
||||
.c.o:
|
||||
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
|
||||
diff -up openssh-6.0p1/openbsd-compat/port-linux.c.role-mls openssh-6.0p1/openbsd-compat/port-linux.c
|
||||
--- openssh-6.0p1/openbsd-compat/port-linux.c.role-mls 2012-06-24 16:57:17.527262182 +0200
|
||||
+++ openssh-6.0p1/openbsd-compat/port-linux.c 2012-06-24 17:00:55.621978528 +0200
|
||||
@@ -31,68 +31,271 @@
|
||||
|
||||
#include "log.h"
|
||||
#include "xmalloc.h"
|
||||
+#include "servconf.h"
|
||||
#include "port-linux.h"
|
||||
+#include "key.h"
|
||||
+#include "hostfile.h"
|
||||
+#include "auth.h"
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
#include <selinux/selinux.h>
|
||||
#include <selinux/flask.h>
|
||||
+#include <selinux/context.h>
|
||||
#include <selinux/get_context_list.h>
|
||||
+#include <selinux/get_default_type.h>
|
||||
+#include <selinux/av_permissions.h>
|
||||
+
|
||||
+#ifdef HAVE_LINUX_AUDIT
|
||||
+#include <libaudit.h>
|
||||
+#include <unistd.h>
|
||||
+#endif
|
||||
|
||||
#ifndef SSH_SELINUX_UNCONFINED_TYPE
|
||||
# define SSH_SELINUX_UNCONFINED_TYPE ":unconfined_t:"
|
||||
#endif
|
||||
|
||||
-/* Wrapper around is_selinux_enabled() to log its return value once only */
|
||||
-int
|
||||
-ssh_selinux_enabled(void)
|
||||
+extern ServerOptions options;
|
||||
+extern Authctxt *the_authctxt;
|
||||
+extern int inetd_flag;
|
||||
+extern int rexeced_flag;
|
||||
+
|
||||
+/* Send audit message */
|
||||
+static int
|
||||
+send_audit_message(int success, security_context_t default_context,
|
||||
+ security_context_t selected_context)
|
||||
+{
|
||||
+ int rc=0;
|
||||
+#ifdef HAVE_LINUX_AUDIT
|
||||
+ char *msg = NULL;
|
||||
+ int audit_fd = audit_open();
|
||||
+ security_context_t default_raw=NULL;
|
||||
+ security_context_t selected_raw=NULL;
|
||||
+ rc = -1;
|
||||
+ if (audit_fd < 0) {
|
||||
+ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
|
||||
+ errno == EAFNOSUPPORT)
|
||||
+ return 0; /* No audit support in kernel */
|
||||
+ error("Error connecting to audit system.");
|
||||
+ return rc;
|
||||
+ }
|
||||
+ if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) {
|
||||
+ error("Error translating default context.");
|
||||
+ default_raw = NULL;
|
||||
+ }
|
||||
+ if (selinux_trans_to_raw_context(selected_context, &selected_raw) < 0) {
|
||||
+ error("Error translating selected context.");
|
||||
+ selected_raw = NULL;
|
||||
+ }
|
||||
+ if (asprintf(&msg, "sshd: default-context=%s selected-context=%s",
|
||||
+ default_raw ? default_raw : (default_context ? default_context: "?"),
|
||||
+ selected_context ? selected_raw : (selected_context ? selected_context :"?")) < 0) {
|
||||
+ error("Error allocating memory.");
|
||||
+ goto out;
|
||||
+ }
|
||||
+ if (audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
|
||||
+ msg, NULL, NULL, NULL, success) <= 0) {
|
||||
+ error("Error sending audit message.");
|
||||
+ goto out;
|
||||
+ }
|
||||
+ rc = 0;
|
||||
+ out:
|
||||
+ free(msg);
|
||||
+ freecon(default_raw);
|
||||
+ freecon(selected_raw);
|
||||
+ close(audit_fd);
|
||||
+#endif
|
||||
+ return rc;
|
||||
+}
|
||||
+
|
||||
+static int
|
||||
+mls_range_allowed(security_context_t src, security_context_t dst)
|
||||
{
|
||||
- static int enabled = -1;
|
||||
+ struct av_decision avd;
|
||||
+ int retval;
|
||||
+ unsigned int bit = CONTEXT__CONTAINS;
|
||||
+
|
||||
+ debug("%s: src:%s dst:%s", __func__, src, dst);
|
||||
+ retval = security_compute_av(src, dst, SECCLASS_CONTEXT, bit, &avd);
|
||||
+ if (retval || ((bit & avd.allowed) != bit))
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+static int
|
||||
+get_user_context(const char *sename, const char *role, const char *lvl,
|
||||
+ security_context_t *sc) {
|
||||
+#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
|
||||
+ if (lvl == NULL || lvl[0] == '\0' || get_default_context_with_level(sename, lvl, NULL, sc) != 0) {
|
||||
+ /* User may have requested a level completely outside of his
|
||||
+ allowed range. We get a context just for auditing as the
|
||||
+ range check below will certainly fail for default context. */
|
||||
+#endif
|
||||
+ if (get_default_context(sename, NULL, sc) != 0) {
|
||||
+ *sc = NULL;
|
||||
+ return -1;
|
||||
+ }
|
||||
+#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
|
||||
+ }
|
||||
+#endif
|
||||
+ if (role != NULL && role[0]) {
|
||||
+ context_t con;
|
||||
+ char *type=NULL;
|
||||
+ if (get_default_type(role, &type) != 0) {
|
||||
+ error("get_default_type: failed to get default type for '%s'",
|
||||
+ role);
|
||||
+ goto out;
|
||||
+ }
|
||||
+ con = context_new(*sc);
|
||||
+ if (!con) {
|
||||
+ goto out;
|
||||
+ }
|
||||
+ context_role_set(con, role);
|
||||
+ context_type_set(con, type);
|
||||
+ freecon(*sc);
|
||||
+ *sc = strdup(context_str(con));
|
||||
+ context_free(con);
|
||||
+ if (!*sc)
|
||||
+ return -1;
|
||||
+ }
|
||||
+#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
|
||||
+ if (lvl != NULL && lvl[0]) {
|
||||
+ /* verify that the requested range is obtained */
|
||||
+ context_t con;
|
||||
+ security_context_t obtained_raw;
|
||||
+ security_context_t requested_raw;
|
||||
+ con = context_new(*sc);
|
||||
+ if (!con) {
|
||||
+ goto out;
|
||||
+ }
|
||||
+ context_range_set(con, lvl);
|
||||
+ if (selinux_trans_to_raw_context(*sc, &obtained_raw) < 0) {
|
||||
+ context_free(con);
|
||||
+ goto out;
|
||||
+ }
|
||||
+ if (selinux_trans_to_raw_context(context_str(con), &requested_raw) < 0) {
|
||||
+ freecon(obtained_raw);
|
||||
+ context_free(con);
|
||||
+ goto out;
|
||||
+ }
|
||||
|
||||
- if (enabled == -1) {
|
||||
- enabled = (is_selinux_enabled() == 1);
|
||||
- debug("SELinux support %s", enabled ? "enabled" : "disabled");
|
||||
+ debug("get_user_context: obtained context '%s' requested context '%s'",
|
||||
+ obtained_raw, requested_raw);
|
||||
+ if (strcmp(obtained_raw, requested_raw)) {
|
||||
+ /* set the context to the real requested one but fail */
|
||||
+ freecon(requested_raw);
|
||||
+ freecon(obtained_raw);
|
||||
+ freecon(*sc);
|
||||
+ *sc = strdup(context_str(con));
|
||||
+ context_free(con);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ freecon(requested_raw);
|
||||
+ freecon(obtained_raw);
|
||||
+ context_free(con);
|
||||
}
|
||||
+#endif
|
||||
+ return 0;
|
||||
+ out:
|
||||
+ freecon(*sc);
|
||||
+ *sc = NULL;
|
||||
+ return -1;
|
||||
+}
|
||||
|
||||
- return (enabled);
|
||||
+static void
|
||||
+ssh_selinux_get_role_level(char **role, const char **level)
|
||||
+{
|
||||
+ *role = NULL;
|
||||
+ *level = NULL;
|
||||
+ if (the_authctxt) {
|
||||
+ if (the_authctxt->role != NULL) {
|
||||
+ char *slash;
|
||||
+ *role = xstrdup(the_authctxt->role);
|
||||
+ if ((slash = strchr(*role, '/')) != NULL) {
|
||||
+ *slash = '\0';
|
||||
+ *level = slash + 1;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
|
||||
/* Return the default security context for the given username */
|
||||
static security_context_t
|
||||
-ssh_selinux_getctxbyname(char *pwname)
|
||||
+ssh_selinux_getctxbyname(char *pwname,
|
||||
+ security_context_t *default_sc, security_context_t *user_sc)
|
||||
{
|
||||
- security_context_t sc = NULL;
|
||||
- char *sename = NULL, *lvl = NULL;
|
||||
- int r;
|
||||
+ char *sename, *lvl;
|
||||
+ char *role;
|
||||
+ const char *reqlvl;
|
||||
+ int r = 0;
|
||||
+ context_t con = NULL;
|
||||
+
|
||||
+ ssh_selinux_get_role_level(&role, &reqlvl);
|
||||
|
||||
#ifdef HAVE_GETSEUSERBYNAME
|
||||
- if (getseuserbyname(pwname, &sename, &lvl) != 0)
|
||||
- return NULL;
|
||||
+ if ((r=getseuserbyname(pwname, &sename, &lvl)) != 0) {
|
||||
+ sename = NULL;
|
||||
+ lvl = NULL;
|
||||
+ }
|
||||
#else
|
||||
sename = pwname;
|
||||
- lvl = NULL;
|
||||
+ lvl = "";
|
||||
#endif
|
||||
|
||||
+ if (r == 0) {
|
||||
#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
|
||||
- r = get_default_context_with_level(sename, lvl, NULL, &sc);
|
||||
+ r = get_default_context_with_level(sename, lvl, NULL, default_sc);
|
||||
#else
|
||||
- r = get_default_context(sename, NULL, &sc);
|
||||
+ r = get_default_context(sename, NULL, default_sc);
|
||||
#endif
|
||||
+ }
|
||||
+
|
||||
+ if (r == 0) {
|
||||
+ /* If launched from xinetd, we must use current level */
|
||||
+ if (inetd_flag && !rexeced_flag) {
|
||||
+ security_context_t sshdsc=NULL;
|
||||
+
|
||||
+ if (getcon_raw(&sshdsc) < 0)
|
||||
+ fatal("failed to allocate security context");
|
||||
+
|
||||
+ if ((con=context_new(sshdsc)) == NULL)
|
||||
+ fatal("failed to allocate selinux context");
|
||||
+ reqlvl = context_range_get(con);
|
||||
+ freecon(sshdsc);
|
||||
+ if (reqlvl !=NULL && lvl != NULL && strcmp(reqlvl, lvl) == 0)
|
||||
+ /* we actually don't change level */
|
||||
+ reqlvl = "";
|
||||
+
|
||||
+ debug("%s: current connection level '%s'", __func__, reqlvl);
|
||||
|
||||
- if (r != 0) {
|
||||
- switch (security_getenforce()) {
|
||||
- case -1:
|
||||
- fatal("%s: ssh_selinux_getctxbyname: "
|
||||
- "security_getenforce() failed", __func__);
|
||||
- case 0:
|
||||
- error("%s: Failed to get default SELinux security "
|
||||
- "context for %s", __func__, pwname);
|
||||
- sc = NULL;
|
||||
- break;
|
||||
- default:
|
||||
- fatal("%s: Failed to get default SELinux security "
|
||||
- "context for %s (in enforcing mode)",
|
||||
- __func__, pwname);
|
||||
}
|
||||
+
|
||||
+ if ((reqlvl != NULL && reqlvl[0]) || (role != NULL && role[0])) {
|
||||
+ r = get_user_context(sename, role, reqlvl, user_sc);
|
||||
+
|
||||
+ if (r == 0 && reqlvl != NULL && reqlvl[0]) {
|
||||
+ security_context_t default_level_sc = *default_sc;
|
||||
+ if (role != NULL && role[0]) {
|
||||
+ if (get_user_context(sename, role, lvl, &default_level_sc) < 0)
|
||||
+ default_level_sc = *default_sc;
|
||||
+ }
|
||||
+ /* verify that the requested range is contained in the user range */
|
||||
+ if (mls_range_allowed(default_level_sc, *user_sc)) {
|
||||
+ logit("permit MLS level %s (user range %s)", reqlvl, lvl);
|
||||
+ } else {
|
||||
+ r = -1;
|
||||
+ error("deny MLS level %s (user range %s)", reqlvl, lvl);
|
||||
+ }
|
||||
+ if (default_level_sc != *default_sc)
|
||||
+ freecon(default_level_sc);
|
||||
+ }
|
||||
+ } else {
|
||||
+ *user_sc = *default_sc;
|
||||
+ }
|
||||
+ }
|
||||
+ if (r != 0) {
|
||||
+ error("%s: Failed to get default SELinux security "
|
||||
+ "context for %s", __func__, pwname);
|
||||
}
|
||||
|
||||
#ifdef HAVE_GETSEUSERBYNAME
|
||||
@@ -102,7 +305,42 @@ ssh_selinux_getctxbyname(char *pwname)
|
||||
xfree(lvl);
|
||||
#endif
|
||||
|
||||
- return sc;
|
||||
+ if (role != NULL)
|
||||
+ xfree(role);
|
||||
+ if (con)
|
||||
+ context_free(con);
|
||||
+
|
||||
+ return (r);
|
||||
+}
|
||||
+
|
||||
+/* Setup environment variables for pam_selinux */
|
||||
+static int
|
||||
+ssh_selinux_setup_pam_variables(void)
|
||||
+{
|
||||
+ const char *reqlvl;
|
||||
+ char *role;
|
||||
+ char *use_current;
|
||||
+ int rv;
|
||||
+
|
||||
+ debug3("%s: setting execution context", __func__);
|
||||
+
|
||||
+ ssh_selinux_get_role_level(&role, &reqlvl);
|
||||
+
|
||||
+ rv = do_pam_putenv("SELINUX_ROLE_REQUESTED", role ? role : "");
|
||||
+
|
||||
+ if (inetd_flag && !rexeced_flag) {
|
||||
+ use_current = "1";
|
||||
+ } else {
|
||||
+ use_current = "";
|
||||
+ rv = rv || do_pam_putenv("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: "");
|
||||
+ }
|
||||
+
|
||||
+ rv = rv || do_pam_putenv("SELINUX_USE_CURRENT_RANGE", use_current);
|
||||
+
|
||||
+ if (role != NULL)
|
||||
+ xfree(role);
|
||||
+
|
||||
+ return rv;
|
||||
}
|
||||
|
||||
/* Set the execution context to the default for the specified user */
|
||||
@@ -110,28 +348,71 @@ void
|
||||
ssh_selinux_setup_exec_context(char *pwname)
|
||||
{
|
||||
security_context_t user_ctx = NULL;
|
||||
+ int r = 0;
|
||||
+ security_context_t default_ctx = NULL;
|
||||
|
||||
if (!ssh_selinux_enabled())
|
||||
return;
|
||||
|
||||
+ if (options.use_pam) {
|
||||
+ /* do not compute context, just setup environment for pam_selinux */
|
||||
+ if (ssh_selinux_setup_pam_variables()) {
|
||||
+ switch (security_getenforce()) {
|
||||
+ case -1:
|
||||
+ fatal("%s: security_getenforce() failed", __func__);
|
||||
+ case 0:
|
||||
+ error("%s: SELinux PAM variable setup failure. Continuing in permissive mode.",
|
||||
+ __func__);
|
||||
+ break;
|
||||
+ default:
|
||||
+ fatal("%s: SELinux PAM variable setup failure. Aborting connection.",
|
||||
+ __func__);
|
||||
+ }
|
||||
+ }
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
debug3("%s: setting execution context", __func__);
|
||||
|
||||
- user_ctx = ssh_selinux_getctxbyname(pwname);
|
||||
- if (setexeccon(user_ctx) != 0) {
|
||||
+ r = ssh_selinux_getctxbyname(pwname, &default_ctx, &user_ctx);
|
||||
+ if (r >= 0) {
|
||||
+ r = setexeccon(user_ctx);
|
||||
+ if (r < 0) {
|
||||
+ error("%s: Failed to set SELinux execution context %s for %s",
|
||||
+ __func__, user_ctx, pwname);
|
||||
+ }
|
||||
+#ifdef HAVE_SETKEYCREATECON
|
||||
+ else if (setkeycreatecon(user_ctx) < 0) {
|
||||
+ error("%s: Failed to set SELinux keyring creation context %s for %s",
|
||||
+ __func__, user_ctx, pwname);
|
||||
+ }
|
||||
+#endif
|
||||
+ }
|
||||
+ if (user_ctx == NULL) {
|
||||
+ user_ctx = default_ctx;
|
||||
+ }
|
||||
+ if (r < 0 || user_ctx != default_ctx) {
|
||||
+ /* audit just the case when user changed a role or there was
|
||||
+ a failure */
|
||||
+ send_audit_message(r >= 0, default_ctx, user_ctx);
|
||||
+ }
|
||||
+ if (r < 0) {
|
||||
switch (security_getenforce()) {
|
||||
case -1:
|
||||
fatal("%s: security_getenforce() failed", __func__);
|
||||
case 0:
|
||||
- error("%s: Failed to set SELinux execution "
|
||||
- "context for %s", __func__, pwname);
|
||||
+ error("%s: SELinux failure. Continuing in permissive mode.",
|
||||
+ __func__);
|
||||
break;
|
||||
default:
|
||||
- fatal("%s: Failed to set SELinux execution context "
|
||||
- "for %s (in enforcing mode)", __func__, pwname);
|
||||
+ fatal("%s: SELinux failure. Aborting connection.",
|
||||
+ __func__);
|
||||
}
|
||||
}
|
||||
- if (user_ctx != NULL)
|
||||
+ if (user_ctx != NULL && user_ctx != default_ctx)
|
||||
freecon(user_ctx);
|
||||
+ if (default_ctx != NULL)
|
||||
+ freecon(default_ctx);
|
||||
|
||||
debug3("%s: done", __func__);
|
||||
}
|
||||
@@ -149,7 +430,10 @@ ssh_selinux_setup_pty(char *pwname, cons
|
||||
|
||||
debug3("%s: setting TTY context on %s", __func__, tty);
|
||||
|
||||
- user_ctx = ssh_selinux_getctxbyname(pwname);
|
||||
+ if (getexeccon(&user_ctx) < 0) {
|
||||
+ error("%s: getexeccon: %s", __func__, strerror(errno));
|
||||
+ goto out;
|
||||
+ }
|
||||
|
||||
/* XXX: should these calls fatal() upon failure in enforcing mode? */
|
||||
|
||||
@@ -221,21 +505,6 @@ ssh_selinux_change_context(const char *n
|
||||
xfree(newctx);
|
||||
}
|
||||
|
||||
-void
|
||||
-ssh_selinux_setfscreatecon(const char *path)
|
||||
-{
|
||||
- security_context_t context;
|
||||
-
|
||||
- if (!ssh_selinux_enabled())
|
||||
- return;
|
||||
- if (path == NULL) {
|
||||
- setfscreatecon(NULL);
|
||||
- return;
|
||||
- }
|
||||
- if (matchpathcon(path, 0700, &context) == 0)
|
||||
- setfscreatecon(context);
|
||||
-}
|
||||
-
|
||||
#endif /* WITH_SELINUX */
|
||||
|
||||
#ifdef LINUX_OOM_ADJUST
|
||||
diff -up openssh-6.0p1/openbsd-compat/port-linux_part_2.c.role-mls openssh-6.0p1/openbsd-compat/port-linux_part_2.c
|
||||
--- openssh-6.0p1/openbsd-compat/port-linux_part_2.c.role-mls 2012-06-24 16:57:17.530262302 +0200
|
||||
+++ openssh-6.0p1/openbsd-compat/port-linux_part_2.c 2012-06-24 16:49:35.813070786 +0200
|
||||
@@ -0,0 +1,75 @@
|
||||
+/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
|
||||
+
|
||||
+/*
|
||||
+ * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
|
||||
+ * Copyright (c) 2006 Damien Miller <djm@openbsd.org>
|
||||
+ *
|
||||
+ * Permission to use, copy, modify, and distribute this software for any
|
||||
+ * purpose with or without fee is hereby granted, provided that the above
|
||||
+ * copyright notice and this permission notice appear in all copies.
|
||||
+ *
|
||||
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
+ */
|
||||
+
|
||||
+/*
|
||||
+ * Linux-specific portability code - just SELinux support at present
|
||||
+ */
|
||||
+
|
||||
+#include "includes.h"
|
||||
+
|
||||
+#if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST)
|
||||
+#include <errno.h>
|
||||
+#include <stdarg.h>
|
||||
+#include <string.h>
|
||||
+#include <stdio.h>
|
||||
+
|
||||
+#include "log.h"
|
||||
+#include "xmalloc.h"
|
||||
+#include "port-linux.h"
|
||||
+#include "key.h"
|
||||
+#include "hostfile.h"
|
||||
+#include "auth.h"
|
||||
+
|
||||
+#ifdef WITH_SELINUX
|
||||
+#include <selinux/selinux.h>
|
||||
+#include <selinux/flask.h>
|
||||
+#include <selinux/get_context_list.h>
|
||||
+
|
||||
+/* Wrapper around is_selinux_enabled() to log its return value once only */
|
||||
+int
|
||||
+ssh_selinux_enabled(void)
|
||||
+{
|
||||
+ static int enabled = -1;
|
||||
+
|
||||
+ if (enabled == -1) {
|
||||
+ enabled = (is_selinux_enabled() == 1);
|
||||
+ debug("SELinux support %s", enabled ? "enabled" : "disabled");
|
||||
+ }
|
||||
+
|
||||
+ return (enabled);
|
||||
+}
|
||||
+
|
||||
+void
|
||||
+ssh_selinux_setfscreatecon(const char *path)
|
||||
+{
|
||||
+ security_context_t context;
|
||||
+
|
||||
+ if (!ssh_selinux_enabled())
|
||||
+ return;
|
||||
+ if (path == NULL) {
|
||||
+ setfscreatecon(NULL);
|
||||
+ return;
|
||||
+ }
|
||||
+ if (matchpathcon(path, 0700, &context) == 0)
|
||||
+ setfscreatecon(context);
|
||||
+}
|
||||
+
|
||||
+#endif /* WITH_SELINUX */
|
||||
+
|
||||
+#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */
|
||||
diff -up openssh-6.0p1/sshd.c.role-mls openssh-6.0p1/sshd.c
|
||||
--- openssh-6.0p1/sshd.c.role-mls 2012-06-24 17:02:56.543257378 +0200
|
||||
+++ openssh-6.0p1/sshd.c 2012-06-24 16:58:09.634883844 +0200
|
||||
@@ -2090,6 +2090,9 @@ main(int ac, char **av)
|
||||
restore_uid();
|
||||
}
|
||||
#endif
|
||||
+#ifdef WITH_SELINUX
|
||||
+ ssh_selinux_setup_exec_context(authctxt->pw->pw_name);
|
||||
+#endif
|
||||
#ifdef USE_PAM
|
||||
if (options.use_pam) {
|
||||
do_pam_setcred(1);
|
42
openssh.spec
42
openssh.spec
@ -74,10 +74,10 @@
|
||||
%endif
|
||||
|
||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||
%define openssh_ver 5.9p1
|
||||
%define openssh_rel 26
|
||||
%define openssh_ver 6.0p1
|
||||
%define openssh_rel 1
|
||||
%define pam_ssh_agent_ver 0.9.3
|
||||
%define pam_ssh_agent_rel 1
|
||||
%define pam_ssh_agent_rel 2
|
||||
|
||||
Summary: An open source implementation of SSH protocol versions 1 and 2
|
||||
Name: openssh
|
||||
@ -123,15 +123,15 @@ Patch104: openssh-5.9p1-required-authentications.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1402
|
||||
Patch200: openssh-5.8p1-audit0.patch
|
||||
# -"-
|
||||
Patch201: openssh-5.9p1-audit1.patch
|
||||
Patch201: openssh-6.0p1-audit1.patch
|
||||
# -"-
|
||||
Patch202: openssh-5.9p1-audit2.patch
|
||||
# -"-
|
||||
Patch203: openssh-5.9p1-audit3.patch
|
||||
# -"-
|
||||
Patch204: openssh-5.9p1-audit4.patch
|
||||
Patch204: openssh-6.0p1-audit4.patch
|
||||
# -"-
|
||||
Patch205: openssh-5.9p1-audit5.patch
|
||||
Patch205: openssh-6.0p1-audit5.patch
|
||||
|
||||
# --- pam_ssh-agent ---
|
||||
# make it build reusing the openssh sources
|
||||
@ -140,27 +140,24 @@ Patch300: pam_ssh_agent_auth-0.9.3-build.patch
|
||||
Patch301: pam_ssh_agent_auth-0.9.2-seteuid.patch
|
||||
# explicitly make pam callbacks visible
|
||||
Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch
|
||||
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
|
||||
Patch400: openssh-5.9p1-role.patch
|
||||
#?
|
||||
Patch401: openssh-5.9p1-mls.patch
|
||||
Patch400: openssh-6.0p1-role-mls.patch
|
||||
#?
|
||||
Patch402: openssh-5.9p1-sftp-chroot.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1940
|
||||
Patch403: openssh-5.9p1-sesandbox.patch
|
||||
#Patch403: openssh-5.9p1-sesandbox.patch
|
||||
#https://bugzilla.redhat.com/show_bug.cgi?id=781634
|
||||
Patch404: openssh-5.9p1-privsep-selinux.patch
|
||||
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1663
|
||||
Patch500: openssh-5.9p1-akc.patch
|
||||
#?-- unwanted child :(
|
||||
Patch501: openssh-5.9p1-ldap.patch
|
||||
Patch501: openssh-6.0p1-ldap.patch
|
||||
#?
|
||||
Patch502: openssh-5.9p1-keycat.patch
|
||||
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1668
|
||||
Patch600: openssh-5.9p1-keygen.patch
|
||||
#Patch600: openssh-5.9p1-keygen.patch
|
||||
#http6://bugzilla.mindrot.org/show_bug.cgi?id=1644
|
||||
Patch601: openssh-5.2p1-allow-ip-opts.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1701
|
||||
@ -197,7 +194,7 @@ Patch706: openssh-5.8p1-localdomain.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
|
||||
Patch707: openssh-5.9p1-redhat.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1890 (WONTFIX) need integration to prng helper which is discontinued :)
|
||||
Patch708: openssh-5.9p1-entropy.patch
|
||||
Patch708: openssh-6.0p1-entropy.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX)
|
||||
Patch709: openssh-5.9p1-vendor.patch
|
||||
#?
|
||||
@ -424,10 +421,9 @@ popd
|
||||
%endif
|
||||
|
||||
%if %{WITH_SELINUX}
|
||||
%patch400 -p1 -b .role
|
||||
%patch401 -p1 -b .mls
|
||||
%patch400 -p1 -b .role-mls
|
||||
%patch402 -p1 -b .sftp-chroot
|
||||
%patch403 -p1 -b .sesandbox
|
||||
#%patch403 -p1 -b .sesandbox
|
||||
%patch404 -p1 -b .privsep-selinux
|
||||
%endif
|
||||
|
||||
@ -437,7 +433,7 @@ popd
|
||||
%endif
|
||||
%patch502 -p1 -b .keycat
|
||||
|
||||
%patch600 -p1 -b .keygen
|
||||
#%patch600 -p1 -b .keygen
|
||||
%patch601 -p1 -b .ip-opts
|
||||
%patch602 -p1 -b .randclean
|
||||
%patch603 -p1 -b .glob
|
||||
@ -542,10 +538,11 @@ fi
|
||||
%endif
|
||||
%if %{WITH_SELINUX}
|
||||
--with-selinux --with-audit=linux \
|
||||
%if 1
|
||||
--with-sandbox=selinux \
|
||||
%if 0
|
||||
#seccomp_filter cannot be build right now
|
||||
--with-sandbox=seccomp_filter \
|
||||
%else
|
||||
--with-sandbox=no \
|
||||
--with-sandbox=rlimit \
|
||||
%endif
|
||||
%endif
|
||||
%if %{kerberos5}
|
||||
@ -807,6 +804,9 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Aug 06 2012 Petr Lautrbach <plautrba@redhat.com> 6.0p1-1 + 0.9.3-2
|
||||
- new upstream release
|
||||
|
||||
* Mon Aug 06 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-26 + 0.9.3-1
|
||||
- change SELinux context also for root user (#827109)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user