rpms/openssh
6
0
Fork 1
Code Issues Pull Requests Releases Activity

Upgrade to version 5.2p1

Browse Source
This commit is contained in:
Jan F. Chadima 2009-03-10 13:39:03 +00:00
parent 48bd443ba4
commit adad2a814e
5 changed files with 1421 additions and 2169 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

976
openssh-5.2p1-fips.patch
View File

File diff suppressed because it is too large Load Diff

1415
openssh-5.2p1-nss-keys.patch
View File

File diff suppressed because it is too large Load Diff

127
openssh-5.2p1-redhat.patch
View File

@ -1,78 +1,6 @@
diff -up openssh-5.2p1/ssh_config.redhat openssh-5.2p1/ssh_config
--- openssh-5.2p1/ssh_config.redhat 2009-02-21 02:45:02.000000000 +0100
+++ openssh-5.2p1/ssh_config 2009-03-10 03:51:54.749290375 +0100
@@ -44,3 +44,13 @@
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
+Host *
+ GSSAPIAuthentication yes
+# If this option is set to yes then remote X11 clients will have full access
+# to the original X11 display. As virtually no X11 client supports the untrusted
+# mode correctly we set this to yes.
+ ForwardX11Trusted yes
+# Send locale-related environment variables
+ SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+ SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
diff -up openssh-5.2p1/sshd_config.0.redhat openssh-5.2p1/sshd_config.0
--- openssh-5.2p1/sshd_config.0.redhat 2009-02-23 01:18:15.000000000 +0100
+++ openssh-5.2p1/sshd_config.0 2009-03-10 03:51:54.958364611 +0100
@@ -467,6 +467,11 @@ DESCRIPTION
Defines the number of bits in the ephemeral protocol version 1
server key. The minimum value is 512, and the default is 1024.
+ ShowPatchLevel
+ Specifies whether sshd will display the specific patch level of
+ the binary in the server identification string. The patch level
+ is set at compile-time. The default is M-bM-^@M-^\noM-bM-^@M-^].
+
StrictModes
Specifies whether sshd(8) should check file modes and ownership
of the user's files and home directory before accepting login.
@@ -491,9 +496,9 @@ DESCRIPTION
SyslogFacility
Gives the facility code that is used when logging messages from
- sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0,
- LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The de-
- fault is AUTH.
+ sshd(8). The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
+ LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
+ The default is AUTH.
TCPKeepAlive
Specifies whether the system should send TCP keepalive messages
diff -up openssh-5.2p1/sshd_config.5.redhat openssh-5.2p1/sshd_config.5
--- openssh-5.2p1/sshd_config.5.redhat 2009-02-23 01:00:24.000000000 +0100
+++ openssh-5.2p1/sshd_config.5 2009-03-10 03:51:54.931352756 +0100
@@ -814,6 +814,14 @@ This option applies to protocol version
.It Cm ServerKeyBits
Defines the number of bits in the ephemeral protocol version 1 server key.
The minimum value is 512, and the default is 1024.
+.It Cm ShowPatchLevel
+Specifies whether
+.Nm sshd
+will display the patch level of the binary in the identification string.
+The patch level is set at compile-time.
+The default is
+.Dq no .
+This option applies to protocol version 1 only.
.It Cm StrictModes
Specifies whether
.Xr sshd 8
@@ -848,7 +856,7 @@ Note that this option applies to protoco
.It Cm SyslogFacility
Gives the facility code that is used when logging messages from
.Xr sshd 8 .
-The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
+The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
.It Cm TCPKeepAlive
diff -up openssh-5.2p1/sshd_config.redhat openssh-5.2p1/sshd_config diff -up openssh-5.2p1/sshd_config.redhat openssh-5.2p1/sshd_config
--- openssh-5.2p1/sshd_config.redhat 2008-07-02 14:35:43.000000000 +0200 --- openssh-5.2p1/sshd_config.redhat 2008-07-02 14:35:43.000000000 +0200
+++ openssh-5.2p1/sshd_config 2009-03-10 03:51:54.960221540 +0100 +++ openssh-5.2p1/sshd_config 2008-07-23 14:11:12.000000000 +0200
@@ -33,6 +33,7 @@ Protocol 2 @@ -33,6 +33,7 @@ Protocol 2
# Logging # Logging
# obsoletes QuietMode and FascistLogging # obsoletes QuietMode and FascistLogging
@ -122,11 +50,48 @@ diff -up openssh-5.2p1/sshd_config.redhat openssh-5.2p1/sshd_config
#X11DisplayOffset 10 #X11DisplayOffset 10
#X11UseLocalhost yes #X11UseLocalhost yes
#PrintMotd yes #PrintMotd yes
@@ -100,6 +112,7 @@ Protocol 2 diff -up openssh-5.2p1/ssh_config.redhat openssh-5.2p1/ssh_config
#Compression delayed --- openssh-5.2p1/ssh_config.redhat 2007-06-11 06:04:42.000000000 +0200
#ClientAliveInterval 0 +++ openssh-5.2p1/ssh_config 2008-07-23 14:07:29.000000000 +0200
#ClientAliveCountMax 3 @@ -44,3 +44,13 @@
+#ShowPatchLevel no # TunnelDevice any:any
#UseDNS yes # PermitLocalCommand no
#PidFile /var/run/sshd.pid # VisualHostKey no
#MaxStartups 10 +Host *
+ GSSAPIAuthentication yes
+# If this option is set to yes then remote X11 clients will have full access
+# to the original X11 display. As virtually no X11 client supports the untrusted
+# mode correctly we set this to yes.
+ ForwardX11Trusted yes
+# Send locale-related environment variables
+ SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+ SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
diff -up openssh-5.2p1/sshd_config.0.redhat openssh-5.2p1/sshd_config.0
--- openssh-5.2p1/sshd_config.0.redhat 2008-07-21 10:30:51.000000000 +0200
+++ openssh-5.2p1/sshd_config.0 2008-07-23 14:07:29.000000000 +0200
@@ -490,9 +490,9 @@ DESCRIPTION
SyslogFacility
Gives the facility code that is used when logging messages from
- sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0,
- LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The de-
- fault is AUTH.
+ sshd(8). The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
+ LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
+ The default is AUTH.
TCPKeepAlive
Specifies whether the system should send TCP keepalive messages
diff -up openssh-5.2p1/sshd_config.5.redhat openssh-5.2p1/sshd_config.5
--- openssh-5.2p1/sshd_config.5.redhat 2008-07-02 14:35:43.000000000 +0200
+++ openssh-5.2p1/sshd_config.5 2008-07-23 14:07:29.000000000 +0200
@@ -846,7 +846,7 @@ Note that this option applies to protoco
.It Cm SyslogFacility
Gives the facility code that is used when logging messages from
.Xr sshd 8 .
-The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
+The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
.It Cm TCPKeepAlive

853
openssh-5.2p1-selinux.patch
View File

@ -1,6 +1,17 @@
diff -up openssh-5.2p1/configure.ac.selinux openssh-5.2p1/configure.ac
--- openssh-5.2p1/configure.ac.selinux 2008-07-23 16:32:13.000000000 +0200
+++ openssh-5.2p1/configure.ac 2008-07-23 16:32:13.000000000 +0200
@@ -3309,6 +3309,7 @@ AC_ARG_WITH(selinux,
AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
AC_MSG_ERROR(SELinux support requires libselinux library))
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+ LIBS="$LIBS $LIBSELINUX"
AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
LIBS="$save_LIBS"
fi ]
diff -up openssh-5.2p1/auth1.c.selinux openssh-5.2p1/auth1.c diff -up openssh-5.2p1/auth1.c.selinux openssh-5.2p1/auth1.c
--- openssh-5.2p1/auth1.c.selinux 2009-03-10 03:51:54.813223420 +0100 --- openssh-5.2p1/auth1.c.selinux 2008-07-23 16:32:13.000000000 +0200
+++ openssh-5.2p1/auth1.c 2009-03-10 03:51:55.045214236 +0100 +++ openssh-5.2p1/auth1.c 2008-07-23 16:32:13.000000000 +0200
@@ -391,7 +391,7 @@ void @@ -391,7 +391,7 @@ void
do_authentication(Authctxt *authctxt) do_authentication(Authctxt *authctxt)
{ {
@ -30,44 +41,51 @@ diff -up openssh-5.2p1/auth1.c.selinux openssh-5.2p1/auth1.c
/* Verify that the user is a valid user. */ /* Verify that the user is a valid user. */
if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
diff -up openssh-5.2p1/auth2.c.selinux openssh-5.2p1/auth2.c diff -up openssh-5.2p1/auth2-pubkey.c.selinux openssh-5.2p1/auth2-pubkey.c
--- openssh-5.2p1/auth2.c.selinux 2008-11-05 06:20:46.000000000 +0100 --- openssh-5.2p1/auth2-pubkey.c.selinux 2008-07-04 04:54:25.000000000 +0200
+++ openssh-5.2p1/auth2.c 2009-03-10 03:51:55.071216534 +0100 +++ openssh-5.2p1/auth2-pubkey.c 2008-07-23 16:32:13.000000000 +0200
@@ -215,7 +215,7 @@ input_userauth_request(int type, u_int32 @@ -117,7 +117,14 @@ userauth_pubkey(Authctxt *authctxt)
{ }
Authctxt *authctxt = ctxt; /* reconstruct packet */
Authmethod *m = NULL; buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
- char *user, *service, *method, *style = NULL; - buffer_put_cstring(&b, authctxt->user);
+ char *user, *service, *method, *style = NULL, *role = NULL; + if (authctxt->role) {
int authenticated = 0; + buffer_put_int(&b, strlen(authctxt->user)+strlen(authctxt->role)+1);
+ buffer_append(&b, authctxt->user, strlen(authctxt->user));
if (authctxt == NULL) + buffer_put_char(&b, '/');
@@ -227,6 +227,9 @@ input_userauth_request(int type, u_int32 + buffer_append(&b, authctxt->role, strlen(authctxt->role));
debug("userauth-request for user %s service %s method %s", user, service, method); + } else {
debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); + buffer_put_cstring(&b, authctxt->user);
+ if ((role = strchr(user, '/')) != NULL)
+ *role++ = 0;
+
if ((style = strchr(user, ':')) != NULL)
*style++ = 0;
@@ -252,8 +255,11 @@ input_userauth_request(int type, u_int32
use_privsep ? " [net]" : "");
authctxt->service = xstrdup(service);
authctxt->style = style ? xstrdup(style) : NULL;
- if (use_privsep)
+ authctxt->role = role ? xstrdup(role) : NULL;
+ if (use_privsep) {
mm_inform_authserv(service, style);
+ mm_inform_authrole(role);
+ } + }
userauth_banner(); buffer_put_cstring(&b,
} else if (strcmp(user, authctxt->user) != 0 || datafellows & SSH_BUG_PKSERVICE ?
strcmp(service, authctxt->service) != 0) { "ssh-userauth" :
diff -up openssh-5.2p1/monitor_wrap.h.selinux openssh-5.2p1/monitor_wrap.h
--- openssh-5.2p1/monitor_wrap.h.selinux 2006-08-05 04:39:40.000000000 +0200
+++ openssh-5.2p1/monitor_wrap.h 2008-07-23 16:32:13.000000000 +0200
@@ -41,6 +41,7 @@ int mm_is_monitor(void);
DH *mm_choose_dh(int, int, int);
int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);
void mm_inform_authserv(char *, char *);
+void mm_inform_authrole(char *);
struct passwd *mm_getpwnamallow(const char *);
char *mm_auth2_read_banner(void);
int mm_auth_password(struct Authctxt *, char *);
diff -up openssh-5.2p1/monitor.h.selinux openssh-5.2p1/monitor.h
--- openssh-5.2p1/monitor.h.selinux 2006-03-26 05:30:02.000000000 +0200
+++ openssh-5.2p1/monitor.h 2008-07-23 16:32:13.000000000 +0200
@@ -30,7 +30,7 @@
enum monitor_reqtype {
MONITOR_REQ_MODULI, MONITOR_ANS_MODULI,
- MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV,
+ MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV,MONITOR_REQ_AUTHROLE,
MONITOR_REQ_SIGN, MONITOR_ANS_SIGN,
MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM,
MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER,
diff -up openssh-5.2p1/auth2-hostbased.c.selinux openssh-5.2p1/auth2-hostbased.c diff -up openssh-5.2p1/auth2-hostbased.c.selinux openssh-5.2p1/auth2-hostbased.c
--- openssh-5.2p1/auth2-hostbased.c.selinux 2008-07-17 10:57:19.000000000 +0200 --- openssh-5.2p1/auth2-hostbased.c.selinux 2008-07-17 10:57:19.000000000 +0200
+++ openssh-5.2p1/auth2-hostbased.c 2009-03-10 03:51:55.052265447 +0100 +++ openssh-5.2p1/auth2-hostbased.c 2008-07-23 16:32:13.000000000 +0200
@@ -106,7 +106,14 @@ userauth_hostbased(Authctxt *authctxt) @@ -106,7 +106,14 @@ userauth_hostbased(Authctxt *authctxt)
buffer_put_string(&b, session_id2, session_id2_len); buffer_put_string(&b, session_id2, session_id2_len);
/* reconstruct packet */ /* reconstruct packet */
@ -84,221 +102,10 @@ diff -up openssh-5.2p1/auth2-hostbased.c.selinux openssh-5.2p1/auth2-hostbased.c
buffer_put_cstring(&b, service); buffer_put_cstring(&b, service);
buffer_put_cstring(&b, "hostbased"); buffer_put_cstring(&b, "hostbased");
buffer_put_string(&b, pkalg, alen); buffer_put_string(&b, pkalg, alen);
diff -up openssh-5.2p1/auth2-pubkey.c.selinux openssh-5.2p1/auth2-pubkey.c
--- openssh-5.2p1/auth2-pubkey.c.selinux 2008-07-04 04:54:25.000000000 +0200
+++ openssh-5.2p1/auth2-pubkey.c 2009-03-10 03:51:56.174214480 +0100
@@ -33,6 +33,7 @@
#include <stdio.h>
#include <stdarg.h>
#include <unistd.h>
+#include <openssl/fips.h>
#include "xmalloc.h"
#include "ssh.h"
@@ -117,7 +118,14 @@ userauth_pubkey(Authctxt *authctxt)
}
/* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
- buffer_put_cstring(&b, authctxt->user);
+ if (authctxt->role) {
+ buffer_put_int(&b, strlen(authctxt->user)+strlen(authctxt->role)+1);
+ buffer_append(&b, authctxt->user, strlen(authctxt->user));
+ buffer_put_char(&b, '/');
+ buffer_append(&b, authctxt->role, strlen(authctxt->role));
+ } else {
+ buffer_put_cstring(&b, authctxt->user);
+ }
buffer_put_cstring(&b,
datafellows & SSH_BUG_PKSERVICE ?
"ssh-userauth" :
@@ -236,7 +244,7 @@ user_key_allowed2(struct passwd *pw, Key
found_key = 1;
debug("matching key found: file %s, line %lu",
file, linenum);
- fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
+ fp = key_fingerprint(found, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
verbose("Found matching %s key: %s",
key_type(found), fp);
xfree(fp);
diff -up openssh-5.2p1/auth.h.selinux openssh-5.2p1/auth.h
--- openssh-5.2p1/auth.h.selinux 2008-11-05 06:20:46.000000000 +0100
+++ openssh-5.2p1/auth.h 2009-03-10 03:51:55.069276014 +0100
@@ -58,6 +58,7 @@ struct Authctxt {
char *service;
struct passwd *pw; /* set if 'valid' */
char *style;
+ char *role;
void *kbdintctxt;
void *jpake_ctx;
#ifdef BSD_AUTH
diff -up openssh-5.2p1/configure.ac.selinux openssh-5.2p1/configure.ac
--- openssh-5.2p1/configure.ac.selinux 2009-03-10 03:51:54.901396765 +0100
+++ openssh-5.2p1/configure.ac 2009-03-10 03:51:55.850215090 +0100
@@ -3335,11 +3335,25 @@ AC_ARG_WITH(selinux,
AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
AC_MSG_ERROR(SELinux support requires libselinux library))
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+ LIBS="$LIBS $LIBSELINUX"
AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
+ AC_CHECK_FUNCS(setkeycreatecon)
LIBS="$save_LIBS"
fi ]
)
+# Check whether user wants Linux audit support
+LINUX_AUDIT_MSG="no"
+AC_ARG_WITH(linux-audit,
+ [ --with-linux-audit Enable Linux audit support],
+ [ if test "x$withval" != "xno" ; then
+ AC_DEFINE(HAVE_LINUX_AUDIT,1,[Define if you want Linux audit support.])
+ LINUX_AUDIT_MSG="yes"
+ AC_CHECK_HEADERS(libaudit.h)
+ SSHDLIBS="$SSHDLIBS -laudit"
+ fi ]
+)
+
# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
AC_ARG_WITH(kerberos5,
@@ -3448,6 +3462,20 @@ AC_ARG_WITH(kerberos5,
]
)
+# Check whether user wants NSS support
+LIBNSS_MSG="no"
+AC_ARG_WITH(nss,
+ [ --with-nss Enable NSS support],
+ [ if test "x$withval" != "xno" ; then
+ AC_DEFINE(HAVE_LIBNSS,1,[Define if you want NSS support.])
+ LIBNSS_MSG="yes"
+ CPPFLAGS="$CPPFLAGS -I/usr/include/nss3 -I/usr/include/nspr4"
+ AC_CHECK_HEADERS(pk11pub.h)
+ LIBS="$LIBS -lnss3"
+ fi
+ ])
+AC_SUBST(LIBNSS)
+
# Looking for programs, paths and files
PRIVSEP_PATH=/var/empty
@@ -4168,12 +4196,14 @@ echo " PAM support
echo " OSF SIA support: $SIA_MSG"
echo " KerberosV support: $KRB5_MSG"
echo " SELinux support: $SELINUX_MSG"
+echo " Linux audit support: $LINUX_AUDIT_MSG"
echo " Smartcard support: $SCARD_MSG"
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
echo " MD5 password support: $MD5_MSG"
echo " libedit support: $LIBEDIT_MSG"
echo " Solaris process contract support: $SPC_MSG"
+echo " NSS support: $LIBNSS_MSG"
echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
echo " BSD Auth support: $BSD_AUTH_MSG"
diff -up openssh-5.2p1/monitor.c.selinux openssh-5.2p1/monitor.c
--- openssh-5.2p1/monitor.c.selinux 2009-02-14 06:33:31.000000000 +0100
+++ openssh-5.2p1/monitor.c 2009-03-10 03:51:55.099559692 +0100
@@ -135,6 +135,7 @@ int mm_answer_sign(int, Buffer *);
int mm_answer_pwnamallow(int, Buffer *);
int mm_answer_auth2_read_banner(int, Buffer *);
int mm_answer_authserv(int, Buffer *);
+int mm_answer_authrole(int, Buffer *);
int mm_answer_authpassword(int, Buffer *);
int mm_answer_bsdauthquery(int, Buffer *);
int mm_answer_bsdauthrespond(int, Buffer *);
@@ -211,6 +212,7 @@ struct mon_table mon_dispatch_proto20[]
{MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
+ {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole},
{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
#ifdef USE_PAM
@@ -680,6 +682,7 @@ mm_answer_pwnamallow(int sock, Buffer *m
else {
/* Allow service/style information on the auth context */
monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
}
@@ -725,6 +728,23 @@ mm_answer_authserv(int sock, Buffer *m)
}
int
+mm_answer_authrole(int sock, Buffer *m)
+{
+ monitor_permit_authentications(1);
+
+ authctxt->role = buffer_get_string(m, NULL);
+ debug3("%s: role=%s",
+ __func__, authctxt->role);
+
+ if (strlen(authctxt->role) == 0) {
+ xfree(authctxt->role);
+ authctxt->role = NULL;
+ }
+
+ return (0);
+}
+
+int
mm_answer_authpassword(int sock, Buffer *m)
{
static int call_count;
@@ -1102,7 +1122,7 @@ static int
monitor_valid_userblob(u_char *data, u_int datalen)
{
Buffer b;
- char *p;
+ char *p, *r;
u_int len;
int fail = 0;
@@ -1128,6 +1148,8 @@ monitor_valid_userblob(u_char *data, u_i
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
fail++;
p = buffer_get_string(&b, NULL);
+ if ((r = strchr(p, '/')) != NULL)
+ *r = '\0';
if (strcmp(authctxt->user, p) != 0) {
logit("wrong user name passed to monitor: expected %s != %.100s",
authctxt->user, p);
@@ -1159,7 +1181,7 @@ monitor_valid_hostbasedblob(u_char *data
char *chost)
{
Buffer b;
- char *p;
+ char *p, *r;
u_int len;
int fail = 0;
@@ -1176,6 +1198,8 @@ monitor_valid_hostbasedblob(u_char *data
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
fail++;
p = buffer_get_string(&b, NULL);
+ if ((r = strchr(p, '/')) != NULL)
+ *r = '\0';
if (strcmp(authctxt->user, p) != 0) {
logit("wrong user name passed to monitor: expected %s != %.100s",
authctxt->user, p);
diff -up openssh-5.2p1/monitor.h.selinux openssh-5.2p1/monitor.h
--- openssh-5.2p1/monitor.h.selinux 2008-11-05 06:20:46.000000000 +0100
+++ openssh-5.2p1/monitor.h 2009-03-10 03:51:55.050519421 +0100
@@ -30,7 +30,7 @@
enum monitor_reqtype {
MONITOR_REQ_MODULI, MONITOR_ANS_MODULI,
- MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV,
+ MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV,MONITOR_REQ_AUTHROLE,
MONITOR_REQ_SIGN, MONITOR_ANS_SIGN,
MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM,
MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER,
diff -up openssh-5.2p1/monitor_wrap.c.selinux openssh-5.2p1/monitor_wrap.c diff -up openssh-5.2p1/monitor_wrap.c.selinux openssh-5.2p1/monitor_wrap.c
--- openssh-5.2p1/monitor_wrap.c.selinux 2008-11-05 06:20:47.000000000 +0100 --- openssh-5.2p1/monitor_wrap.c.selinux 2008-07-11 09:36:48.000000000 +0200
+++ openssh-5.2p1/monitor_wrap.c 2009-03-10 03:51:55.066210099 +0100 +++ openssh-5.2p1/monitor_wrap.c 2008-07-23 16:32:13.000000000 +0200
@@ -297,6 +297,23 @@ mm_inform_authserv(char *service, char * @@ -296,6 +296,23 @@ mm_inform_authserv(char *service, char *
buffer_free(&m); buffer_free(&m);
} }
@ -322,234 +129,40 @@ diff -up openssh-5.2p1/monitor_wrap.c.selinux openssh-5.2p1/monitor_wrap.c
/* Do the password authentication */ /* Do the password authentication */
int int
mm_auth_password(Authctxt *authctxt, char *password) mm_auth_password(Authctxt *authctxt, char *password)
diff -up openssh-5.2p1/monitor_wrap.h.selinux openssh-5.2p1/monitor_wrap.h
--- openssh-5.2p1/monitor_wrap.h.selinux 2008-11-05 06:20:47.000000000 +0100
+++ openssh-5.2p1/monitor_wrap.h 2009-03-10 03:51:55.048731957 +0100
@@ -41,6 +41,7 @@ int mm_is_monitor(void);
DH *mm_choose_dh(int, int, int);
int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);
void mm_inform_authserv(char *, char *);
+void mm_inform_authrole(char *);
struct passwd *mm_getpwnamallow(const char *);
char *mm_auth2_read_banner(void);
int mm_auth_password(struct Authctxt *, char *);
diff -up openssh-5.2p1/openbsd-compat/port-linux.c.selinux openssh-5.2p1/openbsd-compat/port-linux.c diff -up openssh-5.2p1/openbsd-compat/port-linux.c.selinux openssh-5.2p1/openbsd-compat/port-linux.c
--- openssh-5.2p1/openbsd-compat/port-linux.c.selinux 2008-03-26 21:27:21.000000000 +0100 --- openssh-5.2p1/openbsd-compat/port-linux.c.selinux 2008-03-26 21:27:21.000000000 +0100
+++ openssh-5.2p1/openbsd-compat/port-linux.c 2009-03-10 03:51:55.407292576 +0100 +++ openssh-5.2p1/openbsd-compat/port-linux.c 2008-07-23 16:32:13.000000000 +0200
@@ -30,10 +30,28 @@ @@ -30,11 +30,16 @@
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
#include "log.h" #include "log.h"
#include "port-linux.h" #include "port-linux.h"
+#include "key.h" +#include "key.h"
+#include "hostfile.h" +#include "hostfile.h"
+#include "auth.h" +#include "auth.h"
+#include "xmalloc.h"
+#include "servconf.h"
#include <selinux/selinux.h> #include <selinux/selinux.h>
#include <selinux/flask.h> #include <selinux/flask.h>
+#include <selinux/context.h>
#include <selinux/get_context_list.h> #include <selinux/get_context_list.h>
+#include <selinux/get_default_type.h>
+#include <selinux/av_permissions.h>
+
+#ifdef HAVE_LINUX_AUDIT
+#include <libaudit.h>
+#include <unistd.h>
+#endif
+
+extern ServerOptions options;
+extern Authctxt *the_authctxt;
+extern int inetd_flag;
+extern int rexeced_flag;
+extern Authctxt *the_authctxt;
+
/* Wrapper around is_selinux_enabled() to log its return value once only */ /* Wrapper around is_selinux_enabled() to log its return value once only */
int int
@@ -49,42 +67,245 @@ ssh_selinux_enabled(void) ssh_selinux_enabled(void)
return (enabled); @@ -53,23 +58,36 @@ ssh_selinux_enabled(void)
} static security_context_t
ssh_selinux_getctxbyname(char *pwname)
+/* Send audit message */
+static int
+send_audit_message(int success, security_context_t default_context,
+ security_context_t selected_context)
+{
+ int rc=0;
+#ifdef HAVE_LINUX_AUDIT
+ char *msg = NULL;
+ int audit_fd = audit_open();
+ security_context_t default_raw=NULL;
+ security_context_t selected_raw=NULL;
+ rc = -1;
+ if (audit_fd < 0) {
+ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
+ errno == EAFNOSUPPORT)
+ return 0; /* No audit support in kernel */
+ error("Error connecting to audit system.");
+ return rc;
+ }
+ if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) {
+ error("Error translating default context.");
+ default_raw = NULL;
+ }
+ if (selinux_trans_to_raw_context(selected_context, &selected_raw) < 0) {
+ error("Error translating selected context.");
+ selected_raw = NULL;
+ }
+ if (asprintf(&msg, "sshd: default-context=%s selected-context=%s",
+ default_raw ? default_raw : (default_context ? default_context: "?"),
+ selected_context ? selected_raw : (selected_context ? selected_context :"?")) < 0) {
+ error("Error allocating memory.");
+ goto out;
+ }
+ if (audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
+ msg, NULL, NULL, NULL, success) <= 0) {
+ error("Error sending audit message.");
+ goto out;
+ }
+ rc = 0;
+ out:
+ free(msg);
+ freecon(default_raw);
+ freecon(selected_raw);
+ close(audit_fd);
+#endif
+ return rc;
+}
+
+static int
+mls_range_allowed(security_context_t src, security_context_t dst)
+{
+ struct av_decision avd;
+ int retval;
+ unsigned int bit = CONTEXT__CONTAINS;
+
+ debug("%s: src:%s dst:%s", __func__, src, dst);
+ retval = security_compute_av(src, dst, SECCLASS_CONTEXT, bit, &avd);
+ if (retval || ((bit & avd.allowed) != bit))
+ return 0;
+
+ return 1;
+}
+
+static int
+get_user_context(const char *sename, const char *role, const char *lvl,
+ security_context_t *sc) {
+#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
+ if (lvl == NULL || lvl[0] == '\0' || get_default_context_with_level(sename, lvl, NULL, sc) != 0) {
+ /* User may have requested a level completely outside of his
+ allowed range. We get a context just for auditing as the
+ range check below will certainly fail for default context. */
+#endif
+ if (get_default_context(sename, NULL, sc) != 0) {
+ *sc = NULL;
+ return -1;
+ }
+#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
+ }
+#endif
+ if (role != NULL && role[0]) {
+ context_t con;
+ char *type=NULL;
+ if (get_default_type(role, &type) != 0) {
+ error("get_default_type: failed to get default type for '%s'",
+ role);
+ goto out;
+ }
+ con = context_new(*sc);
+ if (!con) {
+ goto out;
+ }
+ context_role_set(con, role);
+ context_type_set(con, type);
+ freecon(*sc);
+ *sc = strdup(context_str(con));
+ context_free(con);
+ if (!*sc)
+ return -1;
+ }
+#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
+ if (lvl != NULL && lvl[0]) {
+ /* verify that the requested range is obtained */
+ context_t con;
+ security_context_t obtained_raw;
+ security_context_t requested_raw;
+ con = context_new(*sc);
+ if (!con) {
+ goto out;
+ }
+ context_range_set(con, lvl);
+ if (selinux_trans_to_raw_context(*sc, &obtained_raw) < 0) {
+ context_free(con);
+ goto out;
+ }
+ if (selinux_trans_to_raw_context(context_str(con), &requested_raw) < 0) {
+ freecon(obtained_raw);
+ context_free(con);
+ goto out;
+ }
+
+ debug("get_user_context: obtained context '%s' requested context '%s'",
+ obtained_raw, requested_raw);
+ if (strcmp(obtained_raw, requested_raw)) {
+ /* set the context to the real requested one but fail */
+ freecon(requested_raw);
+ freecon(obtained_raw);
+ freecon(*sc);
+ *sc = strdup(context_str(con));
+ context_free(con);
+ return -1;
+ }
+ freecon(requested_raw);
+ freecon(obtained_raw);
+ context_free(con);
+ }
+#endif
+ return 0;
+ out:
+ freecon(*sc);
+ *sc = NULL;
+ return -1;
+}
+
+static void
+ssh_selinux_get_role_level(char **role, const char **level)
+{
+ *role = NULL;
+ *level = NULL;
+ if (the_authctxt) {
+ if (the_authctxt->role != NULL) {
+ char *slash;
+ *role = xstrdup(the_authctxt->role);
+ if ((slash = strchr(*role, '/')) != NULL) {
+ *slash = '\0';
+ *level = slash + 1;
+ }
+ }
+ }
+}
+
/* Return the default security context for the given username */
-static security_context_t
-ssh_selinux_getctxbyname(char *pwname)
+static int
+ssh_selinux_getctxbyname(char *pwname,
+ security_context_t *default_sc, security_context_t *user_sc)
{ {
- security_context_t sc; - security_context_t sc;
- char *sename = NULL, *lvl = NULL; - char *sename = NULL, *lvl = NULL;
- int r; - int r;
+ security_context_t sc = NULL;
+ char *sename, *lvl; + char *sename, *lvl;
+ const char *reqlvl; + char *role = NULL;
+ char *role; + int r = 0;
+ int r = -1;
+ context_t con = NULL;
+
+ *default_sc = NULL;
+ *user_sc = NULL;
+
+ ssh_selinux_get_role_level(&role, &reqlvl);
+ if (the_authctxt)
+ role=the_authctxt->role;
#ifdef HAVE_GETSEUSERBYNAME #ifdef HAVE_GETSEUSERBYNAME
- if (getseuserbyname(pwname, &sename, &lvl) != 0) - if (getseuserbyname(pwname, &sename, &lvl) != 0)
- return NULL; - return NULL;
@ -559,213 +172,157 @@ diff -up openssh-5.2p1/openbsd-compat/port-linux.c.selinux openssh-5.2p1/openbsd
+ } + }
#else #else
sename = pwname; sename = pwname;
- lvl = NULL; lvl = NULL;
+ lvl = "";
#endif #endif
+ if (r == 0) { + if (r == 0) {
#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
- r = get_default_context_with_level(sename, lvl, NULL, &sc); - r = get_default_context_with_level(sename, lvl, NULL, &sc);
+ r = get_default_context_with_level(sename, lvl, NULL, default_sc); + if (role != NULL && role[0])
+ r = get_default_context_with_rolelevel(sename, role, lvl, NULL, &sc);
+ else
+ r = get_default_context_with_level(sename, lvl, NULL, &sc);
#else #else
- r = get_default_context(sename, NULL, &sc); - r = get_default_context(sename, NULL, &sc);
+ r = get_default_context(sename, NULL, default_sc); + if (role != NULL && role[0])
+ r = get_default_context_with_role(sename, role, NULL, &sc);
+ else
+ r = get_default_context(sename, NULL, &sc);
#endif #endif
+ } + }
- if (r != 0) { if (r != 0) {
- switch (security_getenforce()) { switch (security_getenforce()) {
- case -1: diff -up openssh-5.2p1/auth.h.selinux openssh-5.2p1/auth.h
- fatal("%s: ssh_selinux_getctxbyname: " --- openssh-5.2p1/auth.h.selinux 2008-07-02 14:37:30.000000000 +0200
- "security_getenforce() failed", __func__); +++ openssh-5.2p1/auth.h 2008-07-23 16:32:13.000000000 +0200
- case 0: @@ -58,6 +58,7 @@ struct Authctxt {
- error("%s: Failed to get default SELinux security " char *service;
- "context for %s", __func__, pwname); struct passwd *pw; /* set if 'valid' */
- break; char *style;
- default: + char *role;
- fatal("%s: Failed to get default SELinux security " void *kbdintctxt;
- "context for %s (in enforcing mode)", void *jpake_ctx;
- __func__, pwname); #ifdef BSD_AUTH
+ if (r == 0) { diff -up openssh-5.2p1/auth2.c.selinux openssh-5.2p1/auth2.c
+ /* If launched from xinetd, we must use current level */ --- openssh-5.2p1/auth2.c.selinux 2008-07-05 01:44:53.000000000 +0200
+ if (inetd_flag && !rexeced_flag) { +++ openssh-5.2p1/auth2.c 2008-07-23 16:32:13.000000000 +0200
+ security_context_t sshdsc=NULL; @@ -209,7 +209,7 @@ input_userauth_request(int type, u_int32
{
Authctxt *authctxt = ctxt;
Authmethod *m = NULL;
- char *user, *service, *method, *style = NULL;
+ char *user, *service, *method, *style = NULL, *role = NULL;
int authenticated = 0;
if (authctxt == NULL)
@@ -221,6 +221,9 @@ input_userauth_request(int type, u_int32
debug("userauth-request for user %s service %s method %s", user, service, method);
debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
+ if ((role = strchr(user, '/')) != NULL)
+ *role++ = 0;
+ +
+ if (getcon_raw(&sshdsc) < 0) if ((style = strchr(user, ':')) != NULL)
+ fatal("failed to allocate security context"); *style++ = 0;
+
+ if ((con=context_new(sshdsc)) == NULL) @@ -246,8 +249,11 @@ input_userauth_request(int type, u_int32
+ fatal("failed to allocate selinux context"); use_privsep ? " [net]" : "");
+ reqlvl = context_range_get(con); authctxt->service = xstrdup(service);
+ freecon(sshdsc); authctxt->style = style ? xstrdup(style) : NULL;
+ if (reqlvl !=NULL && lvl != NULL && strcmp(reqlvl, lvl) == 0) - if (use_privsep)
+ /* we actually don't change level */ + authctxt->role = role ? xstrdup(role) : NULL;
+ reqlvl = ""; + if (use_privsep) {
+ mm_inform_authserv(service, style);
+ debug("%s: current connection level '%s'", __func__, reqlvl); + mm_inform_authrole(role);
}
+
+ if ((reqlvl != NULL && reqlvl[0]) || (role != NULL && role[0])) {
+ r = get_user_context(sename, role, reqlvl, user_sc);
+
+ if (r == 0 && reqlvl != NULL && reqlvl[0]) {
+ security_context_t default_level_sc = *default_sc;
+ if (role != NULL && role[0]) {
+ if (get_user_context(sename, role, lvl, &default_level_sc) < 0)
+ default_level_sc = *default_sc;
+ }
+ /* verify that the requested range is contained in the user range */
+ if (mls_range_allowed(default_level_sc, *user_sc)) {
+ logit("permit MLS level %s (user range %s)", reqlvl, lvl);
+ } else {
+ r = -1;
+ error("deny MLS level %s (user range %s)", reqlvl, lvl);
+ }
+ if (default_level_sc != *default_sc)
+ freecon(default_level_sc);
+ }
+ } else {
+ *user_sc = *default_sc;
+ } + }
+ } userauth_banner();
+ if (r != 0) { } else if (strcmp(user, authctxt->user) != 0 ||
+ error("%s: Failed to get default SELinux security " strcmp(service, authctxt->service) != 0) {
+ "context for %s", __func__, pwname); diff -up openssh-5.2p1/monitor.c.selinux openssh-5.2p1/monitor.c
--- openssh-5.2p1/monitor.c.selinux 2008-07-11 09:36:48.000000000 +0200
+++ openssh-5.2p1/monitor.c 2008-07-23 16:36:10.000000000 +0200
@@ -134,6 +134,7 @@ int mm_answer_sign(int, Buffer *);
int mm_answer_pwnamallow(int, Buffer *);
int mm_answer_auth2_read_banner(int, Buffer *);
int mm_answer_authserv(int, Buffer *);
+int mm_answer_authrole(int, Buffer *);
int mm_answer_authpassword(int, Buffer *);
int mm_answer_bsdauthquery(int, Buffer *);
int mm_answer_bsdauthrespond(int, Buffer *);
@@ -205,6 +206,7 @@ struct mon_table mon_dispatch_proto20[]
{MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
+ {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole},
{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
#ifdef USE_PAM
@@ -658,6 +660,7 @@ mm_answer_pwnamallow(int sock, Buffer *m
else {
/* Allow service/style information on the auth context */
monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
} }
#ifdef HAVE_GETSEUSERBYNAME @@ -703,6 +706,23 @@ mm_answer_authserv(int sock, Buffer *m)
@@ -93,37 +314,114 @@ ssh_selinux_getctxbyname(char *pwname) }
if (lvl != NULL)
xfree(lvl);
#endif
+ if (role != NULL)
+ xfree(role);
+ if (con)
+ context_free(con);
- return (sc); int
+ return (r); +mm_answer_authrole(int sock, Buffer *m)
+{
+ monitor_permit_authentications(1);
+
+ authctxt->role = buffer_get_string(m, NULL);
+ debug3("%s: role=%s",
+ __func__, authctxt->role);
+
+ if (strlen(authctxt->role) == 0) {
+ xfree(authctxt->role);
+ authctxt->role = NULL;
+ }
+
+ return (0);
+} +}
+ +
+/* Setup environment variables for pam_selinux */ +int
+static int mm_answer_authpassword(int sock, Buffer *m)
+ssh_selinux_setup_pam_variables(void)
+{
+ const char *reqlvl;
+ char *role;
+ char *use_current;
+ int rv;
+
+ debug3("%s: setting execution context", __func__);
+
+ ssh_selinux_get_role_level(&role, &reqlvl);
+
+ rv = do_pam_putenv("SELINUX_ROLE_REQUESTED", role ? role : "");
+
+ if (inetd_flag && !rexeced_flag) {
+ use_current = "1";
+ } else {
+ use_current = "";
+ rv = rv || do_pam_putenv("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: "");
+ }
+
+ rv = rv || do_pam_putenv("SELINUX_USE_CURRENT_RANGE", use_current);
+
+ if (role != NULL)
+ xfree(role);
+
+ return rv;
}
/* Set the execution context to the default for the specified user */
void
ssh_selinux_setup_exec_context(char *pwname)
{ {
+ int r = 0; static int call_count;
+ security_context_t default_ctx = NULL; @@ -1080,7 +1100,7 @@ static int
security_context_t user_ctx = NULL; monitor_valid_userblob(u_char *data, u_int datalen)
{
Buffer b;
- char *p;
+ char *p, *r;
u_int len;
int fail = 0;
if (!ssh_selinux_enabled()) @@ -1106,6 +1126,8 @@ monitor_valid_userblob(u_char *data, u_i
return; if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
fail++;
+ if (options.use_pam) { p = buffer_get_string(&b, NULL);
+ /* do not compute context, just setup environment for pam_selinux */ + if ((r = strchr(p, '/')) != NULL)
+ if (ssh_selinux_setup_pam_variables()) { + *r = '\0';
+ switch (security_getenforce()) { if (strcmp(authctxt->user, p) != 0) {
+ case -1: logit("wrong user name passed to monitor: expected %s != %.100s",
+ fatal("%s: security_getenforce() failed", __func__); authctxt->user, p);
+ case 0: @@ -1137,7 +1159,7 @@ monitor_valid_hostbasedblob(u_char *data
+ error("%s: SELinux PAM variable setup failure. Continuing in permissive mode.", char *chost)
+ __func__); {
+ break; Buffer b;
+ default: - char *p;
+ fatal("%s: SELinux PAM variable setup failure. Aborting connection.", + char *p, *r;
+ __func__); u_int len;
+ } int fail = 0;
+ }
+ return;
+ }
+
debug3("%s: setting execution context", __func__);
- user_ctx = ssh_selinux_getctxbyname(pwname);
- if (setexeccon(user_ctx) != 0) {
+ r = ssh_selinux_getctxbyname(pwname, &default_ctx, &user_ctx);
+ if (r >= 0) {
+ r = setexeccon(user_ctx);
+ if (r < 0) {
+ error("%s: Failed to set SELinux execution context %s for %s",
+ __func__, user_ctx, pwname);
+ }
+#ifdef HAVE_SETKEYCREATECON
+ else if (setkeycreatecon(user_ctx) < 0) {
+ error("%s: Failed to set SELinux keyring creation context %s for %s",
+ __func__, user_ctx, pwname);
+ }
+#endif
+ }
+ if (user_ctx == NULL) {
+ user_ctx = default_ctx;
+ }
+ if (r < 0 || user_ctx != default_ctx) {
+ /* audit just the case when user changed a role or there was
+ a failure */
+ send_audit_message(r >= 0, default_ctx, user_ctx);
+ }
+ if (r < 0) {
switch (security_getenforce()) {
case -1:
fatal("%s: security_getenforce() failed", __func__);
case 0:
- error("%s: Failed to set SELinux execution "
- "context for %s", __func__, pwname);
+ error("%s: SELinux failure. Continuing in permissive mode.",
+ __func__);
break;
default:
- fatal("%s: Failed to set SELinux execution context "
- "for %s (in enforcing mode)", __func__, pwname);
+ fatal("%s: SELinux failure. Aborting connection.",
+ __func__);
}
}
- if (user_ctx != NULL)
+ if (user_ctx != NULL && user_ctx != default_ctx)
freecon(user_ctx);
+ if (default_ctx != NULL)
+ freecon(default_ctx);
debug3("%s: done", __func__);
}
@@ -141,7 +439,10 @@ ssh_selinux_setup_pty(char *pwname, cons
debug3("%s: setting TTY context on %s", __func__, tty);
- user_ctx = ssh_selinux_getctxbyname(pwname);
+ if (getexeccon(&user_ctx) < 0) {
+ error("%s: getexeccon: %s", __func__, strerror(errno));
+ goto out;
+ }
/* XXX: should these calls fatal() upon failure in enforcing mode? */
@@ -1154,6 +1176,8 @@ monitor_valid_hostbasedblob(u_char *data
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
fail++;
p = buffer_get_string(&b, NULL);
+ if ((r = strchr(p, '/')) != NULL)
+ *r = '\0';
if (strcmp(authctxt->user, p) != 0) {
logit("wrong user name passed to monitor: expected %s != %.100s",
authctxt->user, p);

219
openssh-5.2p1-vendor.patch
View File

@ -1,54 +1,7 @@
diff -up openssh-5.2p1/configure.ac.vendor openssh-5.2p1/configure.ac diff -up openssh-5.2p1/configure.ac.vendor openssh-5.2p1/configure.ac
--- openssh-5.2p1/configure.ac.vendor 2009-03-10 03:51:54.862255585 +0100 --- openssh-5.2p1/configure.ac.vendor 2008-07-23 14:13:22.000000000 +0200
+++ openssh-5.2p1/configure.ac 2009-03-10 03:51:55.850215090 +0100 +++ openssh-5.2p1/configure.ac 2008-07-23 14:13:22.000000000 +0200
@@ -3335,11 +3335,25 @@ AC_ARG_WITH(selinux, @@ -3890,6 +3890,12 @@ AC_ARG_WITH(lastlog,
AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
AC_MSG_ERROR(SELinux support requires libselinux library))
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+ LIBS="$LIBS $LIBSELINUX"
AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
+ AC_CHECK_FUNCS(setkeycreatecon)
LIBS="$save_LIBS"
fi ]
)
+# Check whether user wants Linux audit support
+LINUX_AUDIT_MSG="no"
+AC_ARG_WITH(linux-audit,
+ [ --with-linux-audit Enable Linux audit support],
+ [ if test "x$withval" != "xno" ; then
+ AC_DEFINE(HAVE_LINUX_AUDIT,1,[Define if you want Linux audit support.])
+ LINUX_AUDIT_MSG="yes"
+ AC_CHECK_HEADERS(libaudit.h)
+ SSHDLIBS="$SSHDLIBS -laudit"
+ fi ]
+)
+
# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
AC_ARG_WITH(kerberos5,
@@ -3448,6 +3462,20 @@ AC_ARG_WITH(kerberos5,
]
)
+# Check whether user wants NSS support
+LIBNSS_MSG="no"
+AC_ARG_WITH(nss,
+ [ --with-nss Enable NSS support],
+ [ if test "x$withval" != "xno" ; then
+ AC_DEFINE(HAVE_LIBNSS,1,[Define if you want NSS support.])
+ LIBNSS_MSG="yes"
+ CPPFLAGS="$CPPFLAGS -I/usr/include/nss3 -I/usr/include/nspr4"
+ AC_CHECK_HEADERS(pk11pub.h)
+ LIBS="$LIBS -lnss3"
+ fi
+ ])
+AC_SUBST(LIBNSS)
+
# Looking for programs, paths and files
PRIVSEP_PATH=/var/empty
@@ -3916,6 +3944,12 @@ AC_ARG_WITH(lastlog,
fi fi
] ]
) )
@ -61,19 +14,7 @@ diff -up openssh-5.2p1/configure.ac.vendor openssh-5.2p1/configure.ac
dnl lastlog, [uw]tmpx? detection dnl lastlog, [uw]tmpx? detection
dnl NOTE: set the paths in the platform section to avoid the dnl NOTE: set the paths in the platform section to avoid the
@@ -4162,16 +4196,19 @@ echo " PAM support @@ -4146,6 +4152,7 @@ echo " IP address in \$DISPLAY hac
echo " OSF SIA support: $SIA_MSG"
echo " KerberosV support: $KRB5_MSG"
echo " SELinux support: $SELINUX_MSG"
+echo " Linux audit support: $LINUX_AUDIT_MSG"
echo " Smartcard support: $SCARD_MSG"
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
echo " MD5 password support: $MD5_MSG"
echo " libedit support: $LIBEDIT_MSG"
echo " Solaris process contract support: $SPC_MSG"
+echo " NSS support: $LIBNSS_MSG"
echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
echo " BSD Auth support: $BSD_AUTH_MSG" echo " BSD Auth support: $BSD_AUTH_MSG"
echo " Random number source: $RAND_MSG" echo " Random number source: $RAND_MSG"
@ -81,9 +22,38 @@ diff -up openssh-5.2p1/configure.ac.vendor openssh-5.2p1/configure.ac
if test ! -z "$USE_RAND_HELPER" ; then if test ! -z "$USE_RAND_HELPER" ; then
echo " ssh-rand-helper collects from: $RAND_HELPER_MSG" echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
fi fi
diff -up openssh-5.2p1/sshd_config.5.vendor openssh-5.2p1/sshd_config.5
--- openssh-5.2p1/sshd_config.5.vendor 2008-07-23 14:13:22.000000000 +0200
+++ openssh-5.2p1/sshd_config.5 2008-07-23 14:19:23.000000000 +0200
@@ -812,6 +812,14 @@ This option applies to protocol version
.It Cm ServerKeyBits
Defines the number of bits in the ephemeral protocol version 1 server key.
The minimum value is 512, and the default is 1024.
+.It Cm ShowPatchLevel
+Specifies whether
+.Nm sshd
+will display the patch level of the binary in the identification string.
+The patch level is set at compile-time.
+The default is
+.Dq no .
+This option applies to protocol version 1 only.
.It Cm StrictModes
Specifies whether
.Xr sshd 8
diff -up openssh-5.2p1/servconf.h.vendor openssh-5.2p1/servconf.h
--- openssh-5.2p1/servconf.h.vendor 2008-06-10 15:01:51.000000000 +0200
+++ openssh-5.2p1/servconf.h 2008-07-23 14:13:22.000000000 +0200
@@ -126,6 +126,7 @@ typedef struct {
int max_authtries;
int max_sessions;
char *banner; /* SSH-2 banner message */
+ int show_patchlevel; /* Show vendor patch level to clients */
int use_dns;
int client_alive_interval; /*
* poke the client this often to
diff -up openssh-5.2p1/servconf.c.vendor openssh-5.2p1/servconf.c diff -up openssh-5.2p1/servconf.c.vendor openssh-5.2p1/servconf.c
--- openssh-5.2p1/servconf.c.vendor 2009-01-28 06:31:23.000000000 +0100 --- openssh-5.2p1/servconf.c.vendor 2008-07-04 05:51:12.000000000 +0200
+++ openssh-5.2p1/servconf.c 2009-03-10 03:51:54.956273911 +0100 +++ openssh-5.2p1/servconf.c 2008-07-23 14:32:27.000000000 +0200
@@ -117,6 +117,7 @@ initialize_server_options(ServerOptions @@ -117,6 +117,7 @@ initialize_server_options(ServerOptions
options->max_authtries = -1; options->max_authtries = -1;
options->max_sessions = -1; options->max_sessions = -1;
@ -138,21 +108,10 @@ diff -up openssh-5.2p1/servconf.c.vendor openssh-5.2p1/servconf.c
dump_cfg_fmtint(sUseDNS, o->use_dns); dump_cfg_fmtint(sUseDNS, o->use_dns);
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
diff -up openssh-5.2p1/servconf.h.vendor openssh-5.2p1/servconf.h
--- openssh-5.2p1/servconf.h.vendor 2009-01-28 06:31:23.000000000 +0100
+++ openssh-5.2p1/servconf.h 2009-03-10 03:51:54.933236643 +0100
@@ -128,6 +128,7 @@ typedef struct {
int max_authtries;
int max_sessions;
char *banner; /* SSH-2 banner message */
+ int show_patchlevel; /* Show vendor patch level to clients */
int use_dns;
int client_alive_interval; /*
* poke the client this often to
diff -up openssh-5.2p1/sshd_config.0.vendor openssh-5.2p1/sshd_config.0 diff -up openssh-5.2p1/sshd_config.0.vendor openssh-5.2p1/sshd_config.0
--- openssh-5.2p1/sshd_config.0.vendor 2009-03-10 03:51:54.775230993 +0100 --- openssh-5.2p1/sshd_config.0.vendor 2008-07-23 14:13:22.000000000 +0200
+++ openssh-5.2p1/sshd_config.0 2009-03-10 03:51:54.958364611 +0100 +++ openssh-5.2p1/sshd_config.0 2008-07-23 14:13:22.000000000 +0200
@@ -467,6 +467,11 @@ DESCRIPTION @@ -466,6 +466,11 @@ DESCRIPTION
Defines the number of bits in the ephemeral protocol version 1 Defines the number of bits in the ephemeral protocol version 1
server key. The minimum value is 512, and the default is 1024. server key. The minimum value is 512, and the default is 1024.
@ -164,27 +123,9 @@ diff -up openssh-5.2p1/sshd_config.0.vendor openssh-5.2p1/sshd_config.0
StrictModes StrictModes
Specifies whether sshd(8) should check file modes and ownership Specifies whether sshd(8) should check file modes and ownership
of the user's files and home directory before accepting login. of the user's files and home directory before accepting login.
diff -up openssh-5.2p1/sshd_config.5.vendor openssh-5.2p1/sshd_config.5
--- openssh-5.2p1/sshd_config.5.vendor 2009-03-10 03:51:54.785628316 +0100
+++ openssh-5.2p1/sshd_config.5 2009-03-10 03:51:54.931352756 +0100
@@ -814,6 +814,14 @@ This option applies to protocol version
.It Cm ServerKeyBits
Defines the number of bits in the ephemeral protocol version 1 server key.
The minimum value is 512, and the default is 1024.
+.It Cm ShowPatchLevel
+Specifies whether
+.Nm sshd
+will display the patch level of the binary in the identification string.
+The patch level is set at compile-time.
+The default is
+.Dq no .
+This option applies to protocol version 1 only.
.It Cm StrictModes
Specifies whether
.Xr sshd 8
diff -up openssh-5.2p1/sshd_config.vendor openssh-5.2p1/sshd_config diff -up openssh-5.2p1/sshd_config.vendor openssh-5.2p1/sshd_config
--- openssh-5.2p1/sshd_config.vendor 2009-03-10 03:51:54.747256884 +0100 --- openssh-5.2p1/sshd_config.vendor 2008-07-23 14:13:22.000000000 +0200
+++ openssh-5.2p1/sshd_config 2009-03-10 03:51:54.960221540 +0100 +++ openssh-5.2p1/sshd_config 2008-07-23 14:13:22.000000000 +0200
@@ -112,6 +112,7 @@ X11Forwarding yes @@ -112,6 +112,7 @@ X11Forwarding yes
#Compression delayed #Compression delayed
#ClientAliveInterval 0 #ClientAliveInterval 0
@ -194,18 +135,9 @@ diff -up openssh-5.2p1/sshd_config.vendor openssh-5.2p1/sshd_config
#PidFile /var/run/sshd.pid #PidFile /var/run/sshd.pid
#MaxStartups 10 #MaxStartups 10
diff -up openssh-5.2p1/sshd.c.vendor openssh-5.2p1/sshd.c diff -up openssh-5.2p1/sshd.c.vendor openssh-5.2p1/sshd.c
--- openssh-5.2p1/sshd.c.vendor 2009-01-28 06:31:23.000000000 +0100 --- openssh-5.2p1/sshd.c.vendor 2008-07-11 09:36:49.000000000 +0200
+++ openssh-5.2p1/sshd.c 2009-03-10 03:51:56.224238563 +0100 +++ openssh-5.2p1/sshd.c 2008-07-23 14:35:43.000000000 +0200
@@ -76,6 +76,8 @@ @@ -416,7 +416,7 @@ sshd_exchange_identification(int sock_in
#include <openssl/bn.h>
#include <openssl/md5.h>
#include <openssl/rand.h>
+#include <openssl/fips.h>
+#include <fipscheck.h>
#include "openbsd-compat/openssl-compat.h"
#ifdef HAVE_SECUREWARE
@@ -415,7 +417,7 @@ sshd_exchange_identification(int sock_in
minor = PROTOCOL_MINOR_1; minor = PROTOCOL_MINOR_1;
} }
snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
@ -214,40 +146,7 @@ diff -up openssh-5.2p1/sshd.c.vendor openssh-5.2p1/sshd.c
server_version_string = xstrdup(buf); server_version_string = xstrdup(buf);
/* Send our protocol version identification. */ /* Send our protocol version identification. */
@@ -590,6 +592,10 @@ privsep_preauth_child(void) @@ -1484,7 +1484,8 @@ main(int ac, char **av)
/* Demote the private keys to public keys. */
demote_sensitive_data();
+ /* Open the syslog permanently so the chrooted process still
+ can write to syslog. */
+ open_log();
+
/* Change our root directory */
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
@@ -1256,6 +1262,12 @@ main(int ac, char **av)
(void)set_auth_parameters(ac, av);
#endif
__progname = ssh_get_progname(av[0]);
+
+ SSLeay_add_all_algorithms();
+ if (FIPS_mode() && !FIPSCHECK_verify(NULL, NULL)) {
+ fatal("FIPS integrity verification test failed.");
+ }
+
init_rng();
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
@@ -1408,8 +1420,6 @@ main(int ac, char **av)
else
closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
- SSLeay_add_all_algorithms();
-
/*
* Force logging to stderr until we have loaded the private host
* key (unless started from inetd)
@@ -1483,7 +1493,8 @@ main(int ac, char **av)
exit(1); exit(1);
} }
@ -257,33 +156,3 @@ diff -up openssh-5.2p1/sshd.c.vendor openssh-5.2p1/sshd.c
/* Store privilege separation user for later use if required. */ /* Store privilege separation user for later use if required. */
if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
@@ -1894,6 +1905,9 @@ main(int ac, char **av)
restore_uid();
}
#endif
+#ifdef WITH_SELINUX
+ ssh_selinux_setup_exec_context(authctxt->pw->pw_name);
+#endif
#ifdef USE_PAM
if (options.use_pam) {
do_pam_setcred(1);
@@ -2174,6 +2188,9 @@ do_ssh2_kex(void)
if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
+ } else if (FIPS_mode()) {
+ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+ myproposal[PROPOSAL_ENC_ALGS_STOC] = KEX_FIPS_ENCRYPT;
}
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
@@ -2183,6 +2200,9 @@ do_ssh2_kex(void)
if (options.macs != NULL) {
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
+ } else if (FIPS_mode()) {
+ myproposal[PROPOSAL_MAC_ALGS_CTOS] =
+ myproposal[PROPOSAL_MAC_ALGS_STOC] = KEX_FIPS_MAC;
}
if (options.compression == COMP_NONE) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =