vishalmishra434 / rpms / openssh

Forked from rpms/openssh a month ago
Clone
Source Code
GIT

Blame openssh-5.8p1-keycat2.patch

c10s-sig-hyperscale c10s-sig-hyperscale-2 c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   6ab8504ea24ac1065c62914088fdc1caa058b90b
  2.   openssh-5.8p1-keycat2.patch
Blob History Raw
Jan F 1499a2 
diff -up openssh-5.8p1/auth2-pubkey.c.keycat2 openssh-5.8p1/auth2-pubkey.c
Jan F 1499a2 
--- openssh-5.8p1/auth2-pubkey.c.keycat2	2011-03-01 06:57:03.000000000 +0100
Jan F 1499a2 
+++ openssh-5.8p1/auth2-pubkey.c	2011-03-01 07:25:04.000000000 +0100
Jan F 1499a2 
@@ -579,6 +579,14 @@ user_key_via_command_allowed2(struct pas
Jan F 1499a2 
 			close(i);
Jan F 1499a2 
 		}
Jan F 1499a2
Jan F 1499a2 
+#ifdef WITH_SELINUX
Jan F 1499a2 
+		if (ssh_selinux_setup_env_variables() < 0) {
Jan F 1499a2 
+			error ("failed to copy environment:  %s",
Jan F 1499a2 
+			    strerror(errno));
Jan F 1499a2 
+			_exit(127);
Jan F 1499a2 
+		}
Jan F 1499a2 
+#endif
Jan F 1499a2 
+
Jan F 1499a2 
 		execl(options.authorized_keys_command, options.authorized_keys_command, pw->pw_name, NULL);
Jan F 1499a2
Jan F 1499a2 
 		/* if we got here, it didn't work */
Jan F 1499a2 
diff -up openssh-5.8p1/openbsd-compat/port-linux.c.keycat2 openssh-5.8p1/openbsd-compat/port-linux.c
Jan F 1499a2 
--- openssh-5.8p1/openbsd-compat/port-linux.c.keycat2	2011-03-01 07:00:32.000000000 +0100
Jan F 1499a2 
+++ openssh-5.8p1/openbsd-compat/port-linux.c	2011-03-01 07:23:13.000000000 +0100
Jan F 1499a2 
@@ -309,7 +309,7 @@ ssh_selinux_getctxbyname(char *pwname,
Jan F 1499a2
Jan F 1499a2 
 /* Setup environment variables for pam_selinux */
Jan F 1499a2 
 static int
Jan F 1499a2 
-ssh_selinux_setup_pam_variables(void)
Jan F 1499a2 
+ssh_selinux_setup_variables(int(*set_it)(const char *, const char *))
Jan F 1499a2 
 {
Jan F 1499a2 
 	const char *reqlvl;
Jan F 1499a2 
 	char *role;
Jan F 1499a2 
@@ -320,16 +320,16 @@ ssh_selinux_setup_pam_variables(void)
Jan F 1499a2
Jan F 1499a2 
 	ssh_selinux_get_role_level(&role, &reqlvl);
Jan F 1499a2
Jan F 1499a2 
-	rv = do_pam_putenv("SELINUX_ROLE_REQUESTED", role ? role : "");
Jan F 1499a2 
+	rv = set_it("SELINUX_ROLE_REQUESTED", role ? role : "");
Jan F 1499a2
Jan F 1499a2 
 	if (inetd_flag && !rexeced_flag) {
Jan F 1499a2 
 		use_current = "1";
Jan F 1499a2 
 	} else {
Jan F 1499a2 
 		use_current = "";
Jan F 1499a2 
-		rv = rv || do_pam_putenv("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: "");
Jan F 1499a2 
+		rv = rv || set_it("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: "");
Jan F 1499a2 
 	}
Jan F 1499a2
Jan F 1499a2 
-	rv = rv || do_pam_putenv("SELINUX_USE_CURRENT_RANGE", use_current);
Jan F 1499a2 
+	rv = rv || set_it("SELINUX_USE_CURRENT_RANGE", use_current);
Jan F 1499a2
Jan F 1499a2 
 	if (role != NULL)
Jan F 1499a2 
 		xfree(role);
Jan F 1499a2 
@@ -337,6 +337,24 @@ ssh_selinux_setup_pam_variables(void)
Jan F 1499a2 
 	return rv;
Jan F 1499a2 
 }
Jan F 1499a2
Jan F 1499a2 
+static int
Jan F 1499a2 
+ssh_selinux_setup_pam_variables(void)
Jan F 1499a2 
+{
Jan F 1499a2 
+	return ssh_selinux_setup_variables(do_pam_putenv);
Jan F 1499a2 
+}
Jan F 1499a2 
+
Jan F 1499a2 
+static int
Jan F 1499a2 
+do_setenv(char *name, char *value)
Jan F 1499a2 
+{
Jan F 1499a2 
+	return setenv(name, value, 1);
Jan F 1499a2 
+}
Jan F 1499a2 
+
Jan F 1499a2 
+int
Jan F 1499a2 
+ssh_selinux_setup_env_variables(void)
Jan F 1499a2 
+{
Jan F 1499a2 
+	return ssh_selinux_setup_variables(do_setenv);
Jan F 1499a2 
+}
Jan F 1499a2 
+
Jan F 1499a2 
 /* Set the execution context to the default for the specified user */
Jan F 1499a2 
 void
Jan F 1499a2 
 ssh_selinux_setup_exec_context(char *pwname)
Jan F 1499a2 
diff -up openssh-5.8p1/ssh-keycat.c.keycat2 openssh-5.8p1/ssh-keycat.c
Jan F 1499a2 
--- openssh-5.8p1/ssh-keycat.c.keycat2	2011-03-01 06:56:02.000000000 +0100
Jan F 1499a2 
+++ openssh-5.8p1/ssh-keycat.c	2011-03-01 06:56:02.000000000 +0100
Jan F 1499a2 
@@ -65,6 +65,7 @@
Jan F 1499a2 
 #define ERR_FDOPEN 10
Jan F 1499a2 
 #define ERR_STAT 11
Jan F 1499a2 
 #define ERR_WRITE 12
Jan F 1499a2 
+#define ERR_PAM_PUTENV 13
Jan F 1499a2 
 #define BUFLEN 4096
Jan F 1499a2
Jan F 1499a2 
 /* Just ignore the messages in the conversation function */
Jan F 1499a2 
@@ -166,6 +167,34 @@ fail:
Jan F 1499a2 
 	return rv;
Jan F 1499a2 
 }
Jan F 1499a2
Jan F 1499a2 
+static const char *env_names[] = { "SELINUX_ROLE_REQUESTED",
Jan F 1499a2 
+	"SELINUX_LEVEL_REQUESTED",
Jan F 1499a2 
+	"SELINUX_USE_CURRENT_RANGE"
Jan F 1499a2 
+};
Jan F 1499a2 
+
Jan F 1499a2 
+extern char **environ;
Jan F 1499a2 
+
Jan F 1499a2 
+int
Jan F 1499a2 
+set_pam_environment(pam_handle_t *pamh)
Jan F 1499a2 
+{
Jan F 1499a2 
+	int i;
Jan F 1499a2 
+	size_t j;
Jan F 1499a2 
+
Jan F 1499a2 
+	for (j = 0; j < sizeof(env_names)/sizeof(env_names[0]); ++j) {
Jan F 1499a2 
+		int len = strlen(env_names[j]);
Jan F 1499a2 
+
Jan F 1499a2 
+		for (i = 0; environ[i] != NULL; ++i) {
Jan F 1499a2 
+			if (strncmp(env_names[j], environ[i], len) == 0 &&
Jan F 1499a2 
+			    environ[i][len] == '=') {
Jan F 1499a2 
+				if (pam_putenv(pamh, environ[i]) != PAM_SUCCESS)
Jan F 1499a2 
+					return ERR_PAM_PUTENV;
Jan F 1499a2 
+			}
Jan F 1499a2 
+		}
Jan F 1499a2 
+	}
Jan F 1499a2 
+
Jan F 1499a2 
+	return 0;
Jan F 1499a2 
+}
Jan F 1499a2 
+
Jan F 1499a2 
 int
Jan F 1499a2 
 main(int argc, char *argv[])
Jan F 1499a2 
 {
Jan F 1499a2 
@@ -183,6 +212,10 @@ main(int argc, char *argv[])
Jan F 1499a2 
 		return ERR_PAM_START;
Jan F 1499a2 
 	}
Jan F 1499a2
Jan F 1499a2 
+	ev = set_pam_environment(pamh);
Jan F 1499a2 
+	if (ev != 0)
Jan F 1499a2 
+		goto finish;
Jan F 1499a2 
+
Jan F 1499a2 
 	retval = pam_open_session(pamh, PAM_SILENT);
Jan F 1499a2 
 	if (retval != PAM_SUCCESS) {
Jan F 1499a2 
 		ev = ERR_OPEN_SESSION;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation