/[smeserver]/rpms/sudo/sme9/sudo-1.8.6p3-pam_servicebackport.patch
ViewVC logotype

Annotation of /rpms/sudo/sme9/sudo-1.8.6p3-pam_servicebackport.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Thu Feb 4 19:44:30 2021 UTC (3 years, 8 months ago) by jpp
Branch: MAIN
CVS Tags: sudo-1_8_6p3-30_el6_sme, sudo-1_8_6p3-29_el6_9, HEAD
Sudo

1 jpp 1.1 diff -up sudo-1.8.6p3/configure.in.pam_servicebackport sudo-1.8.6p3/configure.in
2     --- sudo-1.8.6p3/configure.in.pam_servicebackport 2015-12-07 15:19:07.851873967 +0100
3     +++ sudo-1.8.6p3/configure.in 2015-12-07 15:19:07.861873967 +0100
4     @@ -118,6 +118,7 @@ AC_SUBST([nsswitch_conf])
5     AC_SUBST([netsvc_conf])
6     AC_SUBST([secure_path])
7     AC_SUBST([editor])
8     +AC_SUBST([pam_login_service])
9     #
10     # Begin initial values for man page substitution
11     #
12     @@ -157,6 +158,7 @@ netsvc_conf=/etc/netsvc.conf
13     noexec_file=/usr/local/libexec/sudo_noexec.so
14     nsswitch_conf=/etc/nsswitch.conf
15     secure_path="not set"
16     +pam_login_service=sudo
17     #
18     # End initial values for man page substitution
19     #
20     @@ -2690,6 +2692,7 @@ if test ${with_pam-"no"} != "no"; then
21     yes) AC_DEFINE([HAVE_PAM_LOGIN])
22     AC_MSG_CHECKING(whether to use PAM login)
23     AC_MSG_RESULT(yes)
24     + pam_login_service="sudo-i"
25     ;;
26     no) ;;
27     *) AC_MSG_ERROR(["--with-pam-login does not take an argument."])
28     diff -up sudo-1.8.6p3/configure.pam_servicebackport sudo-1.8.6p3/configure
29     --- sudo-1.8.6p3/configure.pam_servicebackport 2012-09-18 15:59:16.000000000 +0200
30     +++ sudo-1.8.6p3/configure 2015-12-07 15:19:07.863873967 +0100
31     @@ -658,6 +658,7 @@ OBJEXT
32     EXEEXT
33     ac_ct_CC
34     CC
35     +pam_login_service
36     editor
37     secure_path
38     netsvc_conf
39     @@ -2955,6 +2956,7 @@ netsvc_conf=/etc/netsvc.conf
40     noexec_file=/usr/local/libexec/sudo_noexec.so
41     nsswitch_conf=/etc/nsswitch.conf
42     secure_path="not set"
43     +pam_login_service=sudo
44     #
45     # End initial values for man page substitution
46     #
47     @@ -18609,6 +18611,7 @@ if test "${with_pam_login+set}" = set; t
48     $as_echo_n "checking whether to use PAM login... " >&6; }
49     { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
50     $as_echo "yes" >&6; }
51     + pam_login_service="sudo-i"
52     ;;
53     no) ;;
54     *) as_fn_error $? "\"--with-pam-login does not take an argument.\"" "$LINENO" 5
55     diff -up sudo-1.8.6p3/doc/sudoers.cat.pam_servicebackport sudo-1.8.6p3/doc/sudoers.cat
56     --- sudo-1.8.6p3/doc/sudoers.cat.pam_servicebackport 2015-12-07 15:19:07.852873967 +0100
57     +++ sudo-1.8.6p3/doc/sudoers.cat 2015-12-07 15:19:07.863873967 +0100
58     @@ -1217,6 +1217,18 @@ SSUUDDOOEERRSS OOPPTTIIOONN
59     noexec file should now be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f
60     file.
61    
62     + pam_login_service
63     + On systems that use PAM for authentication, this is the
64     + service name used when the -^H-i^Hi option is specified. The
65     + default value is ``sudo''. See the description of
66     + _^Hp_^Ha_^Hm_^H__^Hs_^He_^Hr_^Hv_^Hi_^Hc_^He for more information.
67     +
68     + pam_service On systems that use PAM for authentication, the service
69     + name specifies the PAM policy to apply. This usually
70     + corresponds to an entry in the _^Hp_^Ha_^Hm_^H._^Hc_^Ho_^Hn_^Hf file or a fi
71     + in the _^H/_^He_^Ht_^Hc_^H/_^Hp_^Ha_^Hm_^H._^Hd directory. The default valu
72     + ``sudo''.
73     +
74     passprompt The default prompt to use when asking for a password;
75     can be overridden via the --pp option or the SUDO_PROMPT
76     environment variable. The following percent (`%')
77     diff -up sudo-1.8.6p3/doc/sudoers.man.in.pam_servicebackport sudo-1.8.6p3/doc/sudoers.man.in
78     --- sudo-1.8.6p3/doc/sudoers.man.in.pam_servicebackport 2015-12-07 15:19:07.852873967 +0100
79     +++ sudo-1.8.6p3/doc/sudoers.man.in 2015-12-07 15:19:07.864873966 +0100
80     @@ -2587,6 +2587,29 @@ The path to the noexec file should now b
81     \fI@sysconfdir@/sudo.conf\fR
82     file.
83     .TP 18n
84     +pam_login_service
85     +.br
86     +On systems that use PAM for authentication, this is the service
87     +name used when the
88     +\fB\-i\fR
89     +option is specified.
90     +The default value is
91     +``\fR@pam_login_service@\fR''.
92     +See the description of
93     +\fIpam_service\fR
94     +for more information.
95     +.TP 18n
96     +pam_service
97     +On systems that use PAM for authentication, the service name
98     +specifies the PAM policy to apply.
99     +This usually corresponds to an entry in the
100     +\fIpam.conf\fR
101     +file or a file in the
102     +\fI/etc/pam.d\fR
103     +directory.
104     +The default value is
105     +``\fRsudo\fR''.
106     +.TP 18n
107     passprompt
108     The default prompt to use when asking for a password; can be overridden via the
109     \fB\-p\fR
110     diff -up sudo-1.8.6p3/doc/sudoers.mdoc.in.pam_servicebackport sudo-1.8.6p3/doc/sudoers.mdoc.in
111     --- sudo-1.8.6p3/doc/sudoers.mdoc.in.pam_servicebackport 2015-12-07 15:19:07.853873967 +0100
112     +++ sudo-1.8.6p3/doc/sudoers.mdoc.in 2015-12-07 15:19:07.864873966 +0100
113     @@ -2429,6 +2429,26 @@ This option is no longer supported.
114     The path to the noexec file should now be set in the
115     .Pa @sysconfdir@/sudo.conf
116     file.
117     +.It pam_login_service
118     +On systems that use PAM for authentication, this is the service
119     +name used when the
120     +.Fl i
121     +option is specified.
122     +The default value is
123     +.Dq Li @pam_login_service@ .
124     +See the description of
125     +.Em pam_service
126     +for more information.
127     +.It pam_service
128     +On systems that use PAM for authentication, the service name
129     +specifies the PAM policy to apply.
130     +This usually corresponds to an entry in the
131     +.Pa pam.conf
132     +file or a file in the
133     +.Pa /etc/pam.d
134     +directory.
135     +The default value is
136     +.Dq Li sudo .
137     .It passprompt
138     The default prompt to use when asking for a password; can be overridden via the
139     .Fl p
140     diff -up sudo-1.8.6p3/plugins/sudoers/auth/pam.c.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/auth/pam.c
141     --- sudo-1.8.6p3/plugins/sudoers/auth/pam.c.pam_servicebackport 2015-12-07 15:19:07.841873968 +0100
142     +++ sudo-1.8.6p3/plugins/sudoers/auth/pam.c 2015-12-07 15:19:07.864873966 +0100
143     @@ -90,12 +90,8 @@ sudo_pam_init(struct passwd *pw, sudo_au
144     if (auth != NULL)
145     auth->data = (void *) &pam_status;
146     pam_conv.conv = converse;
147     -#ifdef HAVE_PAM_LOGIN
148     - if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
149     - pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh);
150     - else
151     -#endif
152     - pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
153     + pam_status = pam_start(ISSET(sudo_mode, MODE_LOGIN_SHELL) ?
154     + def_pam_login_service : def_pam_service, pw->pw_name, &pam_conv, &pamh);
155     if (pam_status != PAM_SUCCESS) {
156     log_error(USE_ERRNO|NO_MAIL, _("unable to initialize PAM"));
157     debug_return_int(AUTH_FATAL);
158     diff -up sudo-1.8.6p3/plugins/sudoers/defaults.c.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/defaults.c
159     --- sudo-1.8.6p3/plugins/sudoers/defaults.c.pam_servicebackport 2015-12-07 15:19:07.856873967 +0100
160     +++ sudo-1.8.6p3/plugins/sudoers/defaults.c 2015-12-07 15:19:07.864873966 +0100
161     @@ -424,6 +424,13 @@ init_defaults(void)
162     def_env_reset = ENV_RESET;
163     def_set_logname = true;
164     def_closefrom = STDERR_FILENO + 1;
165     + def_pam_service = estrdup("sudo");
166     +#ifdef HAVE_PAM_LOGIN
167     + def_pam_login_service = estrdup("sudo-i");
168     +#else
169     + def_pam_login_service = estrdup("sudo");
170     +#endif
171     +
172    
173     /* Syslog options need special care since they both strings and ints */
174     #if (LOGGING & SLOG_SYSLOG)
175     diff -up sudo-1.8.6p3/plugins/sudoers/def_data.c.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/def_data.c
176     --- sudo-1.8.6p3/plugins/sudoers/def_data.c.pam_servicebackport 2015-12-07 15:19:07.864873966 +0100
177     +++ sudo-1.8.6p3/plugins/sudoers/def_data.c 2015-12-07 16:10:44.248663975 +0100
178     @@ -363,6 +363,14 @@ struct sudo_defs_types sudo_defs_table[]
179     N_("Use both user and host/domain fields when matching netgroups"),
180     NULL,
181     }, {
182     + "pam_service", T_STR,
183     + N_("PAM service name to use"),
184     + NULL,
185     + }, {
186     + "pam_login_service", T_STR,
187     + N_("PAM service name to use for login shells"),
188     + NULL,
189     + }, {
190     NULL, 0, NULL
191     }
192     };
193     diff -up sudo-1.8.6p3/plugins/sudoers/def_data.h.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/def_data.h
194     --- sudo-1.8.6p3/plugins/sudoers/def_data.h.pam_servicebackport 2015-12-07 15:19:07.865873966 +0100
195     +++ sudo-1.8.6p3/plugins/sudoers/def_data.h 2015-12-07 16:01:48.880700283 +0100
196     @@ -168,6 +168,11 @@
197     #define I_LEGACY_GROUP_PROCESSING 83
198     #define def_netgroup_tuple (sudo_defs_table[84].sd_un.flag)
199     #define I_NETGROUP_TUPLE 84
200     +#define def_pam_service (sudo_defs_table[85].sd_un.str)
201     +#define I_PAM_SERVICE 85
202     +#define def_pam_login_service (sudo_defs_table[86].sd_un.str)
203     +#define I_PAM_LOGIN_SERVICE 86
204     +
205    
206     enum def_tuple {
207     never,
208     diff -up sudo-1.8.6p3/plugins/sudoers/def_data.in.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/def_data.in
209     --- sudo-1.8.6p3/plugins/sudoers/def_data.in.pam_servicebackport 2012-09-18 15:56:29.000000000 +0200
210     +++ sudo-1.8.6p3/plugins/sudoers/def_data.in 2015-12-07 15:19:07.865873966 +0100
211     @@ -259,3 +259,10 @@ privs
212     limitprivs
213     T_STR
214     "Set of limit privileges"
215     +pam_service
216     + T_STR
217     + "PAM service name to use"
218     +pam_login_service
219     + T_STR
220     + "PAM service name to use for login shells"
221     +

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed