sudo/sme9/sudo-1.8.6p3-pam_servicebackport.patch

diff -up sudo-1.8.6p3/configure.in.pam_servicebackport sudo-1.8.6p3/configure.in
--- sudo-1.8.6p3/configure.in.pam_servicebackport       2015-12-07 15:19:07.851873967 +0100
+++ sudo-1.8.6p3/configure.in   2015-12-07 15:19:07.861873967 +0100
@@ -118,6 +118,7 @@ AC_SUBST([nsswitch_conf])
 AC_SUBST([netsvc_conf])
 AC_SUBST([secure_path])
 AC_SUBST([editor])
+AC_SUBST([pam_login_service])
 #
 # Begin initial values for man page substitution
 #
@@ -157,6 +158,7 @@ netsvc_conf=/etc/netsvc.conf
 noexec_file=/usr/local/libexec/sudo_noexec.so
 nsswitch_conf=/etc/nsswitch.conf
 secure_path="not set"
+pam_login_service=sudo
 #
 # End initial values for man page substitution
 #
@@ -2690,6 +2692,7 @@ if test ${with_pam-"no"} != "no"; then
            yes)        AC_DEFINE([HAVE_PAM_LOGIN])
                        AC_MSG_CHECKING(whether to use PAM login)
                        AC_MSG_RESULT(yes)
+                       pam_login_service="sudo-i"
                        ;;
            no)         ;;
            *)          AC_MSG_ERROR(["--with-pam-login does not take an argument."])
diff -up sudo-1.8.6p3/configure.pam_servicebackport sudo-1.8.6p3/configure
--- sudo-1.8.6p3/configure.pam_servicebackport  2012-09-18 15:59:16.000000000 +0200
+++ sudo-1.8.6p3/configure      2015-12-07 15:19:07.863873967 +0100
@@ -658,6 +658,7 @@ OBJEXT
 EXEEXT
 ac_ct_CC
 CC
+pam_login_service
 editor
 secure_path
 netsvc_conf
@@ -2955,6 +2956,7 @@ netsvc_conf=/etc/netsvc.conf
 noexec_file=/usr/local/libexec/sudo_noexec.so
 nsswitch_conf=/etc/nsswitch.conf
 secure_path="not set"
+pam_login_service=sudo
 #
 # End initial values for man page substitution
 #
@@ -18609,6 +18611,7 @@ if test "${with_pam_login+set}" = set; t
 $as_echo_n "checking whether to use PAM login... " >&6; }
                        { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 $as_echo "yes" >&6; }
+                       pam_login_service="sudo-i"
                        ;;
            no)         ;;
            *)          as_fn_error $? "\"--with-pam-login does not take an argument.\"" "$LINENO" 5
diff -up sudo-1.8.6p3/doc/sudoers.cat.pam_servicebackport sudo-1.8.6p3/doc/sudoers.cat
--- sudo-1.8.6p3/doc/sudoers.cat.pam_servicebackport    2015-12-07 15:19:07.852873967 +0100
+++ sudo-1.8.6p3/doc/sudoers.cat        2015-12-07 15:19:07.863873967 +0100
@@ -1217,6 +1217,18 @@ SSUUDDOOEERRSS OOPPTTIIOONN
                        noexec file should now be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f
                        file.
 
+     pam_login_service
+                       On systems that use PAM for authentication, this is the
+                       service name used when the -^H-i^Hi option is specified.  The
+                       default value is ``sudo''.  See the description of
+                       _^Hp_^Ha_^Hm_^H__^Hs_^He_^Hr_^Hv_^Hi_^Hc_^He for more information.
+
+     pam_service       On systems that use PAM for authentication, the service
+                       name specifies the PAM policy to apply.  This usually
+                       corresponds to an entry in the _^Hp_^Ha_^Hm_^H._^Hc_^Ho_^Hn_^Hf file or a fi
+                       in the _^H/_^He_^Ht_^Hc_^H/_^Hp_^Ha_^Hm_^H._^Hd directory.  The default valu
+                       ``sudo''.
+ 
      passprompt        The default prompt to use when asking for a password;
                        can be overridden via the --pp option or the SUDO_PROMPT
                        environment variable.  The following percent (`%')
diff -up sudo-1.8.6p3/doc/sudoers.man.in.pam_servicebackport sudo-1.8.6p3/doc/sudoers.man.in
--- sudo-1.8.6p3/doc/sudoers.man.in.pam_servicebackport 2015-12-07 15:19:07.852873967 +0100
+++ sudo-1.8.6p3/doc/sudoers.man.in     2015-12-07 15:19:07.864873966 +0100
@@ -2587,6 +2587,29 @@ The path to the noexec file should now b
 \fI@sysconfdir@/sudo.conf\fR
 file.
 .TP 18n
+pam_login_service
+.br
+On systems that use PAM for authentication, this is the service
+name used when the
+\fB\-i\fR
+option is specified.
+The default value is
+``\fR@pam_login_service@\fR''.
+See the description of
+\fIpam_service\fR
+for more information.
+.TP 18n
+pam_service
+On systems that use PAM for authentication, the service name
+specifies the PAM policy to apply.
+This usually corresponds to an entry in the
+\fIpam.conf\fR
+file or a file in the
+\fI/etc/pam.d\fR
+directory.
+The default value is
+``\fRsudo\fR''.
+.TP 18n
 passprompt
 The default prompt to use when asking for a password; can be overridden via the
 \fB\-p\fR
diff -up sudo-1.8.6p3/doc/sudoers.mdoc.in.pam_servicebackport sudo-1.8.6p3/doc/sudoers.mdoc.in
--- sudo-1.8.6p3/doc/sudoers.mdoc.in.pam_servicebackport        2015-12-07 15:19:07.853873967 +0100
+++ sudo-1.8.6p3/doc/sudoers.mdoc.in    2015-12-07 15:19:07.864873966 +0100
@@ -2429,6 +2429,26 @@ This option is no longer supported.
 The path to the noexec file should now be set in the
 .Pa @sysconfdir@/sudo.conf
 file.
+.It pam_login_service
+On systems that use PAM for authentication, this is the service
+name used when the
+.Fl i
+option is specified.
+The default value is
+.Dq Li @pam_login_service@ .
+See the description of
+.Em pam_service
+for more information.
+.It pam_service
+On systems that use PAM for authentication, the service name
+specifies the PAM policy to apply.
+This usually corresponds to an entry in the
+.Pa pam.conf
+file or a file in the
+.Pa /etc/pam.d
+directory.
+The default value is
+.Dq Li sudo .
 .It passprompt
 The default prompt to use when asking for a password; can be overridden via the
 .Fl p
diff -up sudo-1.8.6p3/plugins/sudoers/auth/pam.c.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/auth/pam.c
--- sudo-1.8.6p3/plugins/sudoers/auth/pam.c.pam_servicebackport 2015-12-07 15:19:07.841873968 +0100
+++ sudo-1.8.6p3/plugins/sudoers/auth/pam.c     2015-12-07 15:19:07.864873966 +0100
@@ -90,12 +90,8 @@ sudo_pam_init(struct passwd *pw, sudo_au
     if (auth != NULL)
        auth->data = (void *) &pam_status;
     pam_conv.conv = converse;
-#ifdef HAVE_PAM_LOGIN
-    if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
-       pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh);
-    else
-#endif
-       pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
+    pam_status = pam_start(ISSET(sudo_mode, MODE_LOGIN_SHELL) ?
+    def_pam_login_service : def_pam_service, pw->pw_name, &pam_conv, &pamh);
     if (pam_status != PAM_SUCCESS) {
        log_error(USE_ERRNO|NO_MAIL, _("unable to initialize PAM"));
        debug_return_int(AUTH_FATAL);
diff -up sudo-1.8.6p3/plugins/sudoers/defaults.c.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/defaults.c
--- sudo-1.8.6p3/plugins/sudoers/defaults.c.pam_servicebackport 2015-12-07 15:19:07.856873967 +0100
+++ sudo-1.8.6p3/plugins/sudoers/defaults.c     2015-12-07 15:19:07.864873966 +0100
@@ -424,6 +424,13 @@ init_defaults(void)
     def_env_reset = ENV_RESET;
     def_set_logname = true;
     def_closefrom = STDERR_FILENO + 1;
+    def_pam_service = estrdup("sudo");
+#ifdef HAVE_PAM_LOGIN
+    def_pam_login_service = estrdup("sudo-i");
+#else
+    def_pam_login_service = estrdup("sudo");
+#endif
+
 
     /* Syslog options need special care since they both strings and ints */
 #if (LOGGING & SLOG_SYSLOG)
diff -up sudo-1.8.6p3/plugins/sudoers/def_data.c.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/def_data.c
--- sudo-1.8.6p3/plugins/sudoers/def_data.c.pam_servicebackport 2015-12-07 15:19:07.864873966 +0100
+++ sudo-1.8.6p3/plugins/sudoers/def_data.c     2015-12-07 16:10:44.248663975 +0100
@@ -363,6 +363,14 @@ struct sudo_defs_types sudo_defs_table[]
        N_("Use both user and host/domain fields when matching netgroups"),
        NULL,
     }, {
+       "pam_service", T_STR,
+       N_("PAM service name to use"),
+       NULL,
+    }, {
+       "pam_login_service", T_STR,
+       N_("PAM service name to use for login shells"),
+       NULL,
+    }, {
        NULL, 0, NULL
     }
 };
diff -up sudo-1.8.6p3/plugins/sudoers/def_data.h.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/def_data.h
--- sudo-1.8.6p3/plugins/sudoers/def_data.h.pam_servicebackport 2015-12-07 15:19:07.865873966 +0100
+++ sudo-1.8.6p3/plugins/sudoers/def_data.h     2015-12-07 16:01:48.880700283 +0100
@@ -168,6 +168,11 @@
 #define I_LEGACY_GROUP_PROCESSING 83
 #define def_netgroup_tuple      (sudo_defs_table[84].sd_un.flag)
 #define I_NETGROUP_TUPLE        84
+#define def_pam_service         (sudo_defs_table[85].sd_un.str)
+#define I_PAM_SERVICE           85
+#define def_pam_login_service   (sudo_defs_table[86].sd_un.str)
+#define I_PAM_LOGIN_SERVICE     86
+
 
 enum def_tuple {
        never,
diff -up sudo-1.8.6p3/plugins/sudoers/def_data.in.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/def_data.in
--- sudo-1.8.6p3/plugins/sudoers/def_data.in.pam_servicebackport        2012-09-18 15:56:29.000000000 +0200
+++ sudo-1.8.6p3/plugins/sudoers/def_data.in    2015-12-07 15:19:07.865873966 +0100
@@ -259,3 +259,10 @@ privs
 limitprivs
        T_STR
        "Set of limit privileges"
+pam_service
+       T_STR
+       "PAM service name to use"
+pam_login_service
+       T_STR
+       "PAM service name to use for login shells"
+
1	jpp	1.1	diff -up sudo-1.8.6p3/configure.in.pam_servicebackport sudo-1.8.6p3/configure.in
2			--- sudo-1.8.6p3/configure.in.pam_servicebackport 2015-12-07 15:19:07.851873967 +0100
3			+++ sudo-1.8.6p3/configure.in 2015-12-07 15:19:07.861873967 +0100
4			@@ -118,6 +118,7 @@ AC_SUBST([nsswitch_conf])
5			AC_SUBST([netsvc_conf])
6			AC_SUBST([secure_path])
7			AC_SUBST([editor])
8			+AC_SUBST([pam_login_service])
9			#
10			# Begin initial values for man page substitution
11			#
12			@@ -157,6 +158,7 @@ netsvc_conf=/etc/netsvc.conf
13			noexec_file=/usr/local/libexec/sudo_noexec.so
14			nsswitch_conf=/etc/nsswitch.conf
15			secure_path="not set"
16			+pam_login_service=sudo
17			#
18			# End initial values for man page substitution
19			#
20			@@ -2690,6 +2692,7 @@ if test ${with_pam-"no"} != "no"; then
21			yes) AC_DEFINE([HAVE_PAM_LOGIN])
22			AC_MSG_CHECKING(whether to use PAM login)
23			AC_MSG_RESULT(yes)
24			+ pam_login_service="sudo-i"
25			;;
26			no) ;;
27			*) AC_MSG_ERROR(["--with-pam-login does not take an argument."])
28			diff -up sudo-1.8.6p3/configure.pam_servicebackport sudo-1.8.6p3/configure
29			--- sudo-1.8.6p3/configure.pam_servicebackport 2012-09-18 15:59:16.000000000 +0200
30			+++ sudo-1.8.6p3/configure 2015-12-07 15:19:07.863873967 +0100
31			@@ -658,6 +658,7 @@ OBJEXT
32			EXEEXT
33			ac_ct_CC
34			CC
35			+pam_login_service
36			editor
37			secure_path
38			netsvc_conf
39			@@ -2955,6 +2956,7 @@ netsvc_conf=/etc/netsvc.conf
40			noexec_file=/usr/local/libexec/sudo_noexec.so
41			nsswitch_conf=/etc/nsswitch.conf
42			secure_path="not set"
43			+pam_login_service=sudo
44			#
45			# End initial values for man page substitution
46			#
47			@@ -18609,6 +18611,7 @@ if test "${with_pam_login+set}" = set; t
48			$as_echo_n "checking whether to use PAM login... " >&6; }
49			{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
50			$as_echo "yes" >&6; }
51			+ pam_login_service="sudo-i"
52			;;
53			no) ;;
54			*) as_fn_error $? "\"--with-pam-login does not take an argument.\"" "$LINENO" 5
55			diff -up sudo-1.8.6p3/doc/sudoers.cat.pam_servicebackport sudo-1.8.6p3/doc/sudoers.cat
56			--- sudo-1.8.6p3/doc/sudoers.cat.pam_servicebackport 2015-12-07 15:19:07.852873967 +0100
57			+++ sudo-1.8.6p3/doc/sudoers.cat 2015-12-07 15:19:07.863873967 +0100
58			@@ -1217,6 +1217,18 @@ SSUUDDOOEERRSS OOPPTTIIOONN
59			noexec file should now be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f
60			file.
61
62			+ pam_login_service
63			+ On systems that use PAM for authentication, this is the
64			+ service name used when the -^H-i^Hi option is specified. The
65			+ default value is ``sudo''. See the description of
66			+ _^Hp_^Ha_^Hm_^H__^Hs_^He_^Hr_^Hv_^Hi_^Hc_^He for more information.
67			+
68			+ pam_service On systems that use PAM for authentication, the service
69			+ name specifies the PAM policy to apply. This usually
70			+ corresponds to an entry in the _^Hp_^Ha_^Hm_^H._^Hc_^Ho_^Hn_^Hf file or a fi
71			+ in the _^H/_^He_^Ht_^Hc_^H/_^Hp_^Ha_^Hm_^H._^Hd directory. The default valu
72			+ ``sudo''.
73			+
74			passprompt The default prompt to use when asking for a password;
75			can be overridden via the --pp option or the SUDO_PROMPT
76			environment variable. The following percent (`%')
77			diff -up sudo-1.8.6p3/doc/sudoers.man.in.pam_servicebackport sudo-1.8.6p3/doc/sudoers.man.in
78			--- sudo-1.8.6p3/doc/sudoers.man.in.pam_servicebackport 2015-12-07 15:19:07.852873967 +0100
79			+++ sudo-1.8.6p3/doc/sudoers.man.in 2015-12-07 15:19:07.864873966 +0100
80			@@ -2587,6 +2587,29 @@ The path to the noexec file should now b
81			\fI@sysconfdir@/sudo.conf\fR
82			file.
83			.TP 18n
84			+pam_login_service
85			+.br
86			+On systems that use PAM for authentication, this is the service
87			+name used when the
88			+\fB\-i\fR
89			+option is specified.
90			+The default value is
91			+``\fR@pam_login_service@\fR''.
92			+See the description of
93			+\fIpam_service\fR
94			+for more information.
95			+.TP 18n
96			+pam_service
97			+On systems that use PAM for authentication, the service name
98			+specifies the PAM policy to apply.
99			+This usually corresponds to an entry in the
100			+\fIpam.conf\fR
101			+file or a file in the
102			+\fI/etc/pam.d\fR
103			+directory.
104			+The default value is
105			+``\fRsudo\fR''.
106			+.TP 18n
107			passprompt
108			The default prompt to use when asking for a password; can be overridden via the
109			\fB\-p\fR
110			diff -up sudo-1.8.6p3/doc/sudoers.mdoc.in.pam_servicebackport sudo-1.8.6p3/doc/sudoers.mdoc.in
111			--- sudo-1.8.6p3/doc/sudoers.mdoc.in.pam_servicebackport 2015-12-07 15:19:07.853873967 +0100
112			+++ sudo-1.8.6p3/doc/sudoers.mdoc.in 2015-12-07 15:19:07.864873966 +0100
113			@@ -2429,6 +2429,26 @@ This option is no longer supported.
114			The path to the noexec file should now be set in the
115			.Pa @sysconfdir@/sudo.conf
116			file.
117			+.It pam_login_service
118			+On systems that use PAM for authentication, this is the service
119			+name used when the
120			+.Fl i
121			+option is specified.
122			+The default value is
123			+.Dq Li @pam_login_service@ .
124			+See the description of
125			+.Em pam_service
126			+for more information.
127			+.It pam_service
128			+On systems that use PAM for authentication, the service name
129			+specifies the PAM policy to apply.
130			+This usually corresponds to an entry in the
131			+.Pa pam.conf
132			+file or a file in the
133			+.Pa /etc/pam.d
134			+directory.
135			+The default value is
136			+.Dq Li sudo .
137			.It passprompt
138			The default prompt to use when asking for a password; can be overridden via the
139			.Fl p
140			diff -up sudo-1.8.6p3/plugins/sudoers/auth/pam.c.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/auth/pam.c
141			--- sudo-1.8.6p3/plugins/sudoers/auth/pam.c.pam_servicebackport 2015-12-07 15:19:07.841873968 +0100
142			+++ sudo-1.8.6p3/plugins/sudoers/auth/pam.c 2015-12-07 15:19:07.864873966 +0100
143			@@ -90,12 +90,8 @@ sudo_pam_init(struct passwd *pw, sudo_au
144			if (auth != NULL)
145			auth->data = (void *) &pam_status;
146			pam_conv.conv = converse;
147			-#ifdef HAVE_PAM_LOGIN
148			- if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
149			- pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh);
150			- else
151			-#endif
152			- pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
153			+ pam_status = pam_start(ISSET(sudo_mode, MODE_LOGIN_SHELL) ?
154			+ def_pam_login_service : def_pam_service, pw->pw_name, &pam_conv, &pamh);
155			if (pam_status != PAM_SUCCESS) {
156			log_error(USE_ERRNO\|NO_MAIL, _("unable to initialize PAM"));
157			debug_return_int(AUTH_FATAL);
158			diff -up sudo-1.8.6p3/plugins/sudoers/defaults.c.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/defaults.c
159			--- sudo-1.8.6p3/plugins/sudoers/defaults.c.pam_servicebackport 2015-12-07 15:19:07.856873967 +0100
160			+++ sudo-1.8.6p3/plugins/sudoers/defaults.c 2015-12-07 15:19:07.864873966 +0100
161			@@ -424,6 +424,13 @@ init_defaults(void)
162			def_env_reset = ENV_RESET;
163			def_set_logname = true;
164			def_closefrom = STDERR_FILENO + 1;
165			+ def_pam_service = estrdup("sudo");
166			+#ifdef HAVE_PAM_LOGIN
167			+ def_pam_login_service = estrdup("sudo-i");
168			+#else
169			+ def_pam_login_service = estrdup("sudo");
170			+#endif
171			+
172
173			/* Syslog options need special care since they both strings and ints */
174			#if (LOGGING & SLOG_SYSLOG)
175			diff -up sudo-1.8.6p3/plugins/sudoers/def_data.c.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/def_data.c
176			--- sudo-1.8.6p3/plugins/sudoers/def_data.c.pam_servicebackport 2015-12-07 15:19:07.864873966 +0100
177			+++ sudo-1.8.6p3/plugins/sudoers/def_data.c 2015-12-07 16:10:44.248663975 +0100
178			@@ -363,6 +363,14 @@ struct sudo_defs_types sudo_defs_table[]
179			N_("Use both user and host/domain fields when matching netgroups"),
180			NULL,
181			}, {
182			+ "pam_service", T_STR,
183			+ N_("PAM service name to use"),
184			+ NULL,
185			+ }, {
186			+ "pam_login_service", T_STR,
187			+ N_("PAM service name to use for login shells"),
188			+ NULL,
189			+ }, {
190			NULL, 0, NULL
191			}
192			};
193			diff -up sudo-1.8.6p3/plugins/sudoers/def_data.h.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/def_data.h
194			--- sudo-1.8.6p3/plugins/sudoers/def_data.h.pam_servicebackport 2015-12-07 15:19:07.865873966 +0100
195			+++ sudo-1.8.6p3/plugins/sudoers/def_data.h 2015-12-07 16:01:48.880700283 +0100
196			@@ -168,6 +168,11 @@
197			#define I_LEGACY_GROUP_PROCESSING 83
198			#define def_netgroup_tuple (sudo_defs_table[84].sd_un.flag)
199			#define I_NETGROUP_TUPLE 84
200			+#define def_pam_service (sudo_defs_table[85].sd_un.str)
201			+#define I_PAM_SERVICE 85
202			+#define def_pam_login_service (sudo_defs_table[86].sd_un.str)
203			+#define I_PAM_LOGIN_SERVICE 86
204			+
205
206			enum def_tuple {
207			never,
208			diff -up sudo-1.8.6p3/plugins/sudoers/def_data.in.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/def_data.in
209			--- sudo-1.8.6p3/plugins/sudoers/def_data.in.pam_servicebackport 2012-09-18 15:56:29.000000000 +0200
210			+++ sudo-1.8.6p3/plugins/sudoers/def_data.in 2015-12-07 15:19:07.865873966 +0100
211			@@ -259,3 +259,10 @@ privs
212			limitprivs
213			T_STR
214			"Set of limit privileges"
215			+pam_service
216			+ T_STR
217			+ "PAM service name to use"
218			+pam_login_service
219			+ T_STR
220			+ "PAM service name to use for login shells"
221			+