sudo/sme9/sudo-1.8.6p3-pam_servicebackport.patch

diff -up sudo-1.8.6p3/configure.in.pam_servicebackport sudo-1.8.6p3/configure.in
--- sudo-1.8.6p3/configure.in.pam_servicebackport       2015-12-07 15:19:07.851873967 +0100
+++ sudo-1.8.6p3/configure.in   2015-12-07 15:19:07.861873967 +0100
@@ -118,6 +118,7 @@ AC_SUBST([nsswitch_conf])
 AC_SUBST([netsvc_conf])
 AC_SUBST([secure_path])
 AC_SUBST([editor])
+AC_SUBST([pam_login_service])
 #
 # Begin initial values for man page substitution
 #
@@ -157,6 +158,7 @@ netsvc_conf=/etc/netsvc.conf
 noexec_file=/usr/local/libexec/sudo_noexec.so
 nsswitch_conf=/etc/nsswitch.conf
 secure_path="not set"
+pam_login_service=sudo
 #
 # End initial values for man page substitution
 #
@@ -2690,6 +2692,7 @@ if test ${with_pam-"no"} != "no"; then
            yes)        AC_DEFINE([HAVE_PAM_LOGIN])
                        AC_MSG_CHECKING(whether to use PAM login)
                        AC_MSG_RESULT(yes)
+                       pam_login_service="sudo-i"
                        ;;
            no)         ;;
            *)          AC_MSG_ERROR(["--with-pam-login does not take an argument."])
diff -up sudo-1.8.6p3/configure.pam_servicebackport sudo-1.8.6p3/configure
--- sudo-1.8.6p3/configure.pam_servicebackport  2012-09-18 15:59:16.000000000 +0200
+++ sudo-1.8.6p3/configure      2015-12-07 15:19:07.863873967 +0100
@@ -658,6 +658,7 @@ OBJEXT
 EXEEXT
 ac_ct_CC
 CC
+pam_login_service
 editor
 secure_path
 netsvc_conf
@@ -2955,6 +2956,7 @@ netsvc_conf=/etc/netsvc.conf
 noexec_file=/usr/local/libexec/sudo_noexec.so
 nsswitch_conf=/etc/nsswitch.conf
 secure_path="not set"
+pam_login_service=sudo
 #
 # End initial values for man page substitution
 #
@@ -18609,6 +18611,7 @@ if test "${with_pam_login+set}" = set; t
 $as_echo_n "checking whether to use PAM login... " >&6; }
                        { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 $as_echo "yes" >&6; }
+                       pam_login_service="sudo-i"
                        ;;
            no)         ;;
            *)          as_fn_error $? "\"--with-pam-login does not take an argument.\"" "$LINENO" 5
diff -up sudo-1.8.6p3/doc/sudoers.cat.pam_servicebackport sudo-1.8.6p3/doc/sudoers.cat
--- sudo-1.8.6p3/doc/sudoers.cat.pam_servicebackport    2015-12-07 15:19:07.852873967 +0100
+++ sudo-1.8.6p3/doc/sudoers.cat        2015-12-07 15:19:07.863873967 +0100
@@ -1217,6 +1217,18 @@ SSUUDDOOEERRSS OOPPTTIIOONN
                        noexec file should now be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f
                        file.
 
+     pam_login_service
+                       On systems that use PAM for authentication, this is the
+                       service name used when the -^H-i^Hi option is specified.  The
+                       default value is ``sudo''.  See the description of
+                       _^Hp_^Ha_^Hm_^H__^Hs_^He_^Hr_^Hv_^Hi_^Hc_^He for more information.
+
+     pam_service       On systems that use PAM for authentication, the service
+                       name specifies the PAM policy to apply.  This usually
+                       corresponds to an entry in the _^Hp_^Ha_^Hm_^H._^Hc_^Ho_^Hn_^Hf file or a fi
+                       in the _^H/_^He_^Ht_^Hc_^H/_^Hp_^Ha_^Hm_^H._^Hd directory.  The default valu
+                       ``sudo''.
+ 
      passprompt        The default prompt to use when asking for a password;
                        can be overridden via the --pp option or the SUDO_PROMPT
                        environment variable.  The following percent (`%')
diff -up sudo-1.8.6p3/doc/sudoers.man.in.pam_servicebackport sudo-1.8.6p3/doc/sudoers.man.in
--- sudo-1.8.6p3/doc/sudoers.man.in.pam_servicebackport 2015-12-07 15:19:07.852873967 +0100
+++ sudo-1.8.6p3/doc/sudoers.man.in     2015-12-07 15:19:07.864873966 +0100
@@ -2587,6 +2587,29 @@ The path to the noexec file should now b
 \fI@sysconfdir@/sudo.conf\fR
 file.
 .TP 18n
+pam_login_service
+.br
+On systems that use PAM for authentication, this is the service
+name used when the
+\fB\-i\fR
+option is specified.
+The default value is
+``\fR@pam_login_service@\fR''.
+See the description of
+\fIpam_service\fR
+for more information.
+.TP 18n
+pam_service
+On systems that use PAM for authentication, the service name
+specifies the PAM policy to apply.
+This usually corresponds to an entry in the
+\fIpam.conf\fR
+file or a file in the
+\fI/etc/pam.d\fR
+directory.
+The default value is
+``\fRsudo\fR''.
+.TP 18n
 passprompt
 The default prompt to use when asking for a password; can be overridden via the
 \fB\-p\fR
diff -up sudo-1.8.6p3/doc/sudoers.mdoc.in.pam_servicebackport sudo-1.8.6p3/doc/sudoers.mdoc.in
--- sudo-1.8.6p3/doc/sudoers.mdoc.in.pam_servicebackport        2015-12-07 15:19:07.853873967 +0100
+++ sudo-1.8.6p3/doc/sudoers.mdoc.in    2015-12-07 15:19:07.864873966 +0100
@@ -2429,6 +2429,26 @@ This option is no longer supported.
 The path to the noexec file should now be set in the
 .Pa @sysconfdir@/sudo.conf
 file.
+.It pam_login_service
+On systems that use PAM for authentication, this is the service
+name used when the
+.Fl i
+option is specified.
+The default value is
+.Dq Li @pam_login_service@ .
+See the description of
+.Em pam_service
+for more information.
+.It pam_service
+On systems that use PAM for authentication, the service name
+specifies the PAM policy to apply.
+This usually corresponds to an entry in the
+.Pa pam.conf
+file or a file in the
+.Pa /etc/pam.d
+directory.
+The default value is
+.Dq Li sudo .
 .It passprompt
 The default prompt to use when asking for a password; can be overridden via the
 .Fl p
diff -up sudo-1.8.6p3/plugins/sudoers/auth/pam.c.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/auth/pam.c
--- sudo-1.8.6p3/plugins/sudoers/auth/pam.c.pam_servicebackport 2015-12-07 15:19:07.841873968 +0100
+++ sudo-1.8.6p3/plugins/sudoers/auth/pam.c     2015-12-07 15:19:07.864873966 +0100
@@ -90,12 +90,8 @@ sudo_pam_init(struct passwd *pw, sudo_au
     if (auth != NULL)
        auth->data = (void *) &pam_status;
     pam_conv.conv = converse;
-#ifdef HAVE_PAM_LOGIN
-    if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
-       pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh);
-    else
-#endif
-       pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
+    pam_status = pam_start(ISSET(sudo_mode, MODE_LOGIN_SHELL) ?
+    def_pam_login_service : def_pam_service, pw->pw_name, &pam_conv, &pamh);
     if (pam_status != PAM_SUCCESS) {
        log_error(USE_ERRNO|NO_MAIL, _("unable to initialize PAM"));
        debug_return_int(AUTH_FATAL);
diff -up sudo-1.8.6p3/plugins/sudoers/defaults.c.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/defaults.c
--- sudo-1.8.6p3/plugins/sudoers/defaults.c.pam_servicebackport 2015-12-07 15:19:07.856873967 +0100
+++ sudo-1.8.6p3/plugins/sudoers/defaults.c     2015-12-07 15:19:07.864873966 +0100
@@ -424,6 +424,13 @@ init_defaults(void)
     def_env_reset = ENV_RESET;
     def_set_logname = true;
     def_closefrom = STDERR_FILENO + 1;
+    def_pam_service = estrdup("sudo");
+#ifdef HAVE_PAM_LOGIN
+    def_pam_login_service = estrdup("sudo-i");
+#else
+    def_pam_login_service = estrdup("sudo");
+#endif
+
 
     /* Syslog options need special care since they both strings and ints */
 #if (LOGGING & SLOG_SYSLOG)
diff -up sudo-1.8.6p3/plugins/sudoers/def_data.c.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/def_data.c
--- sudo-1.8.6p3/plugins/sudoers/def_data.c.pam_servicebackport 2015-12-07 15:19:07.864873966 +0100
+++ sudo-1.8.6p3/plugins/sudoers/def_data.c     2015-12-07 16:10:44.248663975 +0100
@@ -363,6 +363,14 @@ struct sudo_defs_types sudo_defs_table[]
        N_("Use both user and host/domain fields when matching netgroups"),
        NULL,
     }, {
+       "pam_service", T_STR,
+       N_("PAM service name to use"),
+       NULL,
+    }, {
+       "pam_login_service", T_STR,
+       N_("PAM service name to use for login shells"),
+       NULL,
+    }, {
        NULL, 0, NULL
     }
 };
diff -up sudo-1.8.6p3/plugins/sudoers/def_data.h.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/def_data.h
--- sudo-1.8.6p3/plugins/sudoers/def_data.h.pam_servicebackport 2015-12-07 15:19:07.865873966 +0100
+++ sudo-1.8.6p3/plugins/sudoers/def_data.h     2015-12-07 16:01:48.880700283 +0100
@@ -168,6 +168,11 @@
 #define I_LEGACY_GROUP_PROCESSING 83
 #define def_netgroup_tuple      (sudo_defs_table[84].sd_un.flag)
 #define I_NETGROUP_TUPLE        84
+#define def_pam_service         (sudo_defs_table[85].sd_un.str)
+#define I_PAM_SERVICE           85
+#define def_pam_login_service   (sudo_defs_table[86].sd_un.str)
+#define I_PAM_LOGIN_SERVICE     86
+
 
 enum def_tuple {
        never,
diff -up sudo-1.8.6p3/plugins/sudoers/def_data.in.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/def_data.in
--- sudo-1.8.6p3/plugins/sudoers/def_data.in.pam_servicebackport        2012-09-18 15:56:29.000000000 +0200
+++ sudo-1.8.6p3/plugins/sudoers/def_data.in    2015-12-07 15:19:07.865873966 +0100
@@ -259,3 +259,10 @@ privs
 limitprivs
        T_STR
        "Set of limit privileges"
+pam_service
+       T_STR
+       "PAM service name to use"
+pam_login_service
+       T_STR
+       "PAM service name to use for login shells"
+
1	diff -up sudo-1.8.6p3/configure.in.pam_servicebackport sudo-1.8.6p3/configure.in
2	--- sudo-1.8.6p3/configure.in.pam_servicebackport 2015-12-07 15:19:07.851873967 +0100
3	+++ sudo-1.8.6p3/configure.in 2015-12-07 15:19:07.861873967 +0100
4	@@ -118,6 +118,7 @@ AC_SUBST([nsswitch_conf])
5	AC_SUBST([netsvc_conf])
6	AC_SUBST([secure_path])
7	AC_SUBST([editor])
8	+AC_SUBST([pam_login_service])
9	#
10	# Begin initial values for man page substitution
11	#
12	@@ -157,6 +158,7 @@ netsvc_conf=/etc/netsvc.conf
13	noexec_file=/usr/local/libexec/sudo_noexec.so
14	nsswitch_conf=/etc/nsswitch.conf
15	secure_path="not set"
16	+pam_login_service=sudo
17	#
18	# End initial values for man page substitution
19	#
20	@@ -2690,6 +2692,7 @@ if test ${with_pam-"no"} != "no"; then
21	yes) AC_DEFINE([HAVE_PAM_LOGIN])
22	AC_MSG_CHECKING(whether to use PAM login)
23	AC_MSG_RESULT(yes)
24	+ pam_login_service="sudo-i"
25	;;
26	no) ;;
27	*) AC_MSG_ERROR(["--with-pam-login does not take an argument."])
28	diff -up sudo-1.8.6p3/configure.pam_servicebackport sudo-1.8.6p3/configure
29	--- sudo-1.8.6p3/configure.pam_servicebackport 2012-09-18 15:59:16.000000000 +0200
30	+++ sudo-1.8.6p3/configure 2015-12-07 15:19:07.863873967 +0100
31	@@ -658,6 +658,7 @@ OBJEXT
32	EXEEXT
33	ac_ct_CC
34	CC
35	+pam_login_service
36	editor
37	secure_path
38	netsvc_conf
39	@@ -2955,6 +2956,7 @@ netsvc_conf=/etc/netsvc.conf
40	noexec_file=/usr/local/libexec/sudo_noexec.so
41	nsswitch_conf=/etc/nsswitch.conf
42	secure_path="not set"
43	+pam_login_service=sudo
44	#
45	# End initial values for man page substitution
46	#
47	@@ -18609,6 +18611,7 @@ if test "${with_pam_login+set}" = set; t
48	$as_echo_n "checking whether to use PAM login... " >&6; }
49	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
50	$as_echo "yes" >&6; }
51	+ pam_login_service="sudo-i"
52	;;
53	no) ;;
54	*) as_fn_error $? "\"--with-pam-login does not take an argument.\"" "$LINENO" 5
55	diff -up sudo-1.8.6p3/doc/sudoers.cat.pam_servicebackport sudo-1.8.6p3/doc/sudoers.cat
56	--- sudo-1.8.6p3/doc/sudoers.cat.pam_servicebackport 2015-12-07 15:19:07.852873967 +0100
57	+++ sudo-1.8.6p3/doc/sudoers.cat 2015-12-07 15:19:07.863873967 +0100
58	@@ -1217,6 +1217,18 @@ SSUUDDOOEERRSS OOPPTTIIOONN
59	noexec file should now be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f
60	file.
61
62	+ pam_login_service
63	+ On systems that use PAM for authentication, this is the
64	+ service name used when the -^H-i^Hi option is specified. The
65	+ default value is ``sudo''. See the description of
66	+ _^Hp_^Ha_^Hm_^H__^Hs_^He_^Hr_^Hv_^Hi_^Hc_^He for more information.
67	+
68	+ pam_service On systems that use PAM for authentication, the service
69	+ name specifies the PAM policy to apply. This usually
70	+ corresponds to an entry in the _^Hp_^Ha_^Hm_^H._^Hc_^Ho_^Hn_^Hf file or a fi
71	+ in the _^H/_^He_^Ht_^Hc_^H/_^Hp_^Ha_^Hm_^H._^Hd directory. The default valu
72	+ ``sudo''.
73	+
74	passprompt The default prompt to use when asking for a password;
75	can be overridden via the --pp option or the SUDO_PROMPT
76	environment variable. The following percent (`%')
77	diff -up sudo-1.8.6p3/doc/sudoers.man.in.pam_servicebackport sudo-1.8.6p3/doc/sudoers.man.in
78	--- sudo-1.8.6p3/doc/sudoers.man.in.pam_servicebackport 2015-12-07 15:19:07.852873967 +0100
79	+++ sudo-1.8.6p3/doc/sudoers.man.in 2015-12-07 15:19:07.864873966 +0100
80	@@ -2587,6 +2587,29 @@ The path to the noexec file should now b
81	\fI@sysconfdir@/sudo.conf\fR
82	file.
83	.TP 18n
84	+pam_login_service
85	+.br
86	+On systems that use PAM for authentication, this is the service
87	+name used when the
88	+\fB\-i\fR
89	+option is specified.
90	+The default value is
91	+``\fR@pam_login_service@\fR''.
92	+See the description of
93	+\fIpam_service\fR
94	+for more information.
95	+.TP 18n
96	+pam_service
97	+On systems that use PAM for authentication, the service name
98	+specifies the PAM policy to apply.
99	+This usually corresponds to an entry in the
100	+\fIpam.conf\fR
101	+file or a file in the
102	+\fI/etc/pam.d\fR
103	+directory.
104	+The default value is
105	+``\fRsudo\fR''.
106	+.TP 18n
107	passprompt
108	The default prompt to use when asking for a password; can be overridden via the
109	\fB\-p\fR
110	diff -up sudo-1.8.6p3/doc/sudoers.mdoc.in.pam_servicebackport sudo-1.8.6p3/doc/sudoers.mdoc.in
111	--- sudo-1.8.6p3/doc/sudoers.mdoc.in.pam_servicebackport 2015-12-07 15:19:07.853873967 +0100
112	+++ sudo-1.8.6p3/doc/sudoers.mdoc.in 2015-12-07 15:19:07.864873966 +0100
113	@@ -2429,6 +2429,26 @@ This option is no longer supported.
114	The path to the noexec file should now be set in the
115	.Pa @sysconfdir@/sudo.conf
116	file.
117	+.It pam_login_service
118	+On systems that use PAM for authentication, this is the service
119	+name used when the
120	+.Fl i
121	+option is specified.
122	+The default value is
123	+.Dq Li @pam_login_service@ .
124	+See the description of
125	+.Em pam_service
126	+for more information.
127	+.It pam_service
128	+On systems that use PAM for authentication, the service name
129	+specifies the PAM policy to apply.
130	+This usually corresponds to an entry in the
131	+.Pa pam.conf
132	+file or a file in the
133	+.Pa /etc/pam.d
134	+directory.
135	+The default value is
136	+.Dq Li sudo .
137	.It passprompt
138	The default prompt to use when asking for a password; can be overridden via the
139	.Fl p
140	diff -up sudo-1.8.6p3/plugins/sudoers/auth/pam.c.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/auth/pam.c
141	--- sudo-1.8.6p3/plugins/sudoers/auth/pam.c.pam_servicebackport 2015-12-07 15:19:07.841873968 +0100
142	+++ sudo-1.8.6p3/plugins/sudoers/auth/pam.c 2015-12-07 15:19:07.864873966 +0100
143	@@ -90,12 +90,8 @@ sudo_pam_init(struct passwd *pw, sudo_au
144	if (auth != NULL)
145	auth->data = (void *) &pam_status;
146	pam_conv.conv = converse;
147	-#ifdef HAVE_PAM_LOGIN
148	- if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
149	- pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh);
150	- else
151	-#endif
152	- pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
153	+ pam_status = pam_start(ISSET(sudo_mode, MODE_LOGIN_SHELL) ?
154	+ def_pam_login_service : def_pam_service, pw->pw_name, &pam_conv, &pamh);
155	if (pam_status != PAM_SUCCESS) {
156	log_error(USE_ERRNO\|NO_MAIL, _("unable to initialize PAM"));
157	debug_return_int(AUTH_FATAL);
158	diff -up sudo-1.8.6p3/plugins/sudoers/defaults.c.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/defaults.c
159	--- sudo-1.8.6p3/plugins/sudoers/defaults.c.pam_servicebackport 2015-12-07 15:19:07.856873967 +0100
160	+++ sudo-1.8.6p3/plugins/sudoers/defaults.c 2015-12-07 15:19:07.864873966 +0100
161	@@ -424,6 +424,13 @@ init_defaults(void)
162	def_env_reset = ENV_RESET;
163	def_set_logname = true;
164	def_closefrom = STDERR_FILENO + 1;
165	+ def_pam_service = estrdup("sudo");
166	+#ifdef HAVE_PAM_LOGIN
167	+ def_pam_login_service = estrdup("sudo-i");
168	+#else
169	+ def_pam_login_service = estrdup("sudo");
170	+#endif
171	+
172
173	/* Syslog options need special care since they both strings and ints */
174	#if (LOGGING & SLOG_SYSLOG)
175	diff -up sudo-1.8.6p3/plugins/sudoers/def_data.c.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/def_data.c
176	--- sudo-1.8.6p3/plugins/sudoers/def_data.c.pam_servicebackport 2015-12-07 15:19:07.864873966 +0100
177	+++ sudo-1.8.6p3/plugins/sudoers/def_data.c 2015-12-07 16:10:44.248663975 +0100
178	@@ -363,6 +363,14 @@ struct sudo_defs_types sudo_defs_table[]
179	N_("Use both user and host/domain fields when matching netgroups"),
180	NULL,
181	}, {
182	+ "pam_service", T_STR,
183	+ N_("PAM service name to use"),
184	+ NULL,
185	+ }, {
186	+ "pam_login_service", T_STR,
187	+ N_("PAM service name to use for login shells"),
188	+ NULL,
189	+ }, {
190	NULL, 0, NULL
191	}
192	};
193	diff -up sudo-1.8.6p3/plugins/sudoers/def_data.h.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/def_data.h
194	--- sudo-1.8.6p3/plugins/sudoers/def_data.h.pam_servicebackport 2015-12-07 15:19:07.865873966 +0100
195	+++ sudo-1.8.6p3/plugins/sudoers/def_data.h 2015-12-07 16:01:48.880700283 +0100
196	@@ -168,6 +168,11 @@
197	#define I_LEGACY_GROUP_PROCESSING 83
198	#define def_netgroup_tuple (sudo_defs_table[84].sd_un.flag)
199	#define I_NETGROUP_TUPLE 84
200	+#define def_pam_service (sudo_defs_table[85].sd_un.str)
201	+#define I_PAM_SERVICE 85
202	+#define def_pam_login_service (sudo_defs_table[86].sd_un.str)
203	+#define I_PAM_LOGIN_SERVICE 86
204	+
205
206	enum def_tuple {
207	never,
208	diff -up sudo-1.8.6p3/plugins/sudoers/def_data.in.pam_servicebackport sudo-1.8.6p3/plugins/sudoers/def_data.in
209	--- sudo-1.8.6p3/plugins/sudoers/def_data.in.pam_servicebackport 2012-09-18 15:56:29.000000000 +0200
210	+++ sudo-1.8.6p3/plugins/sudoers/def_data.in 2015-12-07 15:19:07.865873966 +0100
211	@@ -259,3 +259,10 @@ privs
212	limitprivs
213	T_STR
214	"Set of limit privileges"
215	+pam_service
216	+ T_STR
217	+ "PAM service name to use"
218	+pam_login_service
219	+ T_STR
220	+ "PAM service name to use for login shells"
221	+