SOURCES: sudo-pam-login.patch (NEW) - split pam config for login s...

baggins baggins at pld-linux.org
Tue Mar 27 17:29:53 CEST 2007 

Author: baggins                      Date: Tue Mar 27 15:29:53 2007 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- split pam config for login simulation

---- Files affected:
SOURCES:
   sudo-pam-login.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/sudo-pam-login.patch
diff -u /dev/null SOURCES/sudo-pam-login.patch:1.1
--- /dev/null	Tue Mar 27 17:29:53 2007
+++ SOURCES/sudo-pam-login.patch	Tue Mar 27 17:29:48 2007
@@ -0,0 +1,116 @@
+--- sudo-1.6.8p12/configure.in.login	2006-07-16 15:25:33.000000000 +0200
++++ sudo-1.6.8p12/configure.in	2006-07-16 15:49:08.000000000 +0200
+@@ -357,6 +357,17 @@
+ 		;;
+ esac])
+ 
++AC_ARG_WITH(pam-login, [  --with-pam-login              enable specific PAM session for sudo -i],
++[case $with_pam_login in
++    yes)	AC_DEFINE(HAVE_PAM_LOGIN)
++		AC_MSG_CHECKING(whether to use PAM login)
++		AC_MSG_RESULT(yes)
++		;;
++    no)		;;
++    *)		AC_MSG_ERROR(["--with-pam-login does not take an argument."])
++		;;
++esac])
++
+ AC_ARG_WITH(AFS, [  --with-AFS              enable AFS support],
+ [case $with_AFS in
+     yes)	AC_DEFINE(HAVE_AFS)
+--- sudo-1.6.8p12/sudo.c.login	2006-07-16 15:39:26.000000000 +0200
++++ sudo-1.6.8p12/sudo.c	2006-07-16 15:41:42.000000000 +0200
+@@ -109,7 +109,7 @@
+ static struct passwd *get_authpw	__P((void));
+ extern int sudo_edit			__P((int, char **));
+ extern void list_matches		__P((void));
+-extern char **rebuild_env		__P((char **, int, int));
++extern char **rebuild_env		__P((char **, int));
+ extern char **zero_env			__P((char **));
+ extern struct passwd *sudo_getpwnam	__P((const char *));
+ extern struct passwd *sudo_getpwuid	__P((uid_t));
+@@ -140,6 +140,7 @@
+ #endif /* HAVE_BSD_AUTH_H */
+ sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp, saved_sa_chld;
+ void (*set_perms) __P((int));
++int sudo_mode;
+ 
+ 
+ int
+@@ -151,7 +152,6 @@
+     int validated;
+     int fd;
+     int cmnd_status;
+-    int sudo_mode;
+     int pwflag;
+     char **new_environ;
+     sigaction_t sa;
+@@ -368,7 +368,7 @@
+ 
+     /* Build a new environment that avoids any nasty bits if we have a cmnd. */
+     if (ISSET(sudo_mode, MODE_RUN))
+-	new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC));
++	new_environ = rebuild_env(envp, ISSET(validated, FLAG_NOEXEC));
+     else
+ 	new_environ = envp;
+ 
+--- sudo-1.6.8p12/auth/pam.c.login	2006-07-16 15:41:59.000000000 +0200
++++ sudo-1.6.8p12/auth/pam.c	2006-07-16 15:45:15.000000000 +0200
+@@ -89,7 +89,12 @@
+     if (auth != NULL)
+ 	auth->data = (VOID *) &pam_status;
+     pam_conv.conv = sudo_conv;
+-    pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
++#ifdef HAVE_PAM_LOGIN
++    if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
++	    pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh);
++    else
++#endif
++	    pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
+     if (pam_status != PAM_SUCCESS) {
+ 	log_error(USE_ERRNO|NO_EXIT|NO_MAIL, "unable to initialize PAM");
+ 	return(AUTH_FATAL);
+--- sudo-1.6.8p12/env.c.login	2006-07-16 15:40:14.000000000 +0200
++++ sudo-1.6.8p12/env.c	2006-07-16 15:57:19.000000000 +0200
+@@ -77,7 +77,7 @@
+ /*
+  * Prototypes
+  */
+-char **rebuild_env		__P((char **, int, int));
++char **rebuild_env		__P((char **, int));
+ char **zero_env			__P((char **));
+ static void insert_env		__P((char *, int));
+ static char *format_env		__P((char *, ...));
+@@ -321,9 +321,8 @@
+  * Also adds sudo-specific variables (SUDO_*).
+  */
+ char **
+-rebuild_env(envp, sudo_mode, noexec)
++rebuild_env(envp, noexec)
+     char **envp;
+-    int sudo_mode;
+     int noexec;
+ {
+     char **ep, *cp, *ps1;
+--- sudo-1.6.8p12/sudo.h.login	2006-07-16 15:59:08.000000000 +0200
++++ sudo-1.6.8p12/sudo.h	2006-07-16 15:59:38.000000000 +0200
+@@ -251,6 +251,7 @@
+ extern FILE *sudoers_fp;
+ extern int tgetpass_flags;
+ extern uid_t timestamp_uid;
++extern int sudo_mode;
+ 
+ extern void (*set_perms) __P((int));
+ #endif
+--- sudo-1.6.8p12/config.h.in.login	2006-07-16 15:32:09.000000000 +0200
++++ sudo-1.6.8p12/config.h.in	2006-07-16 15:32:56.000000000 +0200
+@@ -230,6 +230,9 @@
+ /* Define to 1 if you use PAM authentication. */
+ #undef HAVE_PAM
+ 
++/* Define to 1 if you use specific PAM session for sodo -i. */
++#undef HAVE_PAM_LOGIN
++
+ /* Define to 1 if you have the <pam/pam_appl.h> header file. */
+ #undef HAVE_PAM_PAM_APPL_H
+ 
================================================================

More information about the pld-cvs-commit mailing list