basebuilder_pel7x64builder0
6 years ago
8 changed files with 554 additions and 120 deletions
@ -0,0 +1,161 @@
@@ -0,0 +1,161 @@
|
||||
From 0f303a2de843c31afb03b558dfb7287be79e6e17 Mon Sep 17 00:00:00 2001 |
||||
From: "Todd C. Miller" <Todd.Miller@sudo.ws> |
||||
Date: Thu, 26 Jul 2018 12:31:29 -0600 |
||||
Subject: [PATCH] Ignore PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED errors |
||||
from pam_acct_mgmt() if authentication is disabled for the user. Bug #843 |
||||
|
||||
--- |
||||
plugins/sudoers/auth/bsdauth.c | 2 +- |
||||
plugins/sudoers/auth/pam.c | 10 +++++++++- |
||||
plugins/sudoers/auth/sudo_auth.c | 4 ++-- |
||||
plugins/sudoers/auth/sudo_auth.h | 6 +++--- |
||||
plugins/sudoers/check.c | 4 +++- |
||||
plugins/sudoers/sudoers.h | 2 +- |
||||
6 files changed, 19 insertions(+), 9 deletions(-) |
||||
|
||||
diff --git a/plugins/sudoers/auth/bsdauth.c b/plugins/sudoers/auth/bsdauth.c |
||||
index 444cd337..390263d3 100644 |
||||
--- a/plugins/sudoers/auth/bsdauth.c |
||||
+++ b/plugins/sudoers/auth/bsdauth.c |
||||
@@ -168,7 +168,7 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_con |
||||
} |
||||
|
||||
int |
||||
-bsdauth_approval(struct passwd *pw, sudo_auth *auth) |
||||
+bsdauth_approval(struct passwd *pw, sudo_auth *auth, bool exempt) |
||||
{ |
||||
struct bsdauth_state *state = auth->data; |
||||
debug_decl(bsdauth_approval, SUDOERS_DEBUG_AUTH) |
||||
diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c |
||||
index 347289da..a4749448 100644 |
||||
--- a/plugins/sudoers/auth/pam.c |
||||
+++ b/plugins/sudoers/auth/pam.c |
||||
@@ -202,7 +202,7 @@ sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_co |
||||
} |
||||
|
||||
int |
||||
-sudo_pam_approval(struct passwd *pw, sudo_auth *auth) |
||||
+sudo_pam_approval(struct passwd *pw, sudo_auth *auth, bool exempt) |
||||
{ |
||||
const char *s; |
||||
int *pam_status = (int *) auth->data; |
||||
@@ -217,6 +217,10 @@ sudo_pam_approval(struct passwd *pw, sudo_auth *auth) |
||||
"is your account locked?")); |
||||
debug_return_int(AUTH_FATAL); |
||||
case PAM_NEW_AUTHTOK_REQD: |
||||
+ /* Ignore if user is exempt from password restrictions. */ |
||||
+ if (exempt) |
||||
+ debug_return_int(AUTH_SUCCESS); |
||||
+ /* New password required, try to change it. */ |
||||
log_warningx(0, N_("Account or password is " |
||||
"expired, reset your password and try again")); |
||||
*pam_status = pam_chauthtok(pamh, |
||||
@@ -229,6 +233,10 @@ sudo_pam_approval(struct passwd *pw, sudo_auth *auth) |
||||
N_("unable to change expired password: %s"), s); |
||||
debug_return_int(AUTH_FAILURE); |
||||
case PAM_AUTHTOK_EXPIRED: |
||||
+ /* Ignore if user is exempt from password restrictions. */ |
||||
+ if (exempt) |
||||
+ debug_return_int(AUTH_SUCCESS); |
||||
+ /* Password expired, cannot be updated by user. */ |
||||
log_warningx(0, |
||||
N_("Password expired, contact your system administrator")); |
||||
debug_return_int(AUTH_FATAL); |
||||
diff --git a/plugins/sudoers/auth/sudo_auth.c b/plugins/sudoers/auth/sudo_auth.c |
||||
index 6ef9bd72..5d9382dc 100644 |
||||
--- a/plugins/sudoers/auth/sudo_auth.c |
||||
+++ b/plugins/sudoers/auth/sudo_auth.c |
||||
@@ -163,7 +163,7 @@ sudo_auth_init(struct passwd *pw) |
||||
* Returns true on success, false on failure and -1 on error. |
||||
*/ |
||||
int |
||||
-sudo_auth_approval(struct passwd *pw, int validated) |
||||
+sudo_auth_approval(struct passwd *pw, int validated, bool exempt) |
||||
{ |
||||
sudo_auth *auth; |
||||
debug_decl(sudo_auth_approval, SUDOERS_DEBUG_AUTH) |
||||
@@ -171,7 +171,7 @@ sudo_auth_approval(struct passwd *pw, int validated) |
||||
/* Call approval routines. */ |
||||
for (auth = auth_switch; auth->name; auth++) { |
||||
if (auth->approval && !IS_DISABLED(auth)) { |
||||
- int status = (auth->approval)(pw, auth); |
||||
+ int status = (auth->approval)(pw, auth, exempt); |
||||
if (status != AUTH_SUCCESS) { |
||||
/* Assume error msg already printed. */ |
||||
log_auth_failure(validated, 0); |
||||
diff --git a/plugins/sudoers/auth/sudo_auth.h b/plugins/sudoers/auth/sudo_auth.h |
||||
index ea5ed9cd..9ae69cd5 100644 |
||||
--- a/plugins/sudoers/auth/sudo_auth.h |
||||
+++ b/plugins/sudoers/auth/sudo_auth.h |
||||
@@ -31,7 +31,7 @@ typedef struct sudo_auth { |
||||
int (*init)(struct passwd *pw, struct sudo_auth *auth); |
||||
int (*setup)(struct passwd *pw, char **prompt, struct sudo_auth *auth); |
||||
int (*verify)(struct passwd *pw, char *p, struct sudo_auth *auth, struct sudo_conv_callback *callback); |
||||
- int (*approval)(struct passwd *pw, struct sudo_auth *auth); |
||||
+ int (*approval)(struct passwd *pw, struct sudo_auth *auth, bool exempt); |
||||
int (*cleanup)(struct passwd *pw, struct sudo_auth *auth); |
||||
int (*begin_session)(struct passwd *pw, char **user_env[], struct sudo_auth *auth); |
||||
int (*end_session)(struct passwd *pw, struct sudo_auth *auth); |
||||
@@ -56,7 +56,7 @@ extern sudo_conv_t sudo_conv; |
||||
/* Prototypes for standalone methods */ |
||||
int bsdauth_init(struct passwd *pw, sudo_auth *auth); |
||||
int bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback); |
||||
-int bsdauth_approval(struct passwd *pw, sudo_auth *auth); |
||||
+int bsdauth_approval(struct passwd *pw, sudo_auth *auth, bool exempt); |
||||
int bsdauth_cleanup(struct passwd *pw, sudo_auth *auth); |
||||
int sudo_aix_init(struct passwd *pw, sudo_auth *auth); |
||||
int sudo_aix_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); |
||||
@@ -67,7 +67,7 @@ int sudo_fwtk_cleanup(struct passwd *pw, sudo_auth *auth); |
||||
int sudo_pam_init(struct passwd *pw, sudo_auth *auth); |
||||
int sudo_pam_init_quiet(struct passwd *pw, sudo_auth *auth); |
||||
int sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback); |
||||
-int sudo_pam_approval(struct passwd *pw, sudo_auth *auth); |
||||
+int sudo_pam_approval(struct passwd *pw, sudo_auth *auth, bool exempt); |
||||
int sudo_pam_cleanup(struct passwd *pw, sudo_auth *auth); |
||||
int sudo_pam_begin_session(struct passwd *pw, char **user_env[], sudo_auth *auth); |
||||
int sudo_pam_end_session(struct passwd *pw, sudo_auth *auth); |
||||
diff --git a/plugins/sudoers/check.c b/plugins/sudoers/check.c |
||||
index ed49d63a..486a80d8 100644 |
||||
--- a/plugins/sudoers/check.c |
||||
+++ b/plugins/sudoers/check.c |
||||
@@ -175,6 +175,7 @@ check_user(int validated, int mode) |
||||
{ |
||||
struct passwd *auth_pw; |
||||
int ret = -1; |
||||
+ bool exempt = false; |
||||
debug_decl(check_user, SUDOERS_DEBUG_AUTH) |
||||
|
||||
/* |
||||
@@ -194,6 +195,7 @@ check_user(int validated, int mode) |
||||
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: %s", __func__, |
||||
!def_authenticate ? "authentication disabled" : |
||||
"user exempt from authentication"); |
||||
+ exempt = true; |
||||
ret = true; |
||||
goto done; |
||||
} |
||||
@@ -218,7 +220,7 @@ check_user(int validated, int mode) |
||||
done: |
||||
if (ret == true) { |
||||
/* The approval function may disallow a user post-authentication. */ |
||||
- ret = sudo_auth_approval(auth_pw, validated); |
||||
+ ret = sudo_auth_approval(auth_pw, validated, exempt); |
||||
} |
||||
sudo_auth_cleanup(auth_pw); |
||||
sudo_pw_delref(auth_pw); |
||||
diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h |
||||
index 57db74c1..956cb084 100644 |
||||
--- a/plugins/sudoers/sudoers.h |
||||
+++ b/plugins/sudoers/sudoers.h |
||||
@@ -265,7 +265,7 @@ int verify_user(struct passwd *pw, char *prompt, int validated, struct sudo_conv |
||||
int sudo_auth_begin_session(struct passwd *pw, char **user_env[]); |
||||
int sudo_auth_end_session(struct passwd *pw); |
||||
int sudo_auth_init(struct passwd *pw); |
||||
-int sudo_auth_approval(struct passwd *pw, int validated); |
||||
+int sudo_auth_approval(struct passwd *pw, int validated, bool exempt); |
||||
int sudo_auth_cleanup(struct passwd *pw); |
||||
|
||||
/* set_perms.c */ |
||||
-- |
||||
2.13.6 |
||||
|
@ -0,0 +1,70 @@
@@ -0,0 +1,70 @@
|
||||
diff -up sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.json.ok.defaults-double-quote-fix sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.json.ok |
||||
--- sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.json.ok.defaults-double-quote-fix 2018-09-24 18:10:37.235000000 +0200 |
||||
+++ sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.json.ok 2018-09-24 18:11:40.153000000 +0200 |
||||
@@ -34,7 +34,7 @@ |
||||
}, |
||||
{ |
||||
"Binding": [ |
||||
- { "username": "%them" } |
||||
+ { "usergroup": "them" } |
||||
], |
||||
"Options": [ |
||||
{ "set_home": true } |
||||
@@ -42,7 +42,7 @@ |
||||
}, |
||||
{ |
||||
"Binding": [ |
||||
- { "username": "%: non UNIX 0 c" } |
||||
+ { "nonunixgroup": " non UNIX 0 c" } |
||||
], |
||||
"Options": [ |
||||
{ "set_home": true } |
||||
@@ -50,7 +50,7 @@ |
||||
}, |
||||
{ |
||||
"Binding": [ |
||||
- { "username": "+net" } |
||||
+ { "netgroup": "net" } |
||||
], |
||||
"Options": [ |
||||
{ "set_home": true } |
||||
diff -up sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.toke.ok.defaults-double-quote-fix sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.toke.ok |
||||
--- sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.toke.ok.defaults-double-quote-fix 2018-09-24 18:10:25.216000000 +0200 |
||||
+++ sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.toke.ok 2018-09-24 18:11:45.213000000 +0200 |
||||
@@ -29,9 +29,9 @@ DEFAULTS_HOST BEGINSTR STRBODY ENDSTR WO |
||||
# |
||||
DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR |
||||
DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR |
||||
-DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR |
||||
-DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR |
||||
-DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR |
||||
+DEFAULTS_USER BEGINSTR STRBODY ENDSTR USERGROUP DEFVAR |
||||
+DEFAULTS_USER BEGINSTR STRBODY ENDSTR USERGROUP DEFVAR |
||||
+DEFAULTS_USER BEGINSTR STRBODY ENDSTR NETGROUP DEFVAR |
||||
|
||||
# |
||||
DEFAULTS_RUNAS BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR |
||||
diff -up sudo-1.8.23/plugins/sudoers/toke.c.defaults-double-quote-fix sudo-1.8.23/plugins/sudoers/toke.c |
||||
--- sudo-1.8.23/plugins/sudoers/toke.c.defaults-double-quote-fix 2018-04-29 21:59:23.000000000 +0200 |
||||
+++ sudo-1.8.23/plugins/sudoers/toke.c 2018-09-24 18:06:15.527000000 +0200 |
||||
@@ -2395,7 +2395,7 @@ YY_RULE_SETUP |
||||
LEXTRACE("ERROR "); /* empty string */ |
||||
LEXRETURN(ERROR); |
||||
} |
||||
- if (prev_state == INITIAL) { |
||||
+ if (prev_state == INITIAL || prev_state == GOTDEFS) { |
||||
switch (sudoerslval.string[0]) { |
||||
case '%': |
||||
if (sudoerslval.string[1] == '\0' || |
||||
diff -up sudo-1.8.23/plugins/sudoers/toke.l.defaults-double-quote-fix sudo-1.8.23/plugins/sudoers/toke.l |
||||
--- sudo-1.8.23/plugins/sudoers/toke.l.defaults-double-quote-fix 2018-04-29 21:59:23.000000000 +0200 |
||||
+++ sudo-1.8.23/plugins/sudoers/toke.l 2018-09-24 18:06:15.528000000 +0200 |
||||
@@ -187,7 +187,7 @@ DEFVAR [a-z_]+ |
||||
LEXTRACE("ERROR "); /* empty string */ |
||||
LEXRETURN(ERROR); |
||||
} |
||||
- if (prev_state == INITIAL) { |
||||
+ if (prev_state == INITIAL || prev_state == GOTDEFS) { |
||||
switch (sudoerslval.string[0]) { |
||||
case '%': |
||||
if (sudoerslval.string[1] == '\0' || |
@ -0,0 +1,27 @@
@@ -0,0 +1,27 @@
|
||||
diff -up sudo-1.8.23/plugins/sudoers/ldap.c.ldapsearchuidfix sudo-1.8.23/plugins/sudoers/ldap.c |
||||
--- sudo-1.8.23/plugins/sudoers/ldap.c.ldapsearchuidfix 2018-04-29 21:59:31.000000000 +0200 |
||||
+++ sudo-1.8.23/plugins/sudoers/ldap.c 2018-06-18 08:34:01.202686941 +0200 |
||||
@@ -1189,8 +1189,8 @@ sudo_ldap_build_pass1(LDAP *ld, struct p |
||||
if (ldap_conf.search_filter) |
||||
sz += strlen(ldap_conf.search_filter); |
||||
|
||||
- /* Then add (|(sudoUser=USERNAME)(sudoUser=ALL)) + NUL */ |
||||
- sz += 29 + sudo_ldap_value_len(pw->pw_name); |
||||
+ /* Then add (|(sudoUser=USERNAME)(sudoUser=#uid)(sudoUser=ALL)) + NUL */ |
||||
+ sz += 29 + (12 + MAX_UID_T_LEN) + sudo_ldap_value_len(pw->pw_name); |
||||
|
||||
/* Add space for primary and supplementary groups and gids */ |
||||
if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) { |
||||
@@ -1253,6 +1253,12 @@ sudo_ldap_build_pass1(LDAP *ld, struct p |
||||
CHECK_LDAP_VCAT(buf, pw->pw_name, sz); |
||||
CHECK_STRLCAT(buf, ")", sz); |
||||
|
||||
+ /* Append user uid */ |
||||
+ (void) snprintf(gidbuf, sizeof(gidbuf), "%u", (unsigned int)pw->pw_uid); |
||||
+ (void) strlcat(buf, "(sudoUser=#", sz); |
||||
+ (void) strlcat(buf, gidbuf, sz); |
||||
+ (void) strlcat(buf, ")", sz); |
||||
+ |
||||
/* Append primary group and gid */ |
||||
if (grp != NULL) { |
||||
CHECK_STRLCAT(buf, "(sudoUser=%", sz); |
@ -0,0 +1,89 @@
@@ -0,0 +1,89 @@
|
||||
diff -up sudo-1.8.23/plugins/sudoers/cvtsudoers.c.legacy-group-processing sudo-1.8.23/plugins/sudoers/cvtsudoers.c |
||||
--- sudo-1.8.23/plugins/sudoers/cvtsudoers.c.legacy-group-processing 2018-06-28 11:24:25.966475241 +0200 |
||||
+++ sudo-1.8.23/plugins/sudoers/cvtsudoers.c 2018-06-28 11:26:40.215025493 +0200 |
||||
@@ -321,6 +321,15 @@ main(int argc, char *argv[]) |
||||
sudo_fatalx("error: unhandled input %d", input_format); |
||||
} |
||||
|
||||
+ /* |
||||
+ * cvtsudoers group filtering doesn't work if def_match_group_by_gid |
||||
+ * is set to true by default (at compile-time). It cannot be set to false |
||||
+ * because cvtsudoers doesn't apply the parsed Defaults. |
||||
+ * |
||||
+ * Related: sudo-1.8.23-legacy-group-processing.patch |
||||
+ */ |
||||
+ def_match_group_by_gid = def_legacy_group_processing = false; |
||||
+ |
||||
/* Apply filters. */ |
||||
filter_userspecs(conf); |
||||
filter_defaults(conf); |
||||
diff -up sudo-1.8.23/plugins/sudoers/defaults.c.legacy-group-processing sudo-1.8.23/plugins/sudoers/defaults.c |
||||
--- sudo-1.8.23/plugins/sudoers/defaults.c.legacy-group-processing 2018-04-29 21:59:31.000000000 +0200 |
||||
+++ sudo-1.8.23/plugins/sudoers/defaults.c 2018-06-28 11:24:25.966475241 +0200 |
||||
@@ -87,6 +87,7 @@ static struct early_default early_defaul |
||||
{ I_FQDN }, |
||||
#endif |
||||
{ I_MATCH_GROUP_BY_GID }, |
||||
+ { I_LEGACY_GROUP_PROCESSING }, |
||||
{ I_GROUP_PLUGIN }, |
||||
{ I_RUNAS_DEFAULT }, |
||||
{ I_SUDOERS_LOCALE }, |
||||
@@ -488,6 +489,8 @@ init_defaults(void) |
||||
} |
||||
|
||||
/* First initialize the flags. */ |
||||
+ def_legacy_group_processing = true; |
||||
+ def_match_group_by_gid = true; |
||||
#ifdef LONG_OTP_PROMPT |
||||
def_long_otp_prompt = true; |
||||
#endif |
||||
diff -up sudo-1.8.23/plugins/sudoers/def_data.c.legacy-group-processing sudo-1.8.23/plugins/sudoers/def_data.c |
||||
--- sudo-1.8.23/plugins/sudoers/def_data.c.legacy-group-processing 2018-04-29 21:59:31.000000000 +0200 |
||||
+++ sudo-1.8.23/plugins/sudoers/def_data.c 2018-06-28 11:24:25.966475241 +0200 |
||||
@@ -494,6 +494,10 @@ struct sudo_defs_types sudo_defs_table[] |
||||
N_("Ignore case when matching group names"), |
||||
NULL, |
||||
}, { |
||||
+ "legacy_group_processing", T_FLAG, |
||||
+ N_("Don't pre-resolve all group names"), |
||||
+ NULL, |
||||
+ }, { |
||||
NULL, 0, NULL |
||||
} |
||||
}; |
||||
diff -up sudo-1.8.23/plugins/sudoers/def_data.h.legacy-group-processing sudo-1.8.23/plugins/sudoers/def_data.h |
||||
--- sudo-1.8.23/plugins/sudoers/def_data.h.legacy-group-processing 2018-04-29 21:59:31.000000000 +0200 |
||||
+++ sudo-1.8.23/plugins/sudoers/def_data.h 2018-06-28 11:24:25.967475238 +0200 |
||||
@@ -226,6 +226,8 @@ |
||||
#define def_case_insensitive_user (sudo_defs_table[I_CASE_INSENSITIVE_USER].sd_un.flag) |
||||
#define I_CASE_INSENSITIVE_GROUP 113 |
||||
#define def_case_insensitive_group (sudo_defs_table[I_CASE_INSENSITIVE_GROUP].sd_un.flag) |
||||
+#define I_LEGACY_GROUP_PROCESSING 114 |
||||
+#define def_legacy_group_processing (sudo_defs_table[I_LEGACY_GROUP_PROCESSING].sd_un.flag) |
||||
|
||||
enum def_tuple { |
||||
never, |
||||
diff -up sudo-1.8.23/plugins/sudoers/def_data.in.legacy-group-processing sudo-1.8.23/plugins/sudoers/def_data.in |
||||
--- sudo-1.8.23/plugins/sudoers/def_data.in.legacy-group-processing 2018-04-29 21:59:31.000000000 +0200 |
||||
+++ sudo-1.8.23/plugins/sudoers/def_data.in 2018-06-28 11:24:25.967475238 +0200 |
||||
@@ -357,3 +357,6 @@ case_insensitive_user |
||||
case_insensitive_group |
||||
T_FLAG |
||||
"Ignore case when matching group names" |
||||
+legacy_group_processing |
||||
+ T_FLAG |
||||
+ "Don't pre-resolve all group names" |
||||
diff -up sudo-1.8.23/plugins/sudoers/sudoers.c.legacy-group-processing sudo-1.8.23/plugins/sudoers/sudoers.c |
||||
--- sudo-1.8.23/plugins/sudoers/sudoers.c.legacy-group-processing 2018-04-29 21:59:31.000000000 +0200 |
||||
+++ sudo-1.8.23/plugins/sudoers/sudoers.c 2018-06-28 11:24:25.967475238 +0200 |
||||
@@ -209,6 +209,10 @@ sudoers_policy_init(void *info, char * c |
||||
if (set_loginclass(runas_pw ? runas_pw : sudo_user.pw)) |
||||
ret = true; |
||||
|
||||
+ if (!def_match_group_by_gid || !def_legacy_group_processing) { |
||||
+ def_match_group_by_gid = false; |
||||
+ def_legacy_group_processing = false; |
||||
+ } |
||||
cleanup: |
||||
if (!restore_perms()) |
||||
ret = -1; |
@ -0,0 +1,61 @@
@@ -0,0 +1,61 @@
|
||||
diff -up sudo-1.8.23/plugins/sudoers/def_data.c.nowaitopt sudo-1.8.23/plugins/sudoers/def_data.c |
||||
--- sudo-1.8.23/plugins/sudoers/def_data.c.nowaitopt 2018-06-18 09:36:34.249307795 +0200 |
||||
+++ sudo-1.8.23/plugins/sudoers/def_data.c 2018-06-18 09:43:12.122986032 +0200 |
||||
@@ -498,6 +498,10 @@ struct sudo_defs_types sudo_defs_table[] |
||||
N_("Don't pre-resolve all group names"), |
||||
NULL, |
||||
}, { |
||||
+ "cmnd_no_wait", T_FLAG, |
||||
+ N_("Don't fork and wait for the command to finish, just exec it"), |
||||
+ NULL, |
||||
+ }, { |
||||
NULL, 0, NULL |
||||
} |
||||
}; |
||||
diff -up sudo-1.8.23/plugins/sudoers/def_data.h.nowaitopt sudo-1.8.23/plugins/sudoers/def_data.h |
||||
--- sudo-1.8.23/plugins/sudoers/def_data.h.nowaitopt 2018-06-18 09:36:34.250307792 +0200 |
||||
+++ sudo-1.8.23/plugins/sudoers/def_data.h 2018-06-18 09:43:44.541878327 +0200 |
||||
@@ -228,6 +228,8 @@ |
||||
#define def_case_insensitive_group (sudo_defs_table[I_CASE_INSENSITIVE_GROUP].sd_un.flag) |
||||
#define I_LEGACY_GROUP_PROCESSING 114 |
||||
#define def_legacy_group_processing (sudo_defs_table[I_LEGACY_GROUP_PROCESSING].sd_un.flag) |
||||
+#define I_CMND_NO_WAIT 115 |
||||
+#define def_cmnd_no_wait (sudo_defs_table[I_CMND_NO_WAIT].sd_un.flag) |
||||
|
||||
enum def_tuple { |
||||
never, |
||||
diff -up sudo-1.8.23/plugins/sudoers/def_data.in.nowaitopt sudo-1.8.23/plugins/sudoers/def_data.in |
||||
--- sudo-1.8.23/plugins/sudoers/def_data.in.nowaitopt 2018-06-18 09:36:34.250307792 +0200 |
||||
+++ sudo-1.8.23/plugins/sudoers/def_data.in 2018-06-18 09:45:00.076627403 +0200 |
||||
@@ -360,3 +360,6 @@ case_insensitive_group |
||||
legacy_group_processing |
||||
T_FLAG |
||||
"Don't pre-resolve all group names" |
||||
+cmnd_no_wait |
||||
+ T_FLAG |
||||
+ "Don't fork and wait for the command to finish, just exec it" |
||||
diff -up sudo-1.8.23/plugins/sudoers/policy.c.nowaitopt sudo-1.8.23/plugins/sudoers/policy.c |
||||
diff -up sudo-1.8.23/plugins/sudoers/sudoers.c.nowaitopt sudo-1.8.23/plugins/sudoers/sudoers.c |
||||
--- sudo-1.8.23/plugins/sudoers/sudoers.c.nowaitopt 2018-06-18 11:31:51.883751328 +0200 |
||||
+++ sudo-1.8.23/plugins/sudoers/sudoers.c 2018-06-18 11:31:03.670899166 +0200 |
||||
@@ -213,6 +213,20 @@ sudoers_policy_init(void *info, char * c |
||||
def_match_group_by_gid = false; |
||||
def_legacy_group_processing = false; |
||||
} |
||||
+ |
||||
+ /* |
||||
+ * Emulate cmnd_no_wait option by disabling PAM session, PTY allocation |
||||
+ * and I/O logging. This will cause sudo to execute the given command |
||||
+ * directly instead of forking a separate process for it. |
||||
+ */ |
||||
+ if (def_cmnd_no_wait) { |
||||
+ def_pam_setcred = false; |
||||
+ def_pam_session = false; |
||||
+ def_use_pty = false; |
||||
+ def_log_input = false; |
||||
+ def_log_output = false; |
||||
+ } |
||||
+ |
||||
cleanup: |
||||
if (!restore_perms()) |
||||
ret = -1; |
@ -0,0 +1,32 @@
@@ -0,0 +1,32 @@
|
||||
diff -up sudo-1.8.23/doc/Makefile.in.sudoldapconfman sudo-1.8.23/doc/Makefile.in |
||||
--- sudo-1.8.23/doc/Makefile.in.sudoldapconfman 2018-05-23 13:38:08.347538854 +0200 |
||||
+++ sudo-1.8.23/doc/Makefile.in 2018-05-23 13:38:12.806523146 +0200 |
||||
@@ -345,10 +345,16 @@ install-doc: install-dirs |
||||
rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \ |
||||
echo ln -s sudo.$(mansectsu)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \ |
||||
ln -s sudo.$(mansectsu)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \ |
||||
+ rm -f $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform)$(MANCOMPRESSEXT); \ |
||||
+ echo ln -s sudoers.ldap.$(mansectform)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform)$(MANCOMPRESSEXT); \ |
||||
+ ln -s sudoers.ldap.$(mansectform)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform)$(MANCOMPRESSEXT); \ |
||||
else \ |
||||
rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \ |
||||
echo ln -s sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \ |
||||
ln -s sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \ |
||||
+ rm -f $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform); \ |
||||
+ echo ln -s sudoers.ldap.$(mansectform) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform); \ |
||||
+ ln -s sudoers.ldap.$(mansectform) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform); \ |
||||
fi |
||||
|
||||
install-plugin: |
||||
@@ -363,8 +369,9 @@ uninstall: |
||||
$(DESTDIR)$(mandirsu)/visudo.$(mansectsu) \ |
||||
$(DESTDIR)$(mandirform)/sudo.conf.$(mansectform) \ |
||||
$(DESTDIR)$(mandirform)/sudoers.$(mansectform) \ |
||||
- $(DESTDIR)$(mandirform)/sudoers_timestamp.$(mansectform) |
||||
- $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) |
||||
+ $(DESTDIR)$(mandirform)/sudoers_timestamp.$(mansectform) \ |
||||
+ $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) \ |
||||
+ $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform) |
||||
|
||||
splint: |
||||
|
Loading…
Reference in new issue