powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
base/SOURCES/sudo-1.8.6p7-pam_servicebac...

222 lines
8.6 KiB
Diff
Raw Blame History

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

diff -up sudo-1.8.6p7/configure.in.pam_servicebackport sudo-1.8.6p7/configure.in
--- sudo-1.8.6p7/configure.in.pam_servicebackport 2016-05-09 15:36:30.213715598 +0200
+++ sudo-1.8.6p7/configure.in 2016-05-09 15:36:30.237715261 +0200
@@ -121,6 +121,7 @@ AC_SUBST([nsswitch_conf])
AC_SUBST([netsvc_conf])
AC_SUBST([secure_path])
AC_SUBST([editor])
+AC_SUBST([pam_login_service])
#
# Begin initial values for man page substitution
#
@@ -160,6 +161,7 @@ netsvc_conf=/etc/netsvc.conf
noexec_file=/usr/local/libexec/sudo_noexec.so
nsswitch_conf=/etc/nsswitch.conf
secure_path="not set"
+pam_login_service=sudo
#
# End initial values for man page substitution
#
@@ -2717,6 +2719,7 @@ if test ${with_pam-"no"} != "no"; then
yes) AC_DEFINE([HAVE_PAM_LOGIN])
AC_MSG_CHECKING(whether to use PAM login)
AC_MSG_RESULT(yes)
+ pam_login_service="sudo-i"
;;
no) ;;
*) AC_MSG_ERROR(["--with-pam-login does not take an argument."])
diff -up sudo-1.8.6p7/configure.pam_servicebackport sudo-1.8.6p7/configure
--- sudo-1.8.6p7/configure.pam_servicebackport 2013-02-25 20:48:02.000000000 +0100
+++ sudo-1.8.6p7/configure 2016-05-09 15:36:30.238715247 +0200
@@ -658,6 +658,7 @@ OBJEXT
EXEEXT
ac_ct_CC
CC
+pam_login_service
editor
secure_path
netsvc_conf
@@ -2959,6 +2960,7 @@ netsvc_conf=/etc/netsvc.conf
noexec_file=/usr/local/libexec/sudo_noexec.so
nsswitch_conf=/etc/nsswitch.conf
secure_path="not set"
+pam_login_service=sudo
#
# End initial values for man page substitution
#
@@ -18631,6 +18633,7 @@ if test "${with_pam_login+set}" = set; t
$as_echo_n "checking whether to use PAM login... " >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
+ pam_login_service="sudo-i"
;;
no) ;;
*) as_fn_error $? "\"--with-pam-login does not take an argument.\"" "$LINENO" 5
diff -up sudo-1.8.6p7/doc/sudoers.cat.pam_servicebackport sudo-1.8.6p7/doc/sudoers.cat
--- sudo-1.8.6p7/doc/sudoers.cat.pam_servicebackport 2016-05-09 15:36:30.222715472 +0200
+++ sudo-1.8.6p7/doc/sudoers.cat 2016-05-09 15:36:30.239715233 +0200
@@ -1245,6 +1245,18 @@ SSUUDDOOEERRSS OOPPTTIIOONN
noexec file should now be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f
file.
+ pam_login_service
+ On systems that use PAM for authentication, this is the
+ service name used when the -^H-i^Hi option is specified. The
+ default value is ``sudo''. See the description of
+ _^Hp_^Ha_^Hm_^H__^Hs_^He_^Hr_^Hv_^Hi_^Hc_^He for more information.
+
+ pam_service On systems that use PAM for authentication, the service
+ name specifies the PAM policy to apply. This usually
+ corresponds to an entry in the _^Hp_^Ha_^Hm_^H._^Hc_^Ho_^Hn_^Hf file or a fi
+ in the _^H/_^He_^Ht_^Hc_^H/_^Hp_^Ha_^Hm_^H._^Hd directory. The default valu
+ ``sudo''.
+
passprompt The default prompt to use when asking for a password;
can be overridden via the --pp option or the SUDO_PROMPT
environment variable. The following percent (`%')
diff -up sudo-1.8.6p7/doc/sudoers.man.in.pam_servicebackport sudo-1.8.6p7/doc/sudoers.man.in
--- sudo-1.8.6p7/doc/sudoers.man.in.pam_servicebackport 2016-05-09 15:36:30.223715458 +0200
+++ sudo-1.8.6p7/doc/sudoers.man.in 2016-05-09 15:36:30.239715233 +0200
@@ -2628,6 +2628,29 @@ The path to the noexec file should now b
\fI@sysconfdir@/sudo.conf\fR
file.
.TP 18n
+pam_login_service
+.br
+On systems that use PAM for authentication, this is the service
+name used when the
+\fB\-i\fR
+option is specified.
+The default value is
+``\fR@pam_login_service@\fR''.
+See the description of
+\fIpam_service\fR
+for more information.
+.TP 18n
+pam_service
+On systems that use PAM for authentication, the service name
+specifies the PAM policy to apply.
+This usually corresponds to an entry in the
+\fIpam.conf\fR
+file or a file in the
+\fI/etc/pam.d\fR
+directory.
+The default value is
+``\fRsudo\fR''.
+.TP 18n
passprompt
The default prompt to use when asking for a password; can be overridden via the
\fB\-p\fR
diff -up sudo-1.8.6p7/doc/sudoers.mdoc.in.pam_servicebackport sudo-1.8.6p7/doc/sudoers.mdoc.in
--- sudo-1.8.6p7/doc/sudoers.mdoc.in.pam_servicebackport 2016-05-09 15:36:30.223715458 +0200
+++ sudo-1.8.6p7/doc/sudoers.mdoc.in 2016-05-09 15:36:30.240715219 +0200
@@ -2464,6 +2464,26 @@ This option is no longer supported.
The path to the noexec file should now be set in the
.Pa @sysconfdir@/sudo.conf
file.
+.It pam_login_service
+On systems that use PAM for authentication, this is the service
+name used when the
+.Fl i
+option is specified.
+The default value is
+.Dq Li @pam_login_service@ .
+See the description of
+.Em pam_service
+for more information.
+.It pam_service
+On systems that use PAM for authentication, the service name
+specifies the PAM policy to apply.
+This usually corresponds to an entry in the
+.Pa pam.conf
+file or a file in the
+.Pa /etc/pam.d
+directory.
+The default value is
+.Dq Li sudo .
.It passprompt
The default prompt to use when asking for a password; can be overridden via the
.Fl p
diff -up sudo-1.8.6p7/plugins/sudoers/auth/pam.c.pam_servicebackport sudo-1.8.6p7/plugins/sudoers/auth/pam.c
--- sudo-1.8.6p7/plugins/sudoers/auth/pam.c.pam_servicebackport 2016-05-09 15:36:30.202715752 +0200
+++ sudo-1.8.6p7/plugins/sudoers/auth/pam.c 2016-05-09 15:36:30.240715219 +0200
@@ -90,12 +90,8 @@ sudo_pam_init(struct passwd *pw, sudo_au
if (auth != NULL)
auth->data = (void *) &pam_status;
pam_conv.conv = converse;
-#ifdef HAVE_PAM_LOGIN
- if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
- pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh);
- else
-#endif
- pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
+ pam_status = pam_start(ISSET(sudo_mode, MODE_LOGIN_SHELL) ?
+ def_pam_login_service : def_pam_service, pw->pw_name, &pam_conv, &pamh);
if (pam_status != PAM_SUCCESS) {
log_error(USE_ERRNO|NO_MAIL, _("unable to initialize PAM"));
debug_return_int(AUTH_FATAL);
diff -up sudo-1.8.6p7/plugins/sudoers/defaults.c.pam_servicebackport sudo-1.8.6p7/plugins/sudoers/defaults.c
--- sudo-1.8.6p7/plugins/sudoers/defaults.c.pam_servicebackport 2016-05-09 15:36:30.234715304 +0200
+++ sudo-1.8.6p7/plugins/sudoers/defaults.c 2016-05-09 15:36:30.240715219 +0200
@@ -424,6 +424,13 @@ init_defaults(void)
def_env_reset = ENV_RESET;
def_set_logname = true;
def_closefrom = STDERR_FILENO + 1;
+ def_pam_service = estrdup("sudo");
+#ifdef HAVE_PAM_LOGIN
+ def_pam_login_service = estrdup("sudo-i");
+#else
+ def_pam_login_service = estrdup("sudo");
+#endif
+
/* Syslog options need special care since they both strings and ints */
#if (LOGGING & SLOG_SYSLOG)
diff -up sudo-1.8.6p7/plugins/sudoers/def_data.c.pam_servicebackport sudo-1.8.6p7/plugins/sudoers/def_data.c
--- sudo-1.8.6p7/plugins/sudoers/def_data.c.pam_servicebackport 2016-05-09 15:36:30.234715304 +0200
+++ sudo-1.8.6p7/plugins/sudoers/def_data.c 2016-05-09 15:36:30.240715219 +0200
@@ -363,6 +363,14 @@ struct sudo_defs_types sudo_defs_table[]
N_("Use both user and host/domain fields when matching netgroups"),
NULL,
}, {
+ "pam_service", T_STR,
+ N_("PAM service name to use"),
+ NULL,
+ }, {
+ "pam_login_service", T_STR,
+ N_("PAM service name to use for login shells"),
+ NULL,
+ }, {
NULL, 0, NULL
}
};
diff -up sudo-1.8.6p7/plugins/sudoers/def_data.h.pam_servicebackport sudo-1.8.6p7/plugins/sudoers/def_data.h
--- sudo-1.8.6p7/plugins/sudoers/def_data.h.pam_servicebackport 2016-05-09 15:36:30.235715289 +0200
+++ sudo-1.8.6p7/plugins/sudoers/def_data.h 2016-05-09 15:36:30.240715219 +0200
@@ -168,6 +168,11 @@
#define I_LEGACY_GROUP_PROCESSING 83
#define def_netgroup_tuple (sudo_defs_table[84].sd_un.flag)
#define I_NETGROUP_TUPLE 84
+#define def_pam_service (sudo_defs_table[85].sd_un.str)
+#define I_PAM_SERVICE 85
+#define def_pam_login_service (sudo_defs_table[86].sd_un.str)
+#define I_PAM_LOGIN_SERVICE 86
+
enum def_tuple {
never,
diff -up sudo-1.8.6p7/plugins/sudoers/def_data.in.pam_servicebackport sudo-1.8.6p7/plugins/sudoers/def_data.in
--- sudo-1.8.6p7/plugins/sudoers/def_data.in.pam_servicebackport 2013-02-25 20:42:44.000000000 +0100
+++ sudo-1.8.6p7/plugins/sudoers/def_data.in 2016-05-09 15:36:30.240715219 +0200
@@ -259,3 +259,10 @@ privs
limitprivs
T_STR
"Set of limit privileges"
+pam_service
+ T_STR
+ "PAM service name to use"
+pam_login_service
+ T_STR
+ "PAM service name to use for login shells"
+
Reference in New Issue View Git Blame Copy Permalink