upstream/oracle/userland-gate: components/sudo/patches/02-pam

3048 4941064bbcd3 16446717 add Solaris adt_() auditing to sudo April Chin <april.chin@oracle.com>* parents: diff changeset	1	Fix for
4941064bbcd3 16446717 add Solaris adt_() auditing to sudo April Chin <april.chin@oracle.com>* parents: diff changeset	2	17617070 sudo does not use pam_setcred correctly to set the audit context
4941064bbcd3 16446717 add Solaris adt_() auditing to sudo April Chin <april.chin@oracle.com>* parents: diff changeset	3
3208 73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	4	This fix is submitted as http://www.sudo.ws/bugs/show_bug.cgi?id=642
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	5
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	6	Sudo 1.8.9p5 has another problem, pam_setcred configuration option is not
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	7	enabled by default despite what is said in sudoers(4). Fix for that is
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	8	accumulated in this patch as it will be submitted together with the
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	9	PAM_REINITIALIZE_CRED fix.
3048 4941064bbcd3 16446717 add Solaris adt_() auditing to sudo April Chin <april.chin@oracle.com>* parents: diff changeset	10
3208 73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	11	--- sudo-1.8.9p5/plugins/sudoers/auth/pam.c 2014-02-07 10:25:08.979359126 +0100
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	12	+++ sudo-1.8.9p5/plugins/sudoers/auth/pam.c 2014-02-07 10:24:43.823180676 +0100
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	13	@@ -236,9 +236,11 @@
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	14	* PAM_SUCCESS from another. For example, given a non-local user,
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	15	* pam_unix will fail but pam_ldap or pam_sss may succeed, but if
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	16	* pam_unix is first in the stack, pam_setcred() will fail.
3048 4941064bbcd3 16446717 add Solaris adt_() auditing to sudo April Chin <april.chin@oracle.com>* parents: diff changeset	17	+ *
3208 73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	18	+ * Reinitialize credentials when changing a user.
3048 4941064bbcd3 16446717 add Solaris adt_() auditing to sudo April Chin <april.chin@oracle.com>* parents: diff changeset	19	*/
3208 73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	20	if (def_pam_setcred)
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	21	- (void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	22	+ (void) pam_setcred(pamh, PAM_REINITIALIZE_CRED);
3048 4941064bbcd3 16446717 add Solaris adt_() auditing to sudo April Chin <april.chin@oracle.com>* parents: diff changeset	23
3208 73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	24	if (def_pam_session) {
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	25	*pam_status = pam_open_session(pamh, 0);
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	26	--- sudo-1.8.9p5/plugins/sudoers/defaults.c 2014-03-28 15:33:41.941482037 -0700
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	27	+++ sudo-1.8.9p5/plugins/sudoers/defaults.c 2014-03-28 15:22:36.457133334 -0700
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	28	@@ -485,6 +485,7 @@ init_defaults(void)
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	29	#endif
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	30	def_editor = estrdup(EDITOR);
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	31	def_set_utmp = true;
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	32	+ def_pam_setcred = true;
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	33
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	34	/* Finally do the lists (currently just environment tables). */
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: 3048 diff changeset	35	init_envtables();

author	John Beck <John.Beck@Oracle.COM>
	Thu, 04 Sep 2014 13:24:25 -0700
branch	s11-update
changeset 3296	7473810861d1
parent 3208	73ff78fac05b
permissions	-rw-r--r--