Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/sudo/patches/02-pam_setcred.patch
author Vladimir Marek <Vladimir.Marek@oracle.com>
Thu, 10 Apr 2014 15:30:14 +0200
changeset 1830 93243cb310c5
parent 1790 5185544d0b6e
permissions -rw-r--r--
17890284 Update to sudo version 1.8.9p5
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1790
5185544d0b6e 16446717 add Solaris adt_*() auditing to sudo
April Chin <april.chin@oracle.com>
parents: 1518
diff changeset 
     1
 
Fix for
5185544d0b6e 16446717 add Solaris adt_*() auditing to sudo
April Chin <april.chin@oracle.com>
parents: 1518
diff changeset 
     2
 
17617070 sudo does not use pam_setcred correctly to set the audit context
5185544d0b6e 16446717 add Solaris adt_*() auditing to sudo
April Chin <april.chin@oracle.com>
parents: 1518
diff changeset 
     3
 







1830






93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




     4


This fix is submitted as http://www.sudo.ws/bugs/show_bug.cgi?id=642













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




     5














93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




     6


Sudo 1.8.9p5 has another problem, pam_setcred configuration option is not













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




     7


enabled by default despite what is said in sudoers(4). Fix for that is













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




     8


accumulated in this patch as it will be submitted together with the













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




     9


PAM_REINITIALIZE_CRED fix.








1790






5185544d0b6e
16446717 add Solaris adt_*() auditing to sudo



April Chin <april.chin@oracle.com>


parents: 
1518

diff
changeset




    10









1830






93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    11


--- sudo-1.8.9p5/plugins/sudoers/auth/pam.c	2014-02-07 10:25:08.979359126 +0100













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    12


+++ sudo-1.8.9p5/plugins/sudoers/auth/pam.c	2014-02-07 10:24:43.823180676 +0100













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    13


@@ -236,9 +236,11 @@













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    14


      * PAM_SUCCESS from another.  For example, given a non-local user,













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    15


      * pam_unix will fail but pam_ldap or pam_sss may succeed, but if













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    16


      * pam_unix is first in the stack, pam_setcred() will fail.








1518






4dc3f734af5e
17617070 sudo does not use pam_setcred correctly to set the audit context.



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    17


+     *








1830






93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    18


+     * Reinitialize credentials when changing a user.








1518






4dc3f734af5e
17617070 sudo does not use pam_setcred correctly to set the audit context.



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    19


      */








1830






93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    20


     if (def_pam_setcred)













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    21


-	(void) pam_setcred(pamh, PAM_ESTABLISH_CRED);













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    22


+	(void) pam_setcred(pamh, PAM_REINITIALIZE_CRED);








1518






4dc3f734af5e
17617070 sudo does not use pam_setcred correctly to set the audit context.



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    23


 








1830






93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    24


     if (def_pam_session) {













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    25


 	*pam_status = pam_open_session(pamh, 0);













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    26


--- sudo-1.8.9p5/plugins/sudoers/defaults.c	2014-03-28 15:33:41.941482037 -0700













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    27


+++ sudo-1.8.9p5/plugins/sudoers/defaults.c	2014-03-28 15:22:36.457133334 -0700













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    28


@@ -485,6 +485,7 @@ init_defaults(void)













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    29


 #endif













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    30


     def_editor = estrdup(EDITOR);













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    31


     def_set_utmp = true;













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    32


+    def_pam_setcred = true;













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    33


 













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    34


     /* Finally do the lists (currently just environment tables). */













93243cb310c5
17890284 Update to sudo version 1.8.9p5



Vladimir Marek <Vladimir.Marek@oracle.com>


parents: 
1790

diff
changeset




    35


     init_envtables();















upstream/oracle/userland-gate