Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/sudo/patches/02-pam_setcred.patch
changeset 1790 5185544d0b6e
parent 1518 4dc3f734af5e
child 1830 93243cb310c5 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/sudo/patches/02-pam_setcred.patch	Tue Mar 25 21:42:23 2014 -0700
@@ -0,0 +1,21 @@
+Fix for
+17617070 sudo does not use pam_setcred correctly to set the audit context
+
+This fix will be submitted upstream to the latest sudo release,
+currently 1.8.10p2.
+
+diff -ru sudo-1.8.6p7-orig//plugins/sudoers/auth/pam.c sudo-1.8.6p7/plugins/sudoers/auth/pam.c
+--- sudo-1.8.6p7-orig//plugins/sudoers/auth/pam.c	Mon Feb 25 11:42:44 2013
++++ sudo-1.8.6p7/plugins/sudoers/auth/pam.c	Mon Oct 21 13:32:27 2013
+@@ -229,8 +229,10 @@
+      * for the setcred module.  Because we haven't called pam_authenticate(),
+      * this is not set and so pam_setcred() returns PAM_PERM_DENIED.
+      * We can't call pam_acct_mgmt() with Linux-PAM for a similar reason.
++     *
++     * Reinitialize credentials when changing a user. 
+      */
+-    (void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
++    (void) pam_setcred(pamh, PAM_REINITIALIZE_CRED);
+ 
+ #ifdef HAVE_PAM_GETENVLIST
+     /*
upstream/oracle/userland-gate