[packages/sudo.git] / sudo-pam-login.patch

--- sudo-1.6.8p12/configure.in.login	2006-07-16 15:25:33.000000000 +0200
+++ sudo-1.6.8p12/configure.in	2006-07-16 15:49:08.000000000 +0200
@@ -357,6 +357,17 @@
 		;;
 esac])
 
+AC_ARG_WITH(pam-login, [  --with-pam-login              enable specific PAM session for sudo -i],
+[case $with_pam_login in
+    yes)	AC_DEFINE(HAVE_PAM_LOGIN)
+		AC_MSG_CHECKING(whether to use PAM login)
+		AC_MSG_RESULT(yes)
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR(["--with-pam-login does not take an argument."])
+		;;
+esac])
+
 AC_ARG_WITH(AFS, [  --with-AFS              enable AFS support],
 [case $with_AFS in
     yes)	AC_DEFINE(HAVE_AFS)
--- sudo-1.6.8p12/sudo.c.login	2006-07-16 15:39:26.000000000 +0200
+++ sudo-1.6.8p12/sudo.c	2006-07-16 15:41:42.000000000 +0200
@@ -109,7 +109,7 @@
 static struct passwd *get_authpw	__P((void));
 extern int sudo_edit			__P((int, char **));
 extern void list_matches		__P((void));
-extern char **rebuild_env		__P((char **, int, int));
+extern char **rebuild_env		__P((char **, int));
 extern char **zero_env			__P((char **));
 extern struct passwd *sudo_getpwnam	__P((const char *));
 extern struct passwd *sudo_getpwuid	__P((uid_t));
@@ -140,6 +140,7 @@
 #endif /* HAVE_BSD_AUTH_H */
 sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp, saved_sa_chld;
 void (*set_perms) __P((int));
+int sudo_mode;
 
 
 int
@@ -151,7 +152,6 @@
     int validated;
     int fd;
     int cmnd_status;
-    int sudo_mode;
     int pwflag;
     char **new_environ;
     sigaction_t sa;
@@ -368,7 +368,7 @@
 
     /* Build a new environment that avoids any nasty bits if we have a cmnd. */
     if (ISSET(sudo_mode, MODE_RUN))
-	new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC));
+	new_environ = rebuild_env(envp, ISSET(validated, FLAG_NOEXEC));
     else
 	new_environ = envp;
 
--- sudo-1.6.8p12/auth/pam.c.login	2006-07-16 15:41:59.000000000 +0200
+++ sudo-1.6.8p12/auth/pam.c	2006-07-16 15:45:15.000000000 +0200
@@ -89,7 +89,12 @@
     if (auth != NULL)
 	auth->data = (VOID *) &pam_status;
     pam_conv.conv = sudo_conv;
-    pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
+#ifdef HAVE_PAM_LOGIN
+    if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
+	    pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh);
+    else
+#endif
+	    pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
     if (pam_status != PAM_SUCCESS) {
 	log_error(USE_ERRNO|NO_EXIT|NO_MAIL, "unable to initialize PAM");
 	return(AUTH_FATAL);
--- sudo-1.6.8p12/env.c.login	2006-07-16 15:40:14.000000000 +0200
+++ sudo-1.6.8p12/env.c	2006-07-16 15:57:19.000000000 +0200
@@ -77,7 +77,7 @@
 /*
  * Prototypes
  */
-char **rebuild_env		__P((char **, int, int));
+char **rebuild_env		__P((char **, int));
 char **zero_env			__P((char **));
 static void insert_env		__P((char *, int));
 static char *format_env		__P((char *, ...));
@@ -321,9 +321,8 @@
  * Also adds sudo-specific variables (SUDO_*).
  */
 char **
-rebuild_env(envp, sudo_mode, noexec)
+rebuild_env(envp, noexec)
     char **envp;
-    int sudo_mode;
     int noexec;
 {
     char **ep, *cp, *ps1;
--- sudo-1.6.8p12/sudo.h.login	2006-07-16 15:59:08.000000000 +0200
+++ sudo-1.6.8p12/sudo.h	2006-07-16 15:59:38.000000000 +0200
@@ -251,6 +251,7 @@
 extern FILE *sudoers_fp;
 extern int tgetpass_flags;
 extern uid_t timestamp_uid;
+extern int sudo_mode;
 
 extern void (*set_perms) __P((int));
 #endif
--- sudo-1.6.8p12/config.h.in.login	2006-07-16 15:32:09.000000000 +0200
+++ sudo-1.6.8p12/config.h.in	2006-07-16 15:32:56.000000000 +0200
@@ -230,6 +230,9 @@
 /* Define to 1 if you use PAM authentication. */
 #undef HAVE_PAM
 
+/* Define to 1 if you use specific PAM session for sodo -i. */
+#undef HAVE_PAM_LOGIN
+
 /* Define to 1 if you have the <pam/pam_appl.h> header file. */
 #undef HAVE_PAM_PAM_APPL_H
Commit	Line	Data
940ad429 JR	1	--- sudo-1.6.8p12/configure.in.login 2006-07-16 15:25:33.000000000 +0200
	2	+++ sudo-1.6.8p12/configure.in 2006-07-16 15:49:08.000000000 +0200
	3	@@ -357,6 +357,17 @@
	4	;;
	5	esac])
	6
	7	+AC_ARG_WITH(pam-login, [ --with-pam-login enable specific PAM session for sudo -i],
	8	+[case $with_pam_login in
	9	+ yes) AC_DEFINE(HAVE_PAM_LOGIN)
	10	+ AC_MSG_CHECKING(whether to use PAM login)
	11	+ AC_MSG_RESULT(yes)
	12	+ ;;
	13	+ no) ;;
	14	+ *) AC_MSG_ERROR(["--with-pam-login does not take an argument."])
	15	+ ;;
	16	+esac])
	17	+
	18	AC_ARG_WITH(AFS, [ --with-AFS enable AFS support],
	19	[case $with_AFS in
	20	yes) AC_DEFINE(HAVE_AFS)
	21	--- sudo-1.6.8p12/sudo.c.login 2006-07-16 15:39:26.000000000 +0200
	22	+++ sudo-1.6.8p12/sudo.c 2006-07-16 15:41:42.000000000 +0200
	23	@@ -109,7 +109,7 @@
	24	static struct passwd *get_authpw __P((void));
	25	extern int sudo_edit __P((int, char **));
	26	extern void list_matches __P((void));
	27	-extern char rebuild_env __P((char , int, int));
	28	+extern char rebuild_env __P((char , int));
	29	extern char zero_env __P((char ));
	30	extern struct passwd sudo_getpwnam __P((const char ));
	31	extern struct passwd *sudo_getpwuid __P((uid_t));
	32	@@ -140,6 +140,7 @@
	33	#endif /* HAVE_BSD_AUTH_H */
	34	sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp, saved_sa_chld;
	35	void (*set_perms) __P((int));
	36	+int sudo_mode;
	37
	38
	39	int
	40	@@ -151,7 +152,6 @@
	41	int validated;
	42	int fd;
	43	int cmnd_status;
	44	- int sudo_mode;
	45	int pwflag;
	46	char **new_environ;
	47	sigaction_t sa;
	48	@@ -368,7 +368,7 @@
	49
	50	/* Build a new environment that avoids any nasty bits if we have a cmnd. */
	51	if (ISSET(sudo_mode, MODE_RUN))
	52	- new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC));
	53	+ new_environ = rebuild_env(envp, ISSET(validated, FLAG_NOEXEC));
	54	else
	55	new_environ = envp;
	56
	57	--- sudo-1.6.8p12/auth/pam.c.login 2006-07-16 15:41:59.000000000 +0200
	58	+++ sudo-1.6.8p12/auth/pam.c 2006-07-16 15:45:15.000000000 +0200
	59	@@ -89,7 +89,12 @@
	60	if (auth != NULL)
	61	auth->data = (VOID *) &pam_status;
	62	pam_conv.conv = sudo_conv;
	63	- pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
	64	+#ifdef HAVE_PAM_LOGIN
65	+ if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
66	+ pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh);
67	+ else
68	+#endif
69	+ pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
70	if (pam_status != PAM_SUCCESS) {
71	log_error(USE_ERRNO\|NO_EXIT\|NO_MAIL, "unable to initialize PAM");
72	return(AUTH_FATAL);
73	--- sudo-1.6.8p12/env.c.login 2006-07-16 15:40:14.000000000 +0200
74	+++ sudo-1.6.8p12/env.c 2006-07-16 15:57:19.000000000 +0200
75	@@ -77,7 +77,7 @@
76	/*
77	* Prototypes
78	*/
79	-char rebuild_env __P((char , int, int));
80	+char rebuild_env __P((char , int));
81	char zero_env __P((char ));
82	static void insert_env __P((char *, int));
83	static char format_env __P((char , ...));
84	@@ -321,9 +321,8 @@
85	* Also adds sudo-specific variables (SUDO_*).
86	*/
87	char **
88	-rebuild_env(envp, sudo_mode, noexec)
89	+rebuild_env(envp, noexec)
90	char **envp;
91	- int sudo_mode;
92	int noexec;
93	{
94	char *ep, cp, *ps1;
95	--- sudo-1.6.8p12/sudo.h.login 2006-07-16 15:59:08.000000000 +0200
96	+++ sudo-1.6.8p12/sudo.h 2006-07-16 15:59:38.000000000 +0200
97	@@ -251,6 +251,7 @@
98	extern FILE *sudoers_fp;
99	extern int tgetpass_flags;
100	extern uid_t timestamp_uid;
101	+extern int sudo_mode;
102
103	extern void (*set_perms) __P((int));
104	#endif
105	--- sudo-1.6.8p12/config.h.in.login 2006-07-16 15:32:09.000000000 +0200
106	+++ sudo-1.6.8p12/config.h.in 2006-07-16 15:32:56.000000000 +0200
107	@@ -230,6 +230,9 @@
108	/* Define to 1 if you use PAM authentication. */
109	#undef HAVE_PAM
110
111	+/* Define to 1 if you use specific PAM session for sodo -i. */
112	+#undef HAVE_PAM_LOGIN
113	+
114	/* Define to 1 if you have the <pam/pam_appl.h> header file. */
115	#undef HAVE_PAM_PAM_APPL_H
116