+ exit(-1);
+ }
+}
---- sudo-1.6.7p5/configure.in.selinux 2003-05-06 11:22:36.000000000 -0400
-+++ sudo-1.6.7p5/configure.in 2004-07-08 13:18:28.000000000 -0400
-@@ -90,7 +90,7 @@
+--- sudo-1.6.9p3/configure.in.orig 2007-07-30 15:30:15.000000000 +0200
++++ sudo-1.6.9p3/configure.in 2007-08-04 22:13:39.950053015 +0200
+@@ -101,7 +101,7 @@
dnl Initial values for Makefile variables listed above
dnl May be overridden by environment variables..
dnl
-PROGS="sudo visudo"
+PROGS="sudo visudo sesh"
- test -n "$MANTYPE" || MANTYPE="man"
- test -n "$mansrcdir" || mansrcdir="."
- test -n "$SUDOERS_MODE" || SUDOERS_MODE=0440
---- sudo-1.6.8/sudo.c.orig 2004-08-07 01:42:52.000000000 +0200
-+++ sudo-1.6.8/sudo.c 2004-08-29 20:45:31.556903000 +0200
-@@ -92,6 +92,17 @@
+ : ${MANTYPE='man'}
+ : ${mansrcdir='.'}
+ : ${SUDOERS_MODE='0440'}
+--- sudo-1.6.9p3/sudo.c.orig 2007-07-22 21:21:01.000000000 +0200
++++ sudo-1.6.9p3/sudo.c 2007-08-04 22:15:26.464122906 +0200
+@@ -101,6 +101,17 @@
#include "interfaces.h"
#include "version.h"
+#endif
+
#ifndef lint
- static const char rcsid[] = "$Sudo: sudo.c,v 1.369 2004/08/06 23:42:52 millert Exp $";
+ __unused __unused static const char rcsid[] = "$Sudo: sudo.c,v 1.369.2.26 2007/07/22 19:21:01 millert Exp $";
#endif /* lint */
-@@ -141,7 +152,151 @@
+@@ -154,7 +165,151 @@
+ #endif /* HAVE_BSD_AUTH_H */
sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp, saved_sa_chld;
- void (*set_perms) __P((int));
+#ifdef WITH_SELINUX
+security_context_t setup_tty_context(int fd, char *ttyn, security_context_t new_context) {
+
+ security_context_t old_context=NULL; /* our original securiy ID ("old_context") */
+ security_context_t new_context=NULL; /* our target security ID ("sid") */
-+
+
+ /*
+ *
+ * Step 1: Handle command-line arguments.
+
+ return new_context;
+}
-
++
+#endif
int
main(argc, argv, envp)
int argc;
-@@ -149,10 +304,10 @@
- char **envp;
- {
- int validated;
-- int fd;
- int cmnd_status;
- int sudo_mode;
- int pwflag;
-+ int fd;
- char **new_environ;
- sigaction_t sa;
- extern int printmatches;
-@@ -203,9 +358,6 @@
+@@ -216,9 +371,6 @@
/* Setup defaults data structures. */
init_defaults();
pwflag = 0;
if (ISSET(sudo_mode, MODE_SHELL))
user_cmnd = "shell";
-@@ -219,6 +371,8 @@
- putchar('\n');
+@@ -233,6 +385,8 @@
+ (void) printf("Sudoers path: %s\n", _PATH_SUDOERS);
dump_auth_methods();
dump_defaults();
+ /* Load the list of local ip addresses and netmasks. */
dump_interfaces();
}
exit(0);
-@@ -445,7 +599,43 @@
+@@ -442,7 +596,43 @@
#ifndef PROFILING
if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0)
exit(0);
+ }
+ }
+#endif
- EXECV(safe_cmnd, NewArgv); /* run the command */
+ execve(safe_cmnd, NewArgv, environ);
#else
exit(0);
-@@ -729,6 +919,30 @@
- NewArgv++;
- break;
+@@ -766,6 +956,30 @@
+ NewArgv++;
+ break;
#endif
+#ifdef WITH_SELINUX
+ case 'r':
+ break;
+#endif
#ifdef HAVE_LOGIN_CAP_H
- case 'c':
- /* Must have an associated login class. */
-@@ -1111,6 +1325,9 @@
+ case 'c':
+ /* Must have an associated login class. */
+@@ -1247,6 +1461,9 @@
#ifdef HAVE_LOGIN_CAP_H
" [-c class|-]",
#endif
+#endif
" [-p prompt]",
" [-u username|#uid]",
- " { -e file [...] | -i | -s | <command> }",
---- sudo-1.6.8/sudo.man.in.orig 2004-08-17 20:53:39.000000000 +0200
-+++ sudo-1.6.8/sudo.man.in 2004-08-29 20:48:39.189378528 +0200
-@@ -156,7 +156,7 @@
- .IX Header "SYNOPSIS"
- \&\fBsudo\fR \fB\-K\fR | \fB\-L\fR | \fB\-V\fR | \fB\-h\fR | \fB\-k\fR | \fB\-l\fR | \fB\-v\fR
+ " [VAR=value]",
+--- sudo-1.6.9p3/sudo.man.in.orig 2007-08-02 17:51:59.000000000 +0200
++++ sudo-1.6.9p3/sudo.man.in 2007-08-04 22:17:59.880865627 +0200
+@@ -157,7 +157,8 @@
+ \&\fBsudo\fR \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-l\fR | \fB\-V\fR | \fB\-v\fR
.PP
--\&\fBsudo\fR [\fB\-HPSb\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
-+\&\fBsudo\fR [\fB\-HPSb\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ]
- [\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
- {\fB\-e\fR\ file\ [...]\ |\ \fB\-i\fR\ |\ \fB\-s\fR\ |\ \fIcommand\fR}
+ \&\fBsudo\fR [\fB\-bEHPS\fR] [\fB\-a\fR\ \fIauth_type\fR]
+-[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
++[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ]
++[\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
+ [\fB\s-1VAR\s0\fR=\fIvalue\fR] {\fB\-i\fR\ |\ \fB\-s\fR\ |\ \fIcommand\fR}
.PP
-@@ -235,6 +235,16 @@
- \&\fBsudo\fR will initialize the group vector to the list of groups the
- target user is in. The real and effective group IDs, however, are
- still set to match the target user.
+ \&\fBsudoedit\fR [\fB\-S\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
+@@ -354,6 +355,16 @@
+ .RE
+ .RS 4
+ .RE
+.IP "\-r" 4
+.IX Item "-r"
+The \fB\-r\fR (\fRrole\fR) option causes the new (SELinux) security context to have the role specified by
.IP "\-S" 4
.IX Item "-S"
The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
---- sudo-1.6.8/Makefile.in.orig 2004-05-28 22:27:59.000000000 +0200
-+++ sudo-1.6.8/Makefile.in 2004-08-29 20:49:03.393698912 +0200
+--- sudo-1.6.9p3/Makefile.in.orig 2007-08-02 17:51:59.000000000 +0200
++++ sudo-1.6.9p3/Makefile.in 2007-08-04 22:18:17.657878682 +0200
@@ -43,7 +43,8 @@
# Libraries
LIBS = @LIBS@
#### End of system configuration section. ####
@@ -104,7 +105,7 @@
- parse.lex parse.yacc set_perms.c sigaction.c snprintf.c strcasecmp.c \
- strerror.c strlcat.c strlcpy.c sudo.c sudo_noexec.c sudo.tab.c \
- sudo_edit.c testsudoers.c tgetpass.c utime.c visudo.c zero_bytes.c \
-- $(AUTH_SRCS)
-+ $(AUTH_SRCS) sesh.c
+ logging.c memrchr.c mkstemp.c parse.c parse.lex parse.yacc set_perms.c \
+ sigaction.c snprintf.c strcasecmp.c strerror.c strlcat.c strlcpy.c \
+ sudo.c sudo_noexec.c sudo.tab.c sudo_edit.c testsudoers.c tgetpass.c \
+- utimes.c visudo.c zero_bytes.c $(AUTH_SRCS)
++ utimes.c visudo.c zero_bytes.c $(AUTH_SRCS) sesh.c
AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \
auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \
@@ -126,6 +127,8 @@
- VISUDOBJS = visudo.o fileops.o goodpath.o find_path.o $(PARSEOBJS)
+ VISUDOBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o $(PARSEOBJS)
+SESH_OBJS = sesh.o
+
TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS)
LIBOBJS = @LIBOBJS@ @ALLOCA@
-@@ -145,7 +148,7 @@
+@@ -146,7 +149,7 @@
BINFILES= BUGS CHANGES HISTORY LICENSE README TODO TROUBLESHOOTING \
UPGRADE install-sh mkinstalldirs sample.syslog.conf sample.sudoers \
sudo sudo.cat sudo.man sudo.pod sudoers sudoers.cat sudoers.man \
- sudoers.pod visudo visudo.cat visudo.man visudo.pod
+ sudoers.pod visudo visudo.cat visudo.man visudo.pod sesh
- BINSPECIAL= INSTALL.binary Makefile.binary
+ BINSPECIAL= INSTALL.binary Makefile.binary libtool
-@@ -177,6 +180,9 @@
+@@ -178,6 +181,9 @@
visudo: $(VISUDOBJS) $(LIBOBJS)
$(CC) -o $@ $(VISUDOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
testsudoers: $(TESTOBJS) $(LIBOBJS)
$(CC) -o $@ $(TESTOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
-@@ -215,6 +221,7 @@
+@@ -219,6 +225,7 @@
set_perms.o: set_perms.c $(SUDODEP)
tgetpass.o: tgetpass.c $(SUDODEP)
visudo.o: visudo.c $(SUDODEP) version.h
sudo.o: sudo.c $(SUDODEP) interfaces.h version.h
interfaces.o: interfaces.c $(SUDODEP) interfaces.h
testsudoers.o: testsudoers.c $(SUDODEP) parse.h interfaces.h
-@@ -305,6 +312,7 @@
- ln -f $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
+@@ -314,6 +321,7 @@
+ ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo
+ $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(visudodir)/sesh