rpms/sudo/devel sudo-1.6.8p8-pam-sess.patch, NONE, 1.1 sudo.spec, 1.22, 1.23
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue May 24 14:52:15 UTC 2005
- Previous message (by thread): rpms/sudo/FC-3 sudo-1.6.7p5-pam-session.patch, NONE, 1.1 sudo.spec, 1.20, 1.21
- Next message (by thread): rpms/xinitrc/devel .cvsignore, 1.42, 1.43 sources, 1.42, 1.43 xinitrc.spec, 1.44, 1.45
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kzak
Update of /cvs/dist/rpms/sudo/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv29050
Modified Files:
sudo.spec
Added Files:
sudo-1.6.8p8-pam-sess.patch
Log Message:
- fix #154511 â sudo does not use limits.conf
sudo-1.6.8p8-pam-sess.patch:
pam.c | 16 ++++++++++++++++
1 files changed, 16 insertions(+)
--- NEW FILE sudo-1.6.8p8-pam-sess.patch ---
--- sudo-1.6.8p8/auth/pam.c.sess 2005-05-24 16:38:35.976866872 +0200
+++ sudo-1.6.8p8/auth/pam.c 2005-05-24 16:39:50.061604280 +0200
@@ -175,6 +175,8 @@
pam_prep_user(pw)
struct passwd *pw;
{
+ int error;
+
if (pamh == NULL)
pam_init(pw, NULL, NULL);
@@ -195,6 +197,20 @@
*/
(void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
+ /*
+ * That's enough initialize PAM session in this function, because
+ * sudo calls it before exec()
+ */
+ if ((error = pam_open_session(pamh, 0))!=PAM_SUCCESS) {
+ pam_end(pamh, error);
+ return(AUTH_FAILURE);
+ }
+ /*
+ * For example settings from pam_limits are persistent after pam_session_close() and
+ * it's probably more clean call pam_close_session() than omit it.
+ */
+ pam_close_session(pamh, 0);
+
if (pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT) == PAM_SUCCESS)
return(AUTH_SUCCESS);
else
Index: sudo.spec
===================================================================
RCS file: /cvs/dist/rpms/sudo/devel/sudo.spec,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- sudo.spec 12 Apr 2005 12:19:47 -0000 1.22
+++ sudo.spec 24 May 2005 14:52:13 -0000 1.23
@@ -4,7 +4,7 @@
Summary: Allows restricted root access for specified users.
Name: sudo
Version: 1.6.8p8
-Release: 1
+Release: 2
License: BSD
Group: Applications/System
Source: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
@@ -17,6 +17,8 @@
BuildRequires: libselinux-devel
%endif
+# 154511 â sudo does not use limits.conf
+Patch2: sudo-1.6.8p8-pam-sess.patch
%description
Sudo (superuser do) allows a system administrator to give certain
@@ -36,6 +38,8 @@
%patch1 -p1 -b .selinux
%endif
+%patch2 -p1 -b .sess
+
%build
%ifarch s390 s390x
F_PIE=-fPIE
@@ -71,7 +75,7 @@
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
-session required pam_stack.so service=system-auth
+session required pam_limits.so
EOF
@@ -101,6 +105,9 @@
/bin/chmod 0440 /etc/sudoers || :
%changelog
+* Tue May 24 2005 Karel Zak <kzak at redhat.com> 1.6.8p8-2
+- fix #154511 â sudo does not use limits.conf
+
* Mon Apr 4 2005 Thomas Woerner <twoerner at redhat.com> 1.6.8p8-1
- new version 1.6.8p8: new sudoedit and sudo_noexec
- Previous message (by thread): rpms/sudo/FC-3 sudo-1.6.7p5-pam-session.patch, NONE, 1.1 sudo.spec, 1.20, 1.21
- Next message (by thread): rpms/xinitrc/devel .cvsignore, 1.42, 1.43 sources, 1.42, 1.43 xinitrc.spec, 1.44, 1.45
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list