rpms/sudo/devel sudo-1.6.8p8-pam-sess.patch, NONE, 1.1 sudo.spec, 1.22, 1.23

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Tue May 24 14:52:15 UTC 2005


Author: kzak

Update of /cvs/dist/rpms/sudo/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv29050

Modified Files:
	sudo.spec 
Added Files:
	sudo-1.6.8p8-pam-sess.patch 
Log Message:
- fix #154511 – sudo does not use limits.conf

sudo-1.6.8p8-pam-sess.patch:
 pam.c |   16 ++++++++++++++++
 1 files changed, 16 insertions(+)

--- NEW FILE sudo-1.6.8p8-pam-sess.patch ---
--- sudo-1.6.8p8/auth/pam.c.sess	2005-05-24 16:38:35.976866872 +0200
+++ sudo-1.6.8p8/auth/pam.c	2005-05-24 16:39:50.061604280 +0200
@@ -175,6 +175,8 @@
 pam_prep_user(pw)
     struct passwd *pw;
 {
+    int error;
+
     if (pamh == NULL)
 	pam_init(pw, NULL, NULL);
 
@@ -195,6 +197,20 @@
      */
     (void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
 
+    /*
+     * That's enough initialize PAM session in this function, because
+     * sudo calls it before exec()
+     */
+    if ((error = pam_open_session(pamh, 0))!=PAM_SUCCESS) {
+	    pam_end(pamh, error);
+	    return(AUTH_FAILURE);
+    }
+    /*
+     * For example settings from pam_limits are persistent after pam_session_close() and
+     * it's probably more clean call pam_close_session() than omit it.
+     */
+    pam_close_session(pamh, 0);
+   
     if (pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT) == PAM_SUCCESS)
 	return(AUTH_SUCCESS);
     else


Index: sudo.spec
===================================================================
RCS file: /cvs/dist/rpms/sudo/devel/sudo.spec,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- sudo.spec	12 Apr 2005 12:19:47 -0000	1.22
+++ sudo.spec	24 May 2005 14:52:13 -0000	1.23
@@ -4,7 +4,7 @@
 Summary: Allows restricted root access for specified users.
 Name: sudo
 Version: 1.6.8p8
-Release: 1
+Release: 2
 License: BSD
 Group: Applications/System
 Source: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
@@ -17,6 +17,8 @@
 BuildRequires: libselinux-devel
 %endif
 
+# 154511 – sudo does not use limits.conf
+Patch2: sudo-1.6.8p8-pam-sess.patch
 
 %description
 Sudo (superuser do) allows a system administrator to give certain
@@ -36,6 +38,8 @@
 %patch1 -p1 -b .selinux
 %endif
 
+%patch2 -p1 -b .sess
+
 %build
 %ifarch s390 s390x
 F_PIE=-fPIE
@@ -71,7 +75,7 @@
 auth       required	pam_stack.so service=system-auth
 account    required	pam_stack.so service=system-auth
 password   required	pam_stack.so service=system-auth
-session    required	pam_stack.so service=system-auth
+session    required	pam_limits.so
 EOF
 
 
@@ -101,6 +105,9 @@
 /bin/chmod 0440 /etc/sudoers || :
 
 %changelog
+* Tue May 24 2005 Karel Zak <kzak at redhat.com> 1.6.8p8-2
+- fix #154511 – sudo does not use limits.conf
+
 * Mon Apr  4 2005 Thomas Woerner <twoerner at redhat.com> 1.6.8p8-1
 - new version 1.6.8p8: new sudoedit and sudo_noexec
 




More information about the fedora-cvs-commits mailing list