[arch-commits] Commit in sudo/trunk (PKGBUILD fix-pam-prompt.patch)
Evangelos Foutras
foutrelis at archlinux.org
Tue Sep 5 20:03:14 UTC 2017
Date: Tuesday, September 5, 2017 @ 20:03:13
Author: foutrelis
Revision: 304713
upgpkg: sudo 1.8.21.p1-2
Fix a logic error which prevented sudo from using the PAM-supplied prompt (FS#55514).
Added:
sudo/trunk/fix-pam-prompt.patch
Modified:
sudo/trunk/PKGBUILD
----------------------+
PKGBUILD | 7 ++++-
fix-pam-prompt.patch | 66 +++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 72 insertions(+), 1 deletion(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-09-05 19:41:29 UTC (rev 304712)
+++ PKGBUILD 2017-09-05 20:03:13 UTC (rev 304713)
@@ -6,7 +6,7 @@
pkgname=sudo
_sudover=1.8.21p1
pkgver=${_sudover/p/.p}
-pkgrel=1
+pkgrel=2
pkgdesc="Give certain users the ability to run some commands as root"
arch=('i686' 'x86_64')
url="https://www.sudo.ws/sudo/"
@@ -16,14 +16,19 @@
backup=('etc/sudoers' 'etc/pam.d/sudo')
install=$pkgname.install
source=(https://www.sudo.ws/sudo/dist/$pkgname-$_sudover.tar.gz{,.sig}
+ fix-pam-prompt.patch
sudo.pam)
sha256sums=('ee50d3a249a96b1c5c8d3d21380eb96c63c6e61a888b13e3c2b941b23ab7c808'
'SKIP'
+ 'fc9a37c533664ecfdc7715812e9a93f39891e6fc3d72c23858bee33ac27fcebe'
'd1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2')
validpgpkeys=('CCB24BE9E9481B15D34159535A89DFA27EE470C4')
prepare() {
cd "$srcdir/$pkgname-$_sudover"
+
+ # https://bugzilla.sudo.ws/show_bug.cgi?id=799
+ patch -Np1 -i ../fix-pam-prompt.patch
}
build() {
Added: fix-pam-prompt.patch
===================================================================
--- fix-pam-prompt.patch (rev 0)
+++ fix-pam-prompt.patch 2017-09-05 20:03:13 UTC (rev 304713)
@@ -0,0 +1,66 @@
+
+# HG changeset patch
+# User Todd C. Miller <Todd.Miller at courtesan.com>
+# Date 1504625419 21600
+# Node ID 6ee5cc13af69f4248dfa1d89215e7c95fa90d051
+# Parent 7e6bf56cb06cfdc82f5b636ebe2851cfeda50f17
+Fix a logic error in 96651906de42 which prevented sudo from using
+the PAM-supplied prompt. Bug #799
+
+diff -r 7e6bf56cb06c -r 6ee5cc13af69 plugins/sudoers/auth/pam.c
+--- a/plugins/sudoers/auth/pam.c Fri Sep 01 14:09:43 2017 -0600
++++ b/plugins/sudoers/auth/pam.c Tue Sep 05 09:30:19 2017 -0600
+@@ -435,28 +435,32 @@
+ size_t user_len;
+ debug_decl(use_pam_prompt, SUDOERS_DEBUG_AUTH)
+
+- if (!def_passprompt_override) {
+- /* If sudo prompt matches "^Password: ?$", use PAM prompt. */
+- if (PROMPT_IS_PASSWORD(def_prompt))
+- debug_return_bool(true);
+-
+- /* If PAM prompt matches "^Password: ?$", use sudo prompt. */
+- if (PAM_PROMPT_IS_PASSWORD(pam_prompt))
+- debug_return_bool(false);
++ /* Always use sudo prompt if passprompt_override is set. */
++ if (def_passprompt_override)
++ debug_return_bool(false);
+
+- /*
+- * Some PAM modules use "^username's Password: ?$" instead of
+- * "^Password: ?" so check for that too.
+- */
+- user_len = strlen(user_name);
+- if (strncmp(pam_prompt, user_name, user_len) == 0) {
+- const char *cp = pam_prompt + user_len;
+- if (strncmp(cp, "'s Password:", 12) == 0 &&
+- (cp[12] == '\0' || (cp[12] == ' ' && cp[13] == '\0')))
+- debug_return_bool(false);
+- }
++ /* If sudo prompt matches "^Password: ?$", use PAM prompt. */
++ if (PROMPT_IS_PASSWORD(def_prompt))
++ debug_return_bool(true);
++
++ /* If PAM prompt matches "^Password: ?$", use sudo prompt. */
++ if (PAM_PROMPT_IS_PASSWORD(pam_prompt))
++ debug_return_bool(false);
++
++ /*
++ * Some PAM modules use "^username's Password: ?$" instead of
++ * "^Password: ?" so check for that too.
++ */
++ user_len = strlen(user_name);
++ if (strncmp(pam_prompt, user_name, user_len) == 0) {
++ const char *cp = pam_prompt + user_len;
++ if (strncmp(cp, "'s Password:", 12) == 0 &&
++ (cp[12] == '\0' || (cp[12] == ' ' && cp[13] == '\0')))
++ debug_return_bool(false);
+ }
+- debug_return_bool(false);
++
++ /* Otherwise, use the PAM prompt. */
++ debug_return_bool(true);
+ }
+
+ /*
+
More information about the arch-commits
mailing list