[arch-commits] Commit in sudo/trunk (PKGBUILD disable-non-interative-auth.patch)
Evangelos Foutras
foutrelis at gemini.archlinux.org
Fri Mar 4 06:25:50 UTC 2022
Date: Friday, March 4, 2022 @ 06:25:49
Author: foutrelis
Revision: 438832
upgpkg: sudo 1.9.10-1: new upstream release
Modified:
sudo/trunk/PKGBUILD
Deleted:
sudo/trunk/disable-non-interative-auth.patch
-----------------------------------+
PKGBUILD | 9 --
disable-non-interative-auth.patch | 142 ------------------------------------
2 files changed, 3 insertions(+), 148 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2022-03-04 01:43:55 UTC (rev 438831)
+++ PKGBUILD 2022-03-04 06:25:49 UTC (rev 438832)
@@ -3,8 +3,8 @@
# Contributor: Tom Newsom <Jeepster at gmx.co.uk>
pkgname=sudo
-_sudover=1.9.9
-pkgrel=2
+_sudover=1.9.10
+pkgrel=1
pkgver=${_sudover/p/.p}
pkgdesc="Give certain users the ability to run some commands as root"
arch=('x86_64')
@@ -19,18 +19,15 @@
install=$pkgname.install
source=(https://www.sudo.ws/sudo/dist/$pkgname-$_sudover.tar.gz{,.sig}
sudo_logsrvd.service
- disable-non-interative-auth.patch
sudo.pam)
-sha256sums=('6d6ee863a3bc26c87661093a74ec63e10fd031ceba714642d21636dfe25e3e00'
+sha256sums=('44a1461098e7c7b8e6ac597499c24fb2e43748c0c139a8b4944e57d1349a64f4'
'SKIP'
'8b91733b73171827c360a3e01f4692772b78e62ceca0cf0fd4b770aba35081a1'
- '094387d71f6866ff85ab1cccbdf685f97c02a803eb01b41c80c52918785db85c'
'd1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2')
validpgpkeys=('59D1E9CCBA2B376704FDD35BA9F4C021CEA470FB')
prepare() {
cd "$srcdir/$pkgname-$_sudover"
- patch -Np1 -i ../disable-non-interative-auth.patch
}
build() {
Deleted: disable-non-interative-auth.patch
===================================================================
--- disable-non-interative-auth.patch 2022-03-04 01:43:55 UTC (rev 438831)
+++ disable-non-interative-auth.patch 2022-03-04 06:25:49 UTC (rev 438832)
@@ -1,142 +0,0 @@
-From df5f61eb240b9ae1b67faad8f143a488c5c8f206 Mon Sep 17 00:00:00 2001
-From: "Todd C. Miller" <Todd.Miller at sudo.ws>
-Date: Tue, 1 Feb 2022 20:08:26 -0700
-Subject: [PATCH] Add sudoers option to perform authentication even in
- non-interative mode. If noninteractive_auth is set, authentication methods
- that do not require input from the user's terminal may proceed. It is off by
- default, which restores the pre-1.9.9 behavior of "sudo -n".
-
-(cherry picked from commit 85fef8b50f0847f4fce39a7fead9aae767be1dca)
----
- docs/sudoers.man.in | 17 +++++++++++++++++
- docs/sudoers.mdoc.in | 16 ++++++++++++++++
- plugins/sudoers/check.c | 6 ++++++
- plugins/sudoers/def_data.c | 4 ++++
- plugins/sudoers/def_data.h | 2 ++
- plugins/sudoers/def_data.in | 3 +++
- plugins/sudoers/defaults.c | 1 +
- 7 files changed, 49 insertions(+)
-
-diff --git a/docs/sudoers.man.in b/docs/sudoers.man.in
-index 67ca7cec6..f7e53cfe7 100644
---- a/docs/sudoers.man.in
-+++ b/docs/sudoers.man.in
-@@ -3214,6 +3214,23 @@ This flag is
- \fIoff\fR
- by default.
- .TP 18n
-+noninteractive_auth
-+If set, authentication will be attempted even in non-interactive mode
-+(when
-+\fBsudo\fR's
-+\fB\-n\fR
-+option is specified).
-+This allows authentication methods that don't require user interaction
-+to succeed.
-+Authentication methods that require input from the user's terminal
-+will still fail.
-+If disabled, authentication will not be attempted in non-interactive mode.
-+This flag is
-+\fIoff\fR
-+by default.
-+.sp
-+This setting is only supported by version 1.9.10 or higher.
-+.TP 18n
- pam_acct_mgmt
- On systems that use PAM for authentication,
- \fBsudo\fR
-diff --git a/docs/sudoers.mdoc.in b/docs/sudoers.mdoc.in
-index 1b9ea07cf..38b83b9af 100644
---- a/docs/sudoers.mdoc.in
-+++ b/docs/sudoers.mdoc.in
-@@ -3027,6 +3027,22 @@ section at the end of this manual.
- This flag is
- .Em off
- by default.
-+.It noninteractive_auth
-+If set, authentication will be attempted even in non-interactive mode
-+(when
-+.Nm sudo Ns 's
-+.Fl n
-+option is specified).
-+This allows authentication methods that don't require user interaction
-+to succeed.
-+Authentication methods that require input from the user's terminal
-+will still fail.
-+If disabled, authentication will not be attempted in non-interactive mode.
-+This flag is
-+.Em off
-+by default.
-+.Pp
-+This setting is only supported by version 1.9.10 or higher.
- .It pam_acct_mgmt
- On systems that use PAM for authentication,
- .Nm sudo
-diff --git a/plugins/sudoers/check.c b/plugins/sudoers/check.c
-index 2ba18d27e..25a2087b0 100644
---- a/plugins/sudoers/check.c
-+++ b/plugins/sudoers/check.c
-@@ -125,6 +125,12 @@ check_user_interactive(int validated, int mode, struct getpass_closure *closure)
- FALLTHROUGH;
-
- default:
-+ if (ISSET(mode, MODE_NONINTERACTIVE) && !def_noninteractive_auth) {
-+ validated |= FLAG_NO_USER_INPUT;
-+ log_auth_failure(validated, 0);
-+ goto done;
-+ }
-+
- /* XXX - should not lecture if askpass helper is being used. */
- lectured = display_lecture(closure->tstat);
-
-diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c
-index 0afddace8..2398f3c28 100644
---- a/plugins/sudoers/def_data.c
-+++ b/plugins/sudoers/def_data.c
-@@ -645,6 +645,10 @@ struct sudo_defs_types sudo_defs_table[] = {
- "rlimit_stack", T_RLIMIT|T_BOOL,
- N_("The maximum size to which the process's stack may grow (in bytes): %s"),
- NULL,
-+ }, {
-+ "noninteractive_auth", T_FLAG,
-+ N_("Attempt authentication even when in non-interactive mode"),
-+ NULL,
- }, {
- NULL, 0, NULL
- }
-diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h
-index 25bf3a71d..ae9182921 100644
---- a/plugins/sudoers/def_data.h
-+++ b/plugins/sudoers/def_data.h
-@@ -300,6 +300,8 @@
- #define def_rlimit_rss (sudo_defs_table[I_RLIMIT_RSS].sd_un.str)
- #define I_RLIMIT_STACK 149
- #define def_rlimit_stack (sudo_defs_table[I_RLIMIT_STACK].sd_un.str)
-+#define I_NONINTERACTIVE_AUTH 150
-+#define def_noninteractive_auth (sudo_defs_table[I_NONINTERACTIVE_AUTH].sd_un.flag)
-
- enum def_tuple {
- never,
-diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in
-index 8309779f7..03ed95607 100644
---- a/plugins/sudoers/def_data.in
-+++ b/plugins/sudoers/def_data.in
-@@ -466,3 +466,6 @@ rlimit_rss
- rlimit_stack
- T_RLIMIT|T_BOOL
- "The maximum size to which the process's stack may grow (in bytes): %s"
-+noninteractive_auth
-+ T_FLAG
-+ "Attempt authentication even when in non-interactive mode"
-diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c
-index b7979f37e..53c2dc2a9 100644
---- a/plugins/sudoers/defaults.c
-+++ b/plugins/sudoers/defaults.c
-@@ -571,6 +571,7 @@ init_defaults(void)
- def_log_denied = true;
- def_log_format = sudo;
- def_runas_allow_unknown_id = false;
-+ def_noninteractive_auth = false;
-
- /* Syslog options need special care since they both strings and ints */
- #if (LOGGING & SLOG_SYSLOG)
More information about the arch-commits
mailing list