rpms/sudo
7
0
Fork 0
Code Issues Pull Requests Releases Activity

also use getgrouplist() to determine group membership (#235915)

Browse Source
This commit is contained in:
Peter Vrabec 2007-04-12 08:29:55 +00:00
parent e3e8515a40
commit 05db95fdf1
2 changed files with 67 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
sudo-1.6.8p12-getgrouplist.patch Normal file
View File

@ -0,0 +1,61 @@
--- sudo-1.6.8p12/configure.in.getgrouplist 2007-04-12 10:16:12.000000000 +0200
+++ sudo-1.6.8p12/configure.in 2007-04-12 10:18:16.000000000 +0200
@@ -1694,7 +1694,7 @@
dnl Function checks
dnl
AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
- strftime setrlimit initgroups fstat gettimeofday)
+ strftime setrlimit initgroups getgrouplist fstat gettimeofday)
AC_CHECK_FUNCS(seteuid, , [AC_DEFINE(NO_SAVED_IDS)])
if test -z "$SKIP_SETRESUID"; then
AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
--- sudo-1.6.8p12/configure.getgrouplist 2005-10-28 02:48:25.000000000 +0200
+++ sudo-1.6.8p12/configure 2007-04-12 10:18:16.000000000 +0200
@@ -24677,7 +24677,7 @@
for ac_func in strchr strrchr memchr memcpy memset sysconf tzset \
- strftime setrlimit initgroups fstat gettimeofday
+ strftime setrlimit initgroups getgrouplist fstat gettimeofday
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
echo "$as_me:$LINENO: checking for $ac_func" >&5
--- sudo-1.6.8p12/check.c.getgrouplist 2005-03-25 02:55:31.000000000 +0100
+++ sudo-1.6.8p12/check.c 2007-04-12 10:18:16.000000000 +0200
@@ -299,6 +299,24 @@
return(TRUE);
}
+#ifdef HAVE_GETGROUPLIST
+ {
+ gid_t *grouplist, grouptmp;
+ int n_groups, i;
+ n_groups = 1;
+ if (getgrouplist(user_name, user_gid, &grouptmp, &n_groups) == -1) {
+ grouplist = (gid_t *) emalloc(sizeof(gid_t) * (n_groups + 1));
+ if (getgrouplist(user_name, user_gid, grouplist, &n_groups) > 0)
+ for (i = 0; i < n_groups; i++)
+ if (grouplist[i] == grp->gr_gid) {
+ free(grouplist);
+ return(TRUE);
+ }
+ free(grouplist);
+ }
+ }
+#endif
+
return(FALSE);
}
--- sudo-1.6.8p12/config.h.in.getgrouplist 2007-04-12 10:16:12.000000000 +0200
+++ sudo-1.6.8p12/config.h.in 2007-04-12 10:18:16.000000000 +0200
@@ -122,6 +122,9 @@
/* Define to 1 if you have the `getdomainname' function. */
#undef HAVE_GETDOMAINNAME
+/* Define to 1 if you have the `getgrouplist' function. */
+#undef HAVE_GETGROUPLIST
+
/* Define to 1 if you have the `getifaddrs' function. */
#undef HAVE_GETIFADDRS

7
sudo.spec
View File

@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users Summary: Allows restricted root access for specified users
Name: sudo Name: sudo
Version: 1.6.8p12 Version: 1.6.8p12
Release: 13%{?dist} Release: 14%{?dist}
License: BSD License: BSD
Group: Applications/System Group: Applications/System
URL: http://www.courtesan.com/sudo/ URL: http://www.courtesan.com/sudo/
@ -28,6 +28,7 @@ Patch5: sudo-1.6.8p12-requiretty.patch
Patch6: sudo-1.6.8p12-pam-login.patch Patch6: sudo-1.6.8p12-pam-login.patch
# IPv6 support # IPv6 support
Patch7: sudo-1.6.8p12-ipv6.patch Patch7: sudo-1.6.8p12-ipv6.patch
Patch8: sudo-1.6.8p12-getgrouplist.patch
%description %description
Sudo (superuser do) allows a system administrator to give certain Sudo (superuser do) allows a system administrator to give certain
@ -48,6 +49,7 @@ on many different machines.
%patch5 -p1 -b .tty %patch5 -p1 -b .tty
%patch6 -p1 -b .login %patch6 -p1 -b .login
%patch7 -p1 -b .ipv6 %patch7 -p1 -b .ipv6
%patch8 -p1 -b .getgrouplist
%build %build
%ifarch s390 s390x %ifarch s390 s390x
@ -127,6 +129,9 @@ rm -rf $RPM_BUILD_ROOT
/bin/chmod 0440 /etc/sudoers || : /bin/chmod 0440 /etc/sudoers || :
%changelog %changelog
* Thu Apr 12 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-14
- also use getgrouplist() to determine group membership (#235915)
* Mon Feb 26 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-13 * Mon Feb 26 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-13
- fix some spec file issues - fix some spec file issues