- update to new upstream version
- merged .audit and .libaudit patch - added sudoers.ldap.5* to files
This commit is contained in:
parent
d3f6d25f13
commit
ac43db5783
@ -1,2 +1,2 @@
|
|||||||
sudo-1.7.2p5.tar.gz
|
sudo-1.7.2p6.tar.gz
|
||||||
sudo-1.7.2p2-sudoers
|
sudo-1.7.2p2-sudoers
|
||||||
|
2
sources
2
sources
@ -1,2 +1,2 @@
|
|||||||
398f584e831bd75b3c0179e28368c2a3 sudo-1.7.2p5.tar.gz
|
c4f1a43e8ba94f6bf06d2211442148c4 sudo-1.7.2p6.tar.gz
|
||||||
d657d8d55ecdf88a2d11da73ac5662a4 sudo-1.7.2p2-sudoers
|
d657d8d55ecdf88a2d11da73ac5662a4 sudo-1.7.2p2-sudoers
|
||||||
|
401
sudo-1.7.2p6-audit.patch
Normal file
401
sudo-1.7.2p6-audit.patch
Normal file
@ -0,0 +1,401 @@
|
|||||||
|
diff -up /dev/null sudo-1.7.2p6/audit_help.c
|
||||||
|
--- /dev/null 2010-03-17 15:58:02.830002615 +0100
|
||||||
|
+++ sudo-1.7.2p6/audit_help.c 2010-04-14 15:25:49.000000000 +0200
|
||||||
|
@@ -0,0 +1,136 @@
|
||||||
|
+/*
|
||||||
|
+ * Audit helper functions used throughout sudo
|
||||||
|
+ *
|
||||||
|
+ * Copyright (C) 2007, Red Hat, Inc.
|
||||||
|
+ *
|
||||||
|
+ * Redistribution and use in source and binary forms, with or without
|
||||||
|
+ * modification, are permitted provided that the following conditions
|
||||||
|
+ * are met:
|
||||||
|
+ * 1. Redistributions of source code must retain the above copyright
|
||||||
|
+ * notice, this list of conditions and the following disclaimer.
|
||||||
|
+ * 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
+ * notice, this list of conditions and the following disclaimer in the
|
||||||
|
+ * documentation and/or other materials provided with the distribution.
|
||||||
|
+ * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
|
||||||
|
+ * may be used to endorse or promote products derived from this software
|
||||||
|
+ * without specific prior written permission.
|
||||||
|
+ *
|
||||||
|
+ * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
|
||||||
|
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||||
|
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||||
|
+ * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
|
||||||
|
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||||
|
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||||
|
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||||
|
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||||
|
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||||
|
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
|
+ * SUCH DAMAGE.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#include <config.h>
|
||||||
|
+
|
||||||
|
+#ifdef WITH_AUDIT
|
||||||
|
+#include <stdlib.h>
|
||||||
|
+#include <syslog.h>
|
||||||
|
+#include <stdarg.h>
|
||||||
|
+#include <libaudit.h>
|
||||||
|
+#include <errno.h>
|
||||||
|
+#include <stdio.h>
|
||||||
|
+#include <string.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
+#include <sys/types.h>
|
||||||
|
+
|
||||||
|
+#ifdef HAVE_SELINUX
|
||||||
|
+#include <selinux/selinux.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+int audit_fd = -1;
|
||||||
|
+
|
||||||
|
+void audit_help_open (void)
|
||||||
|
+{
|
||||||
|
+ audit_fd = audit_open ();
|
||||||
|
+ if (audit_fd < 0) {
|
||||||
|
+ /* You get these only when the kernel doesn't have
|
||||||
|
+ * audit compiled in. */
|
||||||
|
+ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
|
||||||
|
+ errno == EAFNOSUPPORT)
|
||||||
|
+ return;
|
||||||
|
+ fprintf (stderr, "Cannot open audit interface - aborting.\n");
|
||||||
|
+ exit (1);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * This function will log a message to the audit system using a predefined
|
||||||
|
+ * message format. Parameter usage is as follows:
|
||||||
|
+ *
|
||||||
|
+ * type - type of message: AUDIT_USER_CMD
|
||||||
|
+ * command - the command being logged
|
||||||
|
+ * params - parames of the command
|
||||||
|
+ * result - 1 is "success" and 0 is "failed"
|
||||||
|
+ *
|
||||||
|
+ */
|
||||||
|
+void audit_logger (int type, const char *command, const char *params, int result)
|
||||||
|
+{
|
||||||
|
+ int err;
|
||||||
|
+ char *msg;
|
||||||
|
+
|
||||||
|
+ if( audit_fd < 0 )
|
||||||
|
+ return;
|
||||||
|
+ else {
|
||||||
|
+
|
||||||
|
+ if( params )
|
||||||
|
+ err = asprintf(&msg, "%s %s", command, params);
|
||||||
|
+ else
|
||||||
|
+ err = asprintf(&msg, "%s", command);
|
||||||
|
+ if (err < 0) {
|
||||||
|
+ fprintf (stderr, "Memory allocation for audit message wasn’t possible.\n");
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ err = audit_log_user_command (audit_fd, type, msg, NULL, result);
|
||||||
|
+ /* The kernel supports auditing and we had
|
||||||
|
+ enough privilege to write to the socket. */
|
||||||
|
+ if( err <= 0 && !((errno == EPERM && getuid() > 0) || errno == ECONNREFUSED ) ) {
|
||||||
|
+ perror("audit_log_user_command()");
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ free(msg);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#ifdef HAVE_SELINUX
|
||||||
|
+int send_audit_message(int success, security_context_t old_context,
|
||||||
|
+ security_context_t new_context, const char *ttyn)
|
||||||
|
+{
|
||||||
|
+ char *msg = NULL;
|
||||||
|
+ int rc;
|
||||||
|
+
|
||||||
|
+ if (audit_fd < 0)
|
||||||
|
+ return -1;
|
||||||
|
+
|
||||||
|
+ if (asprintf(&msg, "newrole: old-context=%s new-context=%s",
|
||||||
|
+ old_context ? old_context : "?",
|
||||||
|
+ new_context ? new_context : "?") < 0) {
|
||||||
|
+ fprintf(stderr, "Error allocating memory.\n");
|
||||||
|
+ rc = -1;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
|
||||||
|
+ msg, NULL, NULL, ttyn, success);
|
||||||
|
+
|
||||||
|
+ if (rc <= 0) {
|
||||||
|
+ fprintf(stderr, "Error sending audit message.\n");
|
||||||
|
+ rc = -1;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ rc = 0;
|
||||||
|
+
|
||||||
|
+ out:
|
||||||
|
+ free(msg);
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+#endif
|
||||||
|
+#endif /* WITH_AUDIT */
|
||||||
|
diff -up sudo-1.7.2p6/configure.in.audit sudo-1.7.2p6/configure.in
|
||||||
|
--- sudo-1.7.2p6/configure.in.audit 2010-04-14 15:25:49.000000000 +0200
|
||||||
|
+++ sudo-1.7.2p6/configure.in 2010-04-14 15:25:49.000000000 +0200
|
||||||
|
@@ -181,6 +181,10 @@ dnl
|
||||||
|
dnl Options for --with
|
||||||
|
dnl
|
||||||
|
|
||||||
|
+AC_ARG_WITH(audit,
|
||||||
|
+ [AC_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
|
||||||
|
+ [with_audit=$withval], [with_audit=yes])
|
||||||
|
+
|
||||||
|
AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])],
|
||||||
|
[case $with_CC in
|
||||||
|
yes) AC_MSG_ERROR(["must give --with-CC an argument."])
|
||||||
|
@@ -1747,6 +1751,24 @@ dnl
|
||||||
|
: ${mansectsu='8'}
|
||||||
|
: ${mansectform='5'}
|
||||||
|
|
||||||
|
+
|
||||||
|
+if test "$with_audit" = "yes"; then
|
||||||
|
+ # See if we have the audit library
|
||||||
|
+ AC_CHECK_HEADER(libaudit.h, [audit_header="yes"], [audit_header="no"])
|
||||||
|
+ if test "$audit_header" = "yes"; then
|
||||||
|
+ AC_CHECK_LIB(audit, audit_log_user_command,
|
||||||
|
+ [AC_DEFINE(WITH_AUDIT, 1, [Define if you want to enable Audit messages])
|
||||||
|
+ LIBAUDIT="-laudit"])
|
||||||
|
+ fi
|
||||||
|
+ # See if we have the libcap library
|
||||||
|
+ AC_CHECK_HEADERS(sys/capability.h sys/prctl.h, [cap_header="yes"], [cap_header="no"])
|
||||||
|
+ if test "$cap_header" = "yes"; then
|
||||||
|
+ AC_CHECK_LIB(cap, cap_init,
|
||||||
|
+ [AC_DEFINE(HAVE_LIBCAP, 1, [SELinux libcap support])
|
||||||
|
+ SUDO_LIBS="${SUDO_LIBS} -lcap"])
|
||||||
|
+ fi
|
||||||
|
+fi
|
||||||
|
+AC_SUBST(LIBAUDIT)
|
||||||
|
dnl
|
||||||
|
dnl Add in any libpaths or libraries specified via configure
|
||||||
|
dnl
|
||||||
|
diff -up sudo-1.7.2p6/Makefile.in.audit sudo-1.7.2p6/Makefile.in
|
||||||
|
--- sudo-1.7.2p6/Makefile.in.audit 2010-04-14 15:25:49.000000000 +0200
|
||||||
|
+++ sudo-1.7.2p6/Makefile.in 2010-04-14 15:25:49.000000000 +0200
|
||||||
|
@@ -44,7 +44,7 @@ INSTALL = $(SHELL) $(srcdir)/install-sh
|
||||||
|
# Libraries
|
||||||
|
LIBS = @LIBS@
|
||||||
|
NET_LIBS = @NET_LIBS@
|
||||||
|
-SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS)
|
||||||
|
+SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ @LIBAUDIT@ $(LIBS) $(NET_LIBS)
|
||||||
|
|
||||||
|
# C preprocessor flags
|
||||||
|
CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@
|
||||||
|
@@ -123,6 +123,8 @@ HDRS = bsm_audit.h compat.h def_data.h d
|
||||||
|
|
||||||
|
AUTH_OBJS = sudo_auth.o @AUTH_OBJS@
|
||||||
|
|
||||||
|
+AUDIT_OBJS = audit_help.o
|
||||||
|
+
|
||||||
|
# Note: gram.o must come first here
|
||||||
|
COMMON_OBJS = gram.o alias.o alloc.o defaults.o error.o list.o match.o \
|
||||||
|
toke.o redblack.o zero_bytes.o @NONUNIX_GROUPS_IMPL@
|
||||||
|
@@ -130,7 +132,7 @@ COMMON_OBJS = gram.o alias.o alloc.o def
|
||||||
|
SUDO_OBJS = $(COMMON_OBJS) $(AUTH_OBJS) @SUDO_OBJS@ audit.o check.o env.o \
|
||||||
|
getspwuid.o gettime.o goodpath.o fileops.o find_path.o \
|
||||||
|
interfaces.o lbuf.o logging.o parse.o pwutil.o set_perms.o \
|
||||||
|
- sudo.o sudo_edit.o sudo_nss.o term.o tgetpass.o
|
||||||
|
+ sudo.o sudo_edit.o sudo_nss.o term.o tgetpass.o $(AUDIT_OBJS)
|
||||||
|
|
||||||
|
VISUDO_OBJS = $(COMMON_OBJS) visudo.o fileops.o gettime.o goodpath.o \
|
||||||
|
find_path.o pwutil.o
|
||||||
|
@@ -361,6 +363,9 @@ securid5.o: $(authdir)/securid5.c $(AUTH
|
||||||
|
sia.o: $(authdir)/sia.c $(AUTHDEP)
|
||||||
|
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sia.c
|
||||||
|
|
||||||
|
+audit_help.o: audit_help.c sudo.h
|
||||||
|
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(LIBADUIT) $(srcdir)/audit_help.c
|
||||||
|
+
|
||||||
|
sudo.man.in: $(srcdir)/sudo.pod
|
||||||
|
@rm -f $(srcdir)/$@
|
||||||
|
( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' sudo.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudo.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" | perl -p sudo.man.pl >> $@ )
|
||||||
|
diff -up sudo-1.7.2p6/set_perms.c.audit sudo-1.7.2p6/set_perms.c
|
||||||
|
--- sudo-1.7.2p6/set_perms.c.audit 2010-04-09 12:12:02.000000000 +0200
|
||||||
|
+++ sudo-1.7.2p6/set_perms.c 2010-04-14 15:25:49.000000000 +0200
|
||||||
|
@@ -48,6 +48,10 @@
|
||||||
|
#ifdef HAVE_LOGIN_CAP_H
|
||||||
|
# include <login_cap.h>
|
||||||
|
#endif
|
||||||
|
+#if defined(WITH_AUDIT) && defined(HAVE_LIBCAP)
|
||||||
|
+# include <sys/prctl.h>
|
||||||
|
+# include <sys/capability.h>
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
#include "sudo.h"
|
||||||
|
|
||||||
|
@@ -126,16 +130,59 @@ set_perms(perm)
|
||||||
|
break;
|
||||||
|
|
||||||
|
case PERM_FULL_RUNAS:
|
||||||
|
- /* headed for exec(), assume euid == ROOT_UID */
|
||||||
|
- runas_setup();
|
||||||
|
- if (setresuid(def_stay_setuid ?
|
||||||
|
- user_uid : runas_pw->pw_uid,
|
||||||
|
- runas_pw->pw_uid, runas_pw->pw_uid)) {
|
||||||
|
- errstr = "unable to change to runas uid";
|
||||||
|
- goto bad;
|
||||||
|
- }
|
||||||
|
+#if defined(WITH_AUDIT) && defined(HAVE_LIBCAP)
|
||||||
|
+ { /* BEGIN CAP BLOCK */
|
||||||
|
+ cap_t new_caps;
|
||||||
|
+ cap_value_t cap_list[] = { CAP_AUDIT_WRITE };
|
||||||
|
+
|
||||||
|
+ if (runas_pw->pw_uid != ROOT_UID) {
|
||||||
|
+ new_caps = cap_init ();
|
||||||
|
+ if (!new_caps) {
|
||||||
|
+ errstr = "Error initing capabilities, aborting.\n";
|
||||||
|
+ goto bad;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if(cap_set_flag(new_caps, CAP_PERMITTED, 1, cap_list, CAP_SET) ||
|
||||||
|
+ cap_set_flag(new_caps, CAP_EFFECTIVE, 1, cap_list, CAP_SET)) {
|
||||||
|
+ errstr = "Error setting capabilities, aborting\n";
|
||||||
|
+ goto bad;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
|
||||||
|
+ errstr = "Error setting KEEPCAPS, aborting\n";
|
||||||
|
+ goto bad;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+ /* headed for exec(), assume euid == ROOT_UID */
|
||||||
|
+ runas_setup();
|
||||||
|
+ if (setresuid(def_stay_setuid ?
|
||||||
|
+ user_uid : runas_pw->pw_uid,
|
||||||
|
+ runas_pw->pw_uid, runas_pw->pw_uid)) {
|
||||||
|
+ errstr = "unable to change to runas uid";
|
||||||
|
+ goto bad;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+#if defined(WITH_AUDIT) && defined(HAVE_LIBCAP)
|
||||||
|
+ if (runas_pw->pw_uid != ROOT_UID) {
|
||||||
|
+ if (prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) < 0) {
|
||||||
|
+ errstr = "Error resetting KEEPCAPS, aborting\n";
|
||||||
|
+ goto bad;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (cap_set_proc(new_caps)) {
|
||||||
|
+ errstr = "Error dropping capabilities, aborting\n";
|
||||||
|
+ goto bad;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (cap_free (new_caps)) {
|
||||||
|
+ errstr = "Error freeing caps\n";
|
||||||
|
+ goto bad;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ } /* END CAP BLOCK */
|
||||||
|
+#endif
|
||||||
|
break;
|
||||||
|
-
|
||||||
|
case PERM_SUDOERS:
|
||||||
|
/* assume euid == ROOT_UID, ruid == user */
|
||||||
|
if (setresgid(-1, SUDOERS_GID, -1))
|
||||||
|
diff -up sudo-1.7.2p6/sudo.c.audit sudo-1.7.2p6/sudo.c
|
||||||
|
--- sudo-1.7.2p6/sudo.c.audit 2010-04-14 15:25:49.000000000 +0200
|
||||||
|
+++ sudo-1.7.2p6/sudo.c 2010-04-14 15:31:47.000000000 +0200
|
||||||
|
@@ -95,6 +95,10 @@
|
||||||
|
# include <selinux/selinux.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#ifdef WITH_AUDIT
|
||||||
|
+#include <libaudit.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
#include <sudo_usage.h>
|
||||||
|
#include "sudo.h"
|
||||||
|
#include "lbuf.h"
|
||||||
|
@@ -368,7 +372,7 @@ main(argc, argv, envp)
|
||||||
|
|
||||||
|
if (safe_cmnd == NULL)
|
||||||
|
safe_cmnd = estrdup(user_cmnd);
|
||||||
|
-
|
||||||
|
+
|
||||||
|
#ifdef HAVE_SETLOCALE
|
||||||
|
setlocale(LC_ALL, "");
|
||||||
|
#endif
|
||||||
|
@@ -540,6 +544,20 @@ main(argc, argv, envp)
|
||||||
|
|
||||||
|
closefrom(def_closefrom);
|
||||||
|
|
||||||
|
+#if defined(WITH_AUDIT)
|
||||||
|
+ audit_help_open ();
|
||||||
|
+#endif
|
||||||
|
+ if (access(safe_cmnd, X_OK) != 0) {
|
||||||
|
+ warn ("unable to execute %s", safe_cmnd);
|
||||||
|
+#ifdef WITH_AUDIT
|
||||||
|
+ audit_logger(AUDIT_USER_CMD, safe_cmnd, user_args, 0);
|
||||||
|
+#endif
|
||||||
|
+ exit(127);
|
||||||
|
+ }
|
||||||
|
+#ifdef WITH_AUDIT
|
||||||
|
+ audit_logger(AUDIT_USER_CMD, safe_cmnd, user_args, 1);
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
#ifndef PROFILING
|
||||||
|
if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0) {
|
||||||
|
syslog(LOG_AUTH|LOG_ERR, "fork");
|
||||||
|
@@ -564,11 +582,17 @@ main(argc, argv, envp)
|
||||||
|
NewArgv[1] = safe_cmnd;
|
||||||
|
execv(_PATH_BSHELL, NewArgv);
|
||||||
|
}
|
||||||
|
+#ifdef WITH_AUDIT
|
||||||
|
+ audit_logger(AUDIT_USER_CMD, safe_cmnd, user_args, 0);
|
||||||
|
+#endif
|
||||||
|
warning("unable to execute %s", safe_cmnd);
|
||||||
|
exit(127);
|
||||||
|
} else if (ISSET(validated, FLAG_NO_USER | FLAG_NO_HOST)) {
|
||||||
|
audit_failure(NewArgv, "No user or host");
|
||||||
|
log_denial(validated, 1);
|
||||||
|
+#ifdef WITH_AUDIT
|
||||||
|
+ audit_logger(AUDIT_USER_CMD, safe_cmnd, user_args, 0);
|
||||||
|
+#endif
|
||||||
|
exit(1);
|
||||||
|
} else {
|
||||||
|
if (def_path_info) {
|
||||||
|
@@ -590,6 +614,9 @@ main(argc, argv, envp)
|
||||||
|
log_denial(validated, 1);
|
||||||
|
}
|
||||||
|
audit_failure(NewArgv, "validation failure");
|
||||||
|
+#ifdef WITH_AUDIT
|
||||||
|
+ audit_logger(AUDIT_USER_CMD, safe_cmnd, user_args, 0);
|
||||||
|
+#endif
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
exit(0); /* not reached */
|
||||||
|
diff -up sudo-1.7.2p6/sudo.h.audit sudo-1.7.2p6/sudo.h
|
||||||
|
--- sudo-1.7.2p6/sudo.h.audit 2010-04-14 15:25:49.000000000 +0200
|
||||||
|
+++ sudo-1.7.2p6/sudo.h 2010-04-14 15:25:49.000000000 +0200
|
||||||
|
@@ -22,6 +22,8 @@
|
||||||
|
#ifndef _SUDO_SUDO_H
|
||||||
|
#define _SUDO_SUDO_H
|
||||||
|
|
||||||
|
+#include <config.h>
|
||||||
|
+
|
||||||
|
#include <pathnames.h>
|
||||||
|
#include <limits.h>
|
||||||
|
#include "compat.h"
|
||||||
|
@@ -338,4 +340,14 @@ extern int sudo_mode;
|
||||||
|
extern int errno;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#ifdef WITH_AUDIT
|
||||||
|
+extern int audit_fd;
|
||||||
|
+extern void audit_help_open (void);
|
||||||
|
+extern void audit_logger (int, const char *, const char *, int);
|
||||||
|
+#ifdef HAVE_SELINUX
|
||||||
|
+# include <selinux/selinux.h>
|
||||||
|
+extern int send_audit_message(int, security_context_t, security_context_t, const char *);
|
||||||
|
+#endif /* HAVE_SELINUX */
|
||||||
|
+#endif /* WITH_AUDIT */
|
||||||
|
+
|
||||||
|
#endif /* _SUDO_SUDO_H */
|
15
sudo.spec
15
sudo.spec
@ -1,7 +1,7 @@
|
|||||||
Summary: Allows restricted root access for specified users
|
Summary: Allows restricted root access for specified users
|
||||||
Name: sudo
|
Name: sudo
|
||||||
Version: 1.7.2p5
|
Version: 1.7.2p6
|
||||||
Release: 2%{?dist}
|
Release: 1%{?dist}
|
||||||
License: BSD
|
License: BSD
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
URL: http://www.courtesan.com/sudo/
|
URL: http://www.courtesan.com/sudo/
|
||||||
@ -30,9 +30,7 @@ Patch4: sudo-1.7.1-libtool.patch
|
|||||||
# getgrouplist() to determine group membership (#235915)
|
# getgrouplist() to determine group membership (#235915)
|
||||||
Patch5: sudo-1.7.2p4-getgrouplist.patch
|
Patch5: sudo-1.7.2p4-getgrouplist.patch
|
||||||
# audit support improvement
|
# audit support improvement
|
||||||
Patch6: sudo-1.7.2p1-audit.patch
|
Patch6: sudo-1.7.2p6-audit.patch
|
||||||
# audit related Makefile.in and configure.in corrections
|
|
||||||
Patch7: sudo-1.7.2p2-libaudit.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Sudo (superuser do) allows a system administrator to give certain
|
Sudo (superuser do) allows a system administrator to give certain
|
||||||
@ -53,7 +51,6 @@ on many different machines.
|
|||||||
%patch4 -p1 -b .libtool
|
%patch4 -p1 -b .libtool
|
||||||
%patch5 -p1 -b .getgrouplist
|
%patch5 -p1 -b .getgrouplist
|
||||||
%patch6 -p1 -b .audit
|
%patch6 -p1 -b .audit
|
||||||
%patch7 -p1 -b .libaudit
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# handle newer autoconf
|
# handle newer autoconf
|
||||||
@ -135,6 +132,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%attr(0755,root,root) %{_libexecdir}/sesh
|
%attr(0755,root,root) %{_libexecdir}/sesh
|
||||||
%{_libexecdir}/sudo_noexec.*
|
%{_libexecdir}/sudo_noexec.*
|
||||||
%{_mandir}/man5/sudoers.5*
|
%{_mandir}/man5/sudoers.5*
|
||||||
|
%{_mandir}/man5/sudoers.ldap.5*
|
||||||
%{_mandir}/man8/sudo.8*
|
%{_mandir}/man8/sudo.8*
|
||||||
%{_mandir}/man8/sudoedit.8*
|
%{_mandir}/man8/sudoedit.8*
|
||||||
%{_mandir}/man8/visudo.8*
|
%{_mandir}/man8/visudo.8*
|
||||||
@ -144,6 +142,11 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
/bin/chmod 0440 /etc/sudoers || :
|
/bin/chmod 0440 /etc/sudoers || :
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Apr 14 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p6-1
|
||||||
|
- update to new upstream version
|
||||||
|
- merged .audit and .libaudit patch
|
||||||
|
- added sudoers.ldap.5* to files
|
||||||
|
|
||||||
* Mon Mar 1 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p5-2
|
* Mon Mar 1 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p5-2
|
||||||
- update to new upstream version
|
- update to new upstream version
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user