Attachment #310851 for bug #390459

View | Details | Raw Unified | Return to bug 390459
Collapse All | Expand All




++ sudo-1.8.3p1/src/sudo.c

    char * const argv[], int verbose, const char *list_user);
static int policy_validate(struct plugin_container *plugin);
static void policy_invalidate(struct plugin_container *plugin, int remove);
static int policy_init_session(struct plugin_container *plugin,
    struct passwd *pwd);

/* I/O log plugin convenience functions. */
static int iolog_open(struct plugin_container *plugin, char * const settings[],

    aix_restoreauthdb();
#endif

    /*
     * Call policy plugin's session init before other setup occurs.
     * The session init code is expected to print an error as needed.
     */
    if (policy_init_session(&policy_plugin, pw) != TRUE)
	goto done;

#ifdef HAVE_SELINUX
    if (ISSET(details->flags, CD_RBAC_ENABLED)) {
	if (selinux_setup(details->selinux_role, details->selinux_type,

    plugin->u.policy->invalidate(remove);
}

int
policy_init_session(struct command_details *details)
{
    struct passwd *pw;
    if (policy_plugin.u.policy->init_session) {
#ifdef HAVE_SETAUTHDB
        aix_setauthdb(IDtouser(details->euid));
#endif
        pw = getpwuid(details->euid);
#ifdef HAVE_SETAUTHDB
        aix_restoreauthdb();
#endif
	return policy_plugin.u.policy->init_session(pw);
    }
    return TRUE;
}

++ sudo-1.8.3p1/src/exec_pty.c

	}
    }

    /*
     * The policy plugin's session init must be run before we fork
     * or certain pam modules won't be able to track their state.
     */
    if (policy_init_session(details) != TRUE)
       exit(1); /* XXX */

    child = fork();
    switch (child) {
    case -1:
++ sudo-1.8.3p1/src/exec.c

    sa.sa_handler = handler;
    sigaction(SIGCONT, &sa, NULL);

    /*
     * The policy plugin's session init must be run before we fork
     * or certain pam modules won't be able to track their state.
     */
    if (policy_init_session(details) != TRUE)
       exit(1); /* XXX */

    child = fork();
    switch (child) {
    case -1:
++ sudo-1.8.3p1/src/sudo.h


/* sudo.c */
int exec_setup(struct command_details *details, const char *ptyname, int ptyfd);
int policy_init_session(struct command_details *details);
int run_command(struct command_details *details);
void sudo_debug(int level, const char *format, ...) __printflike(2, 3);
extern int debug_level;

Return to bug 390459

Line Link Here

(-)file_not_specified_in_diff (-17 / +32 lines)
0	-- sudo-1.8.3p1.orig/src/sudo.c	0	++ sudo-1.8.3p1/src/sudo.c
Lines 135-142 static int policy_list(struct plugin_con Link Here
135	char * const argv[], int verbose, const char *list_user);	135	char * const argv[], int verbose, const char *list_user);
136	static int policy_validate(struct plugin_container *plugin);	136	static int policy_validate(struct plugin_container *plugin);
137	static void policy_invalidate(struct plugin_container *plugin, int remove);	137	static void policy_invalidate(struct plugin_container *plugin, int remove);
138	static int policy_init_session(struct plugin_container *plugin,
139	struct passwd *pwd);
140		138
141	/* I/O log plugin convenience functions. */	139	/* I/O log plugin convenience functions. */
142	static int iolog_open(struct plugin_container plugin, char const settings[],	140	static int iolog_open(struct plugin_container plugin, char const settings[],
Lines 903-915 exec_setup(struct command_details *detai Link Here
903	aix_restoreauthdb();	901	aix_restoreauthdb();
904	#endif	902	#endif
905		903
906	/*
907	* Call policy plugin's session init before other setup occurs.
908	* The session init code is expected to print an error as needed.
909	*/
910	if (policy_init_session(&policy_plugin, pw) != TRUE)
911	goto done;
912
913	#ifdef HAVE_SELINUX	904	#ifdef HAVE_SELINUX
914	if (ISSET(details->flags, CD_RBAC_ENABLED)) {	905	if (ISSET(details->flags, CD_RBAC_ENABLED)) {
915	if (selinux_setup(details->selinux_role, details->selinux_type,	906	if (selinux_setup(details->selinux_role, details->selinux_type,
Lines 1157-1167 policy_invalidate(struct plugin_containe Link Here
1157	plugin->u.policy->invalidate(remove);	1148	plugin->u.policy->invalidate(remove);
1158	}	1149	}
1159		1150
1160	static int	1151	int
1161	policy_init_session(struct plugin_container plugin, struct passwd pwd)	1152	policy_init_session(struct command_details *details)
1162	{	1153	{
1163	if (plugin->u.policy->init_session)	1154	struct passwd *pw;
1164	return plugin->u.policy->init_session(pwd);	1155	if (policy_plugin.u.policy->init_session) {
		1156	#ifdef HAVE_SETAUTHDB
		1157	aix_setauthdb(IDtouser(details->euid));
		1158	#endif
		1159	pw = getpwuid(details->euid);
		1160	#ifdef HAVE_SETAUTHDB
		1161	aix_restoreauthdb();
		1162	#endif
		1163	return policy_plugin.u.policy->init_session(pw);
		1164	}
1165	return TRUE;	1165	return TRUE;
1166	}	1166	}
1167		1167
1168	-- sudo-1.8.3p1.orig/src/exec_pty.c	1168	++ sudo-1.8.3p1/src/exec_pty.c
Lines 567-572 fork_pty(struct command_details *details Link Here
567	}	567	}
568	}	568	}
569		569
		570	/*
		571	* The policy plugin's session init must be run before we fork
		572	* or certain pam modules won't be able to track their state.
		573	*/
		574	if (policy_init_session(details) != TRUE)
		575	exit(1); /* XXX */
		576
570	child = fork();	577	child = fork();
571	switch (child) {	578	switch (child) {
572	case -1:	579	case -1:
573	-- sudo-1.8.3p1.orig/src/exec.c	580	++ sudo-1.8.3p1/src/exec.c
Lines 119-124 static int fork_cmnd(struct command_deta Link Here
119	sa.sa_handler = handler;	119	sa.sa_handler = handler;
120	sigaction(SIGCONT, &sa, NULL);	120	sigaction(SIGCONT, &sa, NULL);
121		121
		122	/*
		123	* The policy plugin's session init must be run before we fork
		124	* or certain pam modules won't be able to track their state.
		125	*/
		126	if (policy_init_session(details) != TRUE)
		127	exit(1); /* XXX */
		128
122	child = fork();	129	child = fork();
123	switch (child) {	130	switch (child) {
124	case -1:	131	case -1:
125	-- sudo-1.8.3p1.orig/src/sudo.h	132	++ sudo-1.8.3p1/src/sudo.h
Lines 201-206 void get_ttysize(int rowp, int colp); Link Here
201		201
202	/* sudo.c */	202	/* sudo.c */
203	int exec_setup(struct command_details details, const char ptyname, int ptyfd);	203	int exec_setup(struct command_details details, const char ptyname, int ptyfd);
		204	int policy_init_session(struct command_details *details);
204	int run_command(struct command_details *details);	205	int run_command(struct command_details *details);
205	void sudo_debug(int level, const char *format, ...) __printflike(2, 3);	206	void sudo_debug(int level, const char *format, ...) __printflike(2, 3);
206	extern int debug_level;	207	extern int debug_level;