sudo/sudo-1.6.9p4-login.patch

--- sudo-1.6.9p4/auth/pam.c.login	2007-07-22 14:14:53.000000000 +0200
+++ sudo-1.6.9p4/auth/pam.c	2007-08-20 11:08:33.000000000 +0200
@@ -89,7 +89,12 @@
     if (auth != NULL)
 	auth->data = (VOID *) &pam_status;
     pam_conv.conv = sudo_conv;
-    pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
+#ifdef HAVE_PAM_LOGIN
+    if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
+	    pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh);
+    else
+#endif
+	    pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
     if (pam_status != PAM_SUCCESS) {
 	log_error(USE_ERRNO|NO_EXIT|NO_MAIL, "unable to initialize PAM");
 	return(AUTH_FATAL);
--- sudo-1.6.9p4/env.c.login	2007-07-31 20:04:31.000000000 +0200
+++ sudo-1.6.9p4/env.c	2007-08-20 11:24:48.000000000 +0200
@@ -104,7 +104,7 @@
 /*
  * Prototypes
  */
-char **rebuild_env		__P((char **, int, int));
+char **rebuild_env              __P((char **, int));
 static void insert_env		__P((char *, struct environment *, int));
 static char *format_env		__P((char *, ...));
 
@@ -391,9 +391,8 @@
  * Also adds sudo-specific variables (SUDO_*).
  */
 char **
-rebuild_env(envp, sudo_mode, noexec)
+rebuild_env(envp, noexec)
     char **envp;
-    int sudo_mode;
     int noexec;
 {
     char **ep, *cp, *ps1;
--- sudo-1.6.9p4/configure.in.login	2007-08-15 15:48:51.000000000 +0200
+++ sudo-1.6.9p4/configure.in	2007-08-20 11:08:33.000000000 +0200
@@ -351,6 +351,17 @@
 		;;
 esac])
 
+AC_ARG_WITH(pam-login, [  --with-pam-login              enable specific PAM session for sudo -i],
+[case $with_pam_login in
+    yes)	AC_DEFINE([HAVE_PAM_LOGIN], [], ["Define to 1 if you use specific PAM session for sodo -i."])	
+		AC_MSG_CHECKING(whether to use PAM login)
+		AC_MSG_RESULT(yes)
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR(["--with-pam-login does not take an argument."])
+		;;
+esac])
+
 AC_ARG_WITH(AFS, [  --with-AFS              enable AFS support],
 [case $with_AFS in
     yes)	AC_DEFINE(HAVE_AFS)
--- sudo-1.6.9p4/sudo.h.login	2007-07-06 16:14:34.000000000 +0200
+++ sudo-1.6.9p4/sudo.h	2007-08-20 11:33:45.000000000 +0200
@@ -268,6 +268,7 @@
 extern FILE *sudoers_fp;
 extern int tgetpass_flags;
 extern uid_t timestamp_uid;
+extern int sudo_mode;
 #endif
 #ifndef errno
 extern int errno;
--- sudo-1.6.9p4/sudo.c.login	2007-08-15 15:48:56.000000000 +0200
+++ sudo-1.6.9p4/sudo.c	2007-08-20 11:34:07.000000000 +0200
@@ -122,7 +122,7 @@
 static struct passwd *get_authpw	__P((void));
 extern int sudo_edit			__P((int, char **, char **));
 extern void list_matches		__P((void));
-extern char **rebuild_env		__P((char **, int, int));
+extern char **rebuild_env               __P((char **, int));
 extern void validate_env_vars		__P((struct list_member *));
 extern char **insert_env_vars		__P((char **, struct list_member *));
 extern struct passwd *sudo_getpwnam	__P((const char *));
@@ -153,6 +153,7 @@
 char *login_style;
 #endif /* HAVE_BSD_AUTH_H */
 sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp, saved_sa_chld;
+int sudo_mode;
 
 
 int
@@ -164,7 +165,6 @@
     int validated;
     int fd;
     int cmnd_status;
-    int sudo_mode;
     int pwflag;
     sigaction_t sa;
     extern int printmatches;
@@ -347,7 +347,7 @@
 	def_env_reset = FALSE;
 
     /* Build a new environment that avoids any nasty bits. */
-    environ = rebuild_env(environ, sudo_mode, ISSET(validated, FLAG_NOEXEC));
+    environ = rebuild_env(envp, ISSET(validated, FLAG_NOEXEC));
 
     /* Fill in passwd struct based on user we are authenticating as.  */
     auth_pw = get_authpw();
- upgrade to upstream release 2007-08-20 12:11:21 +00:00			`--- sudo-1.6.9p4/auth/pam.c.login 2007-07-22 14:14:53.000000000 +0200`
			`+++ sudo-1.6.9p4/auth/pam.c 2007-08-20 11:08:33.000000000 +0200`
IPv6 and keyring support 2006-07-16 22:37:37 +00:00			`@@ -89,7 +89,12 @@`
			`if (auth != NULL)`
			`auth->data = (VOID *) &pam_status;`
			`pam_conv.conv = sudo_conv;`
			`- pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);`
			`+#ifdef HAVE_PAM_LOGIN`
			`+ if (ISSET(sudo_mode, MODE_LOGIN_SHELL))`
			`+ pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh);`
			`+ else`
			`+#endif`
			`+ pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);`
			`if (pam_status != PAM_SUCCESS) {`
			`log_error(USE_ERRNO\|NO_EXIT\|NO_MAIL, "unable to initialize PAM");`
			`return(AUTH_FATAL);`
- upgrade to upstream release 2007-08-20 12:11:21 +00:00			`--- sudo-1.6.9p4/env.c.login 2007-07-31 20:04:31.000000000 +0200`
			`+++ sudo-1.6.9p4/env.c 2007-08-20 11:24:48.000000000 +0200`
			`@@ -104,7 +104,7 @@`
IPv6 and keyring support 2006-07-16 22:37:37 +00:00			`/*`
			`* Prototypes`
			`*/`
			`-char rebuild_env __P((char , int, int));`
- upgrade to upstream release 2007-08-20 12:11:21 +00:00			`+char rebuild_env __P((char , int));`
			`static void insert_env __P((char , struct environment , int));`
IPv6 and keyring support 2006-07-16 22:37:37 +00:00			`static char format_env __P((char , ...));`
- upgrade to upstream release 2007-08-20 12:11:21 +00:00
			`@@ -391,9 +391,8 @@`
IPv6 and keyring support 2006-07-16 22:37:37 +00:00			`* Also adds sudo-specific variables (SUDO_*).`
			`*/`
			`char **`
			`-rebuild_env(envp, sudo_mode, noexec)`
			`+rebuild_env(envp, noexec)`
			`char **envp;`
			`- int sudo_mode;`
			`int noexec;`
			`{`
			`char *ep, cp, *ps1;`
- upgrade to upstream release 2007-08-20 12:11:21 +00:00			`--- sudo-1.6.9p4/configure.in.login 2007-08-15 15:48:51.000000000 +0200`
			`+++ sudo-1.6.9p4/configure.in 2007-08-20 11:08:33.000000000 +0200`
			`@@ -351,6 +351,17 @@`
			`;;`
			`esac])`

			`+AC_ARG_WITH(pam-login, [ --with-pam-login enable specific PAM session for sudo -i],`
			`+[case $with_pam_login in`
fix autotools stuff and add audit support 2007-08-30 16:21:58 +00:00			`+ yes) AC_DEFINE([HAVE_PAM_LOGIN], [], ["Define to 1 if you use specific PAM session for sodo -i."])`
- upgrade to upstream release 2007-08-20 12:11:21 +00:00			`+ AC_MSG_CHECKING(whether to use PAM login)`
			`+ AC_MSG_RESULT(yes)`
			`+ ;;`
			`+ no) ;;`
			`+ *) AC_MSG_ERROR(["--with-pam-login does not take an argument."])`
			`+ ;;`
			`+esac])`
			`+`
			`AC_ARG_WITH(AFS, [ --with-AFS enable AFS support],`
			`[case $with_AFS in`
			`yes) AC_DEFINE(HAVE_AFS)`
			`--- sudo-1.6.9p4/sudo.h.login 2007-07-06 16:14:34.000000000 +0200`
			`+++ sudo-1.6.9p4/sudo.h 2007-08-20 11:33:45.000000000 +0200`
			`@@ -268,6 +268,7 @@`
IPv6 and keyring support 2006-07-16 22:37:37 +00:00			`extern FILE *sudoers_fp;`
			`extern int tgetpass_flags;`
			`extern uid_t timestamp_uid;`
			`+extern int sudo_mode;`
			`#endif`
- upgrade to upstream release 2007-08-20 12:11:21 +00:00			`#ifndef errno`
			`extern int errno;`
			`--- sudo-1.6.9p4/sudo.c.login 2007-08-15 15:48:56.000000000 +0200`
			`+++ sudo-1.6.9p4/sudo.c 2007-08-20 11:34:07.000000000 +0200`
			`@@ -122,7 +122,7 @@`
			`static struct passwd *get_authpw __P((void));`
			`extern int sudo_edit __P((int, char , char ));`
			`extern void list_matches __P((void));`
			`-extern char rebuild_env __P((char , int, int));`
			`+extern char rebuild_env __P((char , int));`
			`extern void validate_env_vars __P((struct list_member *));`
			`extern char insert_env_vars __P((char , struct list_member *));`
			`extern struct passwd sudo_getpwnam __P((const char ));`
			`@@ -153,6 +153,7 @@`
			`char *login_style;`
			`#endif /* HAVE_BSD_AUTH_H */`
			`sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp, saved_sa_chld;`
			`+int sudo_mode;`
IPv6 and keyring support 2006-07-16 22:37:37 +00:00

- upgrade to upstream release 2007-08-20 12:11:21 +00:00			`int`
			`@@ -164,7 +165,6 @@`
			`int validated;`
			`int fd;`
			`int cmnd_status;`
			`- int sudo_mode;`
			`int pwflag;`
			`sigaction_t sa;`
			`extern int printmatches;`
			`@@ -347,7 +347,7 @@`
			`def_env_reset = FALSE;`

			`/* Build a new environment that avoids any nasty bits. */`
			`- environ = rebuild_env(environ, sudo_mode, ISSET(validated, FLAG_NOEXEC));`
			`+ environ = rebuild_env(envp, ISSET(validated, FLAG_NOEXEC));`

			`/* Fill in passwd struct based on user we are authenticating as. */`
			`auth_pw = get_authpw();`