also use getgrouplist() to determine group membership (#235915)

2007-04-12 08:29:55 +00:00 · 2007-04-12 08:29:55 +00:00 · 05db95fdf1
parent e3e8515a40
commit 05db95fdf1
2 changed files with 67 additions and 1 deletions
--- a/sudo-1.6.8p12-getgrouplist.patch
+++ b/sudo-1.6.8p12-getgrouplist.patch
@ -0,0 +1,61 @@
+--- sudo-1.6.8p12/configure.in.getgrouplist	2007-04-12 10:16:12.000000000 +0200
+++ sudo-1.6.8p12/configure.in	2007-04-12 10:18:16.000000000 +0200
+@@ -1694,7 +1694,7 @@
+ dnl Function checks
+ dnl
+ AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
+-	       strftime setrlimit initgroups fstat gettimeofday)
+	       strftime setrlimit initgroups getgrouplist fstat gettimeofday)
+ AC_CHECK_FUNCS(seteuid, , [AC_DEFINE(NO_SAVED_IDS)])
+ if test -z "$SKIP_SETRESUID"; then
+     AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
+--- sudo-1.6.8p12/configure.getgrouplist	2005-10-28 02:48:25.000000000 +0200
+++ sudo-1.6.8p12/configure	2007-04-12 10:18:16.000000000 +0200
+@@ -24677,7 +24677,7 @@
+ 
+ 
+ for ac_func in strchr strrchr memchr memcpy memset sysconf tzset \
+-	       strftime setrlimit initgroups fstat gettimeofday
+	       strftime setrlimit initgroups getgrouplist fstat gettimeofday
+ do
+ as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ echo "$as_me:$LINENO: checking for $ac_func" >&5
+--- sudo-1.6.8p12/check.c.getgrouplist	2005-03-25 02:55:31.000000000 +0100
+++ sudo-1.6.8p12/check.c	2007-04-12 10:18:16.000000000 +0200
+@@ -299,6 +299,24 @@
+ 	    return(TRUE);
+     }
+ 
+#ifdef HAVE_GETGROUPLIST
+    {
+	gid_t *grouplist, grouptmp;
+	int n_groups, i;
+	n_groups = 1;
+	if (getgrouplist(user_name, user_gid, &grouptmp, &n_groups) == -1) {
+	    grouplist = (gid_t *) emalloc(sizeof(gid_t) * (n_groups + 1));
+	    if (getgrouplist(user_name, user_gid, grouplist, &n_groups) > 0)
+		for (i = 0; i < n_groups; i++)
+		    if (grouplist[i] == grp->gr_gid) {
+			free(grouplist);
+			return(TRUE);
+		    }
+	    free(grouplist);
+	}
+    }
+#endif
+
+     return(FALSE);
+ }
+ 
+--- sudo-1.6.8p12/config.h.in.getgrouplist	2007-04-12 10:16:12.000000000 +0200
+++ sudo-1.6.8p12/config.h.in	2007-04-12 10:18:16.000000000 +0200
+@@ -122,6 +122,9 @@
+ /* Define to 1 if you have the `getdomainname' function. */
+ #undef HAVE_GETDOMAINNAME
+ 
+/* Define to 1 if you have the `getgrouplist' function. */
+#undef HAVE_GETGROUPLIST
+
+ /* Define to 1 if you have the `getifaddrs' function. */
+ #undef HAVE_GETIFADDRS
+ 
--- a/sudo.spec
+++ b/sudo.spec
@ -1,7 +1,7 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
 Version: 1.6.8p12
-Release: 13%{?dist}
+Release: 14%{?dist}
 License: BSD
 Group: Applications/System
 URL: http://www.courtesan.com/sudo/
@ -28,6 +28,7 @@ Patch5: sudo-1.6.8p12-requiretty.patch
 Patch6: sudo-1.6.8p12-pam-login.patch
 # IPv6 support
 Patch7: sudo-1.6.8p12-ipv6.patch
+Patch8: sudo-1.6.8p12-getgrouplist.patch

 %description
 Sudo (superuser do) allows a system administrator to give certain
@ -48,6 +49,7 @@ on many different machines.
 %patch5 -p1 -b .tty
 %patch6 -p1 -b .login
 %patch7 -p1 -b .ipv6
+%patch8 -p1 -b .getgrouplist

 %build
 %ifarch s390 s390x
@ -127,6 +129,9 @@ rm -rf $RPM_BUILD_ROOT
 /bin/chmod 0440 /etc/sudoers || :

 %changelog
+* Thu Apr 12 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-14
+- also use getgrouplist() to determine group membership (#235915)
+
 * Mon Feb 26 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-13
 - fix some spec file issues