Accepting request 597343 from Base:System

OBS-URL: https://build.opensuse.org/request/show/597343 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=95
2018-04-23 13:24:41 +00:00 · 2018-04-23 13:24:41 +00:00 · 2d560cb03b
commit 2d560cb03b
parent 2b209e9f64 b023d1651d
4 changed files with 36 additions and 11 deletions
--- a/sudo-i.pamd
+++ b/sudo-i.pamd
@ -0,0 +1,7 @@
+#%PAM-1.0
+auth     include        common-auth
+account  include        common-account
+password include        common-password
+session  optional       pam_keyinit.so force revoke
+session  include        common-session
+# session  optional       pam_xauth.so
--- a/sudo.changes
+++ b/sudo.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Mon Apr 16 15:18:12 UTC 2018 - kstreitova@suse.com
+
+- integrate pam_keyinit pam module [bsc#1081947]
+  * add sudo-i.pamd PAM configuration file and install it as
+    /etc/pam.d/sudo-i
+  * add "session optional pam_keyinit.so revoke" to sudo.pamd and
+    "session optional pam_keyinit.so force revoke" to sudo-i.pamd
+  * add "--with-pam-login" build option to enable specific PAM
+    session for "sudo -i"
+- make pam configuration files (noreplace)
+- reorganize Sources
+
 -------------------------------------------------------------------
 Wed Apr  4 11:47:35 CEST 2018 - kukuk@suse.de

--- a/sudo.pamd
+++ b/sudo.pamd
@ -2,5 +2,6 @@
 auth     include        common-auth
 account  include        common-account
 password include        common-password
+session  optional       pam_keyinit.so revoke
 session  include        common-session
 # session  optional       pam_xauth.so
--- a/sudo.spec
+++ b/sudo.spec
@ -24,12 +24,13 @@ License:        ISC
 Group:          System/Base
 Url:            https://www.sudo.ws/
 Source0:        https://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz
-Source1:        sudo.pamd
-Source2:        README.SUSE
-Source3:        fate_313276_test.sh
-Source4:        README_313276.test
-Source5:        https://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz.sig
-Source6:        %{name}.keyring
+Source1:        https://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz.sig
+Source2:        %{name}.keyring
+Source3:        sudo.pamd
+Source4:        sudo-i.pamd
+Source5:        README.SUSE
+Source6:        fate_313276_test.sh
+Source7:        README_313276.test
 Patch0:         sudoers2ldif-env.patch
 # PATCH-OPENSUSE: the "SUSE" branding of the default sudo config
 Patch1:         sudo-sudoers.patch
@ -88,6 +89,7 @@ export LDFLAGS="-pie"
    --with-noexec=%{_libexecdir}/sudo/sudo_noexec.so \
    --enable-tmpfiles.d=%{_tmpfilesdir} \
    --with-pam \
+    --with-pam-login \
    --with-ldap \
    --with-selinux \
    --with-linux-audit \
@ -109,13 +111,14 @@ make %{?_smp_mflags}
 %install
 %make_install install_uid=`id -u` install_gid=`id -g`
 install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d
-install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/sudo
+install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/sudo
+install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/sudo-i
 mv %{buildroot}%{_docdir}/%{name}/sudoers2ldif %{buildroot}%{_sbindir}
 rm -f %{buildroot}%{_bindir}/sudoedit
 ln -sf %{_bindir}/sudo %{buildroot}%{_bindir}/sudoedit
 install -d -m 755 %{buildroot}%{_sysconfdir}/openldap/schema
 install -m 644 doc/schema.OpenLDAP %{buildroot}%{_sysconfdir}/openldap/schema/sudo.schema
-install -m 644 %{SOURCE2} %{buildroot}%{_docdir}/%{name}/
+install -m 644 %{SOURCE5} %{buildroot}%{_docdir}/%{name}/
 rm -f %{buildroot}%{_docdir}/%{name}/sample.pam
 rm -f %{buildroot}%{_docdir}/%{name}/sample.syslog.conf
 rm -f %{buildroot}%{_docdir}/%{name}/schema.OpenLDAP
@ -126,8 +129,8 @@ rm -f %{buildroot}%{_sysconfdir}/sudoers.dist
 cat sudoers.lang >> %{name}.lang
 # tests
 install -d -m 755 %{buildroot}%{_localstatedir}/lib/tests/sudo
-install -m 755 %{SOURCE3} %{buildroot}%{_localstatedir}/lib/tests/sudo
-install -m 755 %{SOURCE4} %{buildroot}%{_localstatedir}/lib/tests/sudo
+install -m 755 %{SOURCE6} %{buildroot}%{_localstatedir}/lib/tests/sudo
+install -m 755 %{SOURCE7} %{buildroot}%{_localstatedir}/lib/tests/sudo
 install -d %{buildroot}%{_docdir}/%{name}-test
 install -m 644 %{buildroot}%{_docdir}/%{name}/LICENSE %{buildroot}%{_docdir}/%{name}-test/LICENSE
 rm -fv %{buildroot}%{_docdir}/%{name}/LICENSE
@ -158,7 +161,8 @@ chmod 0440 %{_sysconfdir}/sudoers

 %config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
 %dir %{_sysconfdir}/sudoers.d
-%config %{_sysconfdir}/pam.d/sudo
+%config(noreplace) %{_sysconfdir}/pam.d/sudo
+%config(noreplace) %{_sysconfdir}/pam.d/sudo-i
 %attr(4755,root,root) %{_bindir}/sudo
 %dir %{_sysconfdir}/openldap
 %dir %{_sysconfdir}/openldap/schema