From b023d1651d6fff5eef2d4e3bfcde1f1e59d604adc5a08d1da87c84775c555359 Mon Sep 17 00:00:00 2001
From: Kristyna Streitova <kstreitova@suse.com>
Date: Tue, 17 Apr 2018 08:06:20 +0000
Subject: [PATCH] Accepting request 597150 from
 home:kstreitova:branches:Base:System

- integrate pam_keyinit pam module [bsc#1081947]
  * add sudo-i.pamd PAM configuration file and install it as
    /etc/pam.d/sudo-i
  * add "session optional pam_keyinit.so revoke" to sudo.pamd and
    "session optional pam_keyinit.so force revoke" to sudo-i.pamd
  * add "--with-pam-login" build option to enable specific PAM
    session for "sudo -i"
- make pam configuration files (noreplace)
- reorganize Sources

OBS-URL: https://build.opensuse.org/request/show/597150
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=137
---
 sudo-i.pamd  |  7 +++++++
 sudo.changes | 13 +++++++++++++
 sudo.pamd    |  1 +
 sudo.spec    | 26 +++++++++++++++-----------
 4 files changed, 36 insertions(+), 11 deletions(-)
 create mode 100644 sudo-i.pamd

diff --git a/sudo-i.pamd b/sudo-i.pamd
new file mode 100644
index 0000000..b778853
--- /dev/null
+++ b/sudo-i.pamd
@@ -0,0 +1,7 @@
+#%PAM-1.0
+auth     include        common-auth
+account  include        common-account
+password include        common-password
+session  optional       pam_keyinit.so force revoke
+session  include        common-session
+# session  optional       pam_xauth.so
diff --git a/sudo.changes b/sudo.changes
index 37f5703..59b52a4 100644
--- a/sudo.changes
+++ b/sudo.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Mon Apr 16 15:18:12 UTC 2018 - kstreitova@suse.com
+
+- integrate pam_keyinit pam module [bsc#1081947]
+  * add sudo-i.pamd PAM configuration file and install it as
+    /etc/pam.d/sudo-i
+  * add "session optional pam_keyinit.so revoke" to sudo.pamd and
+    "session optional pam_keyinit.so force revoke" to sudo-i.pamd
+  * add "--with-pam-login" build option to enable specific PAM
+    session for "sudo -i"
+- make pam configuration files (noreplace)
+- reorganize Sources
+
 -------------------------------------------------------------------
 Wed Apr  4 11:47:35 CEST 2018 - kukuk@suse.de
 
diff --git a/sudo.pamd b/sudo.pamd
index d639394..ed88ca7 100644
--- a/sudo.pamd
+++ b/sudo.pamd
@@ -2,5 +2,6 @@
 auth     include        common-auth
 account  include        common-account
 password include        common-password
+session  optional       pam_keyinit.so revoke
 session  include        common-session
 # session  optional       pam_xauth.so
diff --git a/sudo.spec b/sudo.spec
index 537cf46..d456054 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -24,12 +24,13 @@ License:        ISC
 Group:          System/Base
 Url:            https://www.sudo.ws/
 Source0:        https://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz
-Source1:        sudo.pamd
-Source2:        README.SUSE
-Source3:        fate_313276_test.sh
-Source4:        README_313276.test
-Source5:        https://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz.sig
-Source6:        %{name}.keyring
+Source1:        https://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz.sig
+Source2:        %{name}.keyring
+Source3:        sudo.pamd
+Source4:        sudo-i.pamd
+Source5:        README.SUSE
+Source6:        fate_313276_test.sh
+Source7:        README_313276.test
 Patch0:         sudoers2ldif-env.patch
 # PATCH-OPENSUSE: the "SUSE" branding of the default sudo config
 Patch1:         sudo-sudoers.patch
@@ -88,6 +89,7 @@ export LDFLAGS="-pie"
     --with-noexec=%{_libexecdir}/sudo/sudo_noexec.so \
     --enable-tmpfiles.d=%{_tmpfilesdir} \
     --with-pam \
+    --with-pam-login \
     --with-ldap \
     --with-selinux \
     --with-linux-audit \
@@ -109,13 +111,14 @@ make %{?_smp_mflags}
 %install
 %make_install install_uid=`id -u` install_gid=`id -g`
 install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d
-install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/sudo
+install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/sudo
+install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/sudo-i
 mv %{buildroot}%{_docdir}/%{name}/sudoers2ldif %{buildroot}%{_sbindir}
 rm -f %{buildroot}%{_bindir}/sudoedit
 ln -sf %{_bindir}/sudo %{buildroot}%{_bindir}/sudoedit
 install -d -m 755 %{buildroot}%{_sysconfdir}/openldap/schema
 install -m 644 doc/schema.OpenLDAP %{buildroot}%{_sysconfdir}/openldap/schema/sudo.schema
-install -m 644 %{SOURCE2} %{buildroot}%{_docdir}/%{name}/
+install -m 644 %{SOURCE5} %{buildroot}%{_docdir}/%{name}/
 rm -f %{buildroot}%{_docdir}/%{name}/sample.pam
 rm -f %{buildroot}%{_docdir}/%{name}/sample.syslog.conf
 rm -f %{buildroot}%{_docdir}/%{name}/schema.OpenLDAP
@@ -126,8 +129,8 @@ rm -f %{buildroot}%{_sysconfdir}/sudoers.dist
 cat sudoers.lang >> %{name}.lang
 # tests
 install -d -m 755 %{buildroot}%{_localstatedir}/lib/tests/sudo
-install -m 755 %{SOURCE3} %{buildroot}%{_localstatedir}/lib/tests/sudo
-install -m 755 %{SOURCE4} %{buildroot}%{_localstatedir}/lib/tests/sudo
+install -m 755 %{SOURCE6} %{buildroot}%{_localstatedir}/lib/tests/sudo
+install -m 755 %{SOURCE7} %{buildroot}%{_localstatedir}/lib/tests/sudo
 install -d %{buildroot}%{_docdir}/%{name}-test
 install -m 644 %{buildroot}%{_docdir}/%{name}/LICENSE %{buildroot}%{_docdir}/%{name}-test/LICENSE
 rm -fv %{buildroot}%{_docdir}/%{name}/LICENSE
@@ -158,7 +161,8 @@ chmod 0440 %{_sysconfdir}/sudoers
 
 %config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
 %dir %{_sysconfdir}/sudoers.d
-%config %{_sysconfdir}/pam.d/sudo
+%config(noreplace) %{_sysconfdir}/pam.d/sudo
+%config(noreplace) %{_sysconfdir}/pam.d/sudo-i
 %attr(4755,root,root) %{_bindir}/sudo
 %dir %{_sysconfdir}/openldap
 %dir %{_sysconfdir}/openldap/schema