make sudoers a conffile, update postinsts to reflect that

[debian/sudo] / set_perms.c

diff --git a/set_perms.c b/set_perms.c
index 4417330f976ad8b833350048a417ca6428413fb4..81e2e76057f618317350111ed5922e67bbe38211 100644 (file)
--- a/set_perms.c
+++ b/set_perms.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1994-1996,1998-2009 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1994-1996,1998-2010 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -34,11 +34,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
-# ifdef HAVE_STRINGS_H
-#  include <strings.h>
-# endif
 #endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */
@@ -51,10 +50,6 @@
 
 #include "sudo.h"
 
-#ifndef lint
-__unused static const char rcsid[] = "$Sudo: set_perms.c,v 1.49 2009/06/25 12:44:33 millert Exp $";
-#endif /* lint */
-
 #ifdef __TANDEM
 # define ROOT_UID      65535
 #else
@@ -490,10 +485,11 @@ static void
 runas_setgroups()
 {
     static int ngroups = -1;
-#ifdef HAVE_GETGROUPS
+# ifdef HAVE_GETGROUPS
     static GETGROUPS_T *groups;
-#endif
-    struct passwd *pw;
+# endif
+    static struct passwd *pw;
+    struct passwd *opw = pw;
 
     if (def_preserve_groups)
        return;
@@ -501,27 +497,37 @@ runas_setgroups()
     /*
      * Use stashed copy of runas groups if available, else initgroups and stash.
      */
-    if (ngroups == -1) {
-       pw = runas_pw ? runas_pw : sudo_user.pw;
+    pw = runas_pw ? runas_pw : sudo_user.pw;
+    if (pw != opw) {
+# ifdef HAVE_SETAUTHDB
+       aix_setauthdb(pw->pw_name);
+# endif
        if (initgroups(pw->pw_name, pw->pw_gid) < 0)
            log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector");
-#ifdef HAVE_GETGROUPS
+# ifdef HAVE_GETGROUPS
+       if (groups) {
+           efree(groups);
+           groups = NULL;
+       }
        if ((ngroups = getgroups(0, NULL)) > 0) {
            groups = emalloc2(ngroups, sizeof(GETGROUPS_T));
            if (getgroups(ngroups, groups) < 0)
                log_error(USE_ERRNO|MSG_ONLY, "can't get runas group vector");
        }
+#  ifdef HAVE_SETAUTHDB
+       aix_restoreauthdb();
+#  endif
     } else {
        if (setgroups(ngroups, groups) < 0)
            log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector");
-#endif /* HAVE_GETGROUPS */
+# endif /* HAVE_GETGROUPS */
     }
 }
 
 static void
 restore_groups()
 {
-    if (setgroups(user_ngroups, user_groups) < 0)
+    if (user_ngroups >= 0 && setgroups(user_ngroups, user_groups) < 0)
        log_error(USE_ERRNO|MSG_ONLY, "can't reset user group vector");
 }
 
@@ -553,10 +559,10 @@ runas_setup()
     if (runas_pw->pw_name != NULL) {
        gid = runas_gr ? runas_gr->gr_gid : runas_pw->pw_gid;
 #ifdef HAVE_GETUSERATTR
-       aix_setlimits(runas_pw->pw_name);
+       aix_prep_user(runas_pw->pw_name, user_ttypath);
 #endif
 #ifdef HAVE_PAM
-       pam_prep_user(runas_pw);
+       pam_begin_session(runas_pw);
 #endif /* HAVE_PAM */
 
 #ifdef HAVE_LOGIN_CAP_H