From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Wed, 14 Jul 2010 13:36:05 +0000 (-0400)
Subject: Add debian 4/5/6 and use the dot when doing version matches
X-Git-Tag: SUDO_1_8_0~387
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a7dac1fc259dd6aa400b5556c907a3552651485f;p=sudo

Add debian 4/5/6 and use the dot when doing version matches
---

diff --git a/mkpkg b/mkpkg
index 11faa56c5..cb78e8d76 100755
--- a/mkpkg
+++ b/mkpkg
@@ -1,4 +1,9 @@
 #!/bin/sh
+#
+# Build a binary package using polypkg
+# Usage: mkpkg
+#
+# TODO: add flavors (e.g. LDAP)
 
 IFS=
 
@@ -23,7 +28,7 @@ esac
 # Choose configure options by platform.
 # We use the same configure options as vendor packages when possible.
 case "$platform" in
-    centos4*|rhel4*)
+    centos4.*|rhel4.*)
 	# Note, must indent with tabs, not spaces due to IFS trickery
 	prefix=/usr
 	configure_opts="
@@ -40,7 +45,7 @@ case "$platform" in
 		--with-selinux
 		--with-passprompt=[sudo] password for %p: "
 	;;
-    centos5*|rhel5*)
+    centos5.*|rhel5.*)
 	# Note, must indent with tabs, not spaces due to IFS trickery
 	prefix=/usr
 	configure_opts="
@@ -59,7 +64,7 @@ case "$platform" in
 		--with-passprompt=[sudo] password for %p: "
 	export CFLAGS="$F_PIE" LDFLAGS="-pie"
 	;;
-    sles9*)
+    sles9.*)
 	prefix=/usr
 	# SuSE doesn't have /usr/libexec
 	case "$platform" in
@@ -84,7 +89,7 @@ case "$platform" in
 
 	make_opts='docdir=$(datarootdir)/doc/packages/$(PACKAGE_TARNAME)'
 	;;
-    sles10*)
+    sles10.*)
 	prefix=/usr
 	# SuSE doesn't have /usr/libexec
 	case "$platform" in
@@ -92,7 +97,7 @@ case "$platform" in
 	    *)		libexec=lib;;
 	esac
 	# Note, must indent with tabs, not spaces due to IFS trickery
-	# XXX - SuSE uses secure path only for env_reset
+	# XXX - SuSE uses secure path but only for env_reset
 	configure_opts="
 		--prefix=$prefix
 		--libexecdir=$prefix/$libexec/sudo
@@ -111,7 +116,7 @@ case "$platform" in
 	make_opts='docdir=$(datarootdir)/doc/packages/$(PACKAGE_TARNAME)'
 	export CFLAGS="$F_PIE" LDFLAGS="-pie"
 	;;
-    sles11*)
+    sles11.*)
 	prefix=/usr
 	# SuSE doesn't have /usr/libexec
 	case "$platform" in
@@ -119,7 +124,7 @@ case "$platform" in
 	    *)		libexec=lib;;
 	esac
 	# Note, must indent with tabs, not spaces due to IFS trickery
-	# XXX - SuSE uses secure path only for env_reset
+	# XXX - SuSE uses secure path but only for env_reset
 	configure_opts="
 		--prefix=$prefix
 		--libexecdir=$prefix/$libexec/sudo
@@ -139,16 +144,17 @@ case "$platform" in
 	make_opts='docdir=$(datarootdir)/doc/packages/$(PACKAGE_TARNAME)'
 	export CFLAGS="$F_PIE" LDFLAGS="-pie"
 	;;
-    deb4*)
+    deb[456].*)
 	# XXX - create sudo group like debian does
-	# XXX - newer deb moved timestamps to /var/lib/sudo
+	#	debian now has a %sudo entry in its sample sudoers
+	# XXX - debian has separate ldap and non-ldap packages
 	# Note, must indent with tabs, not spaces due to IFS trickery
 	configure_opts="
 		--prefix=/usr
-		--with-ldap
 		--with-all-insults
 		--with-exempt=sudo
 		--with-pam
+		--with-ldap
 		--with-fqdn
 		--with-logging=syslog
 		--with-logfac=authpriv
@@ -156,9 +162,12 @@ case "$platform" in
 		--with-editor=/usr/bin/editor
 		--with-timeout=15
 		--with-password-timeout=0
+		--with-passprompt=[sudo] password for %p: 
+		--with-timedir=/var/lib/sudo
 		--disable-root-mailer
 		--disable-setresuid
 		--with-sendmail=/usr/sbin/sendmail
+		--with-ldap-conf-file=/etc/ldap/ldap.conf
 		--mandir=/usr/share/man
 		--libexecdir=/usr/lib/sudo
 		--with-secure-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
diff --git a/sudo.pp b/sudo.pp
index 89d938a9c..917a4ec54 100644
--- a/sudo.pp
+++ b/sudo.pp
@@ -43,7 +43,7 @@ still allow people to get their work done."
 
   # Choose the correct PAM file by distro
   case "$pp_rpm_distro" in
-    centos4*|rhel4*)
+    centos4.*|rhel4.*)
         mkdir -p ${pp_destdir}/etc/pam.d
 	cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
 	#%PAM-1.0
@@ -53,7 +53,7 @@ still allow people to get their work done."
 	session    required	pam_limits.so
 	EOF
 	;;
-    centos5*|rhel5*)
+    centos5.*|rhel5.*)
         mkdir -p ${pp_destdir}/etc/pam.d
 	cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
 	#%PAM-1.0
@@ -72,7 +72,7 @@ still allow people to get their work done."
 	session    required	pam_limits.so
 	EOF
 	;;
-    sles9*)
+    sles9.*)
         mkdir -p ${pp_destdir}/etc/pam.d
 	cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
 	#%PAM-1.0
@@ -80,7 +80,7 @@ still allow people to get their work done."
 	session  required       pam_limits.so
 	EOF
 	;;
-    sles10*|sles11*)
+    sles10.*|sles11.*)
         mkdir -p ${pp_destdir}/etc/pam.d
 	cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
 	#%PAM-1.0
@@ -95,14 +95,17 @@ still allow people to get their work done."
 
 %set [deb]
   # Choose the correct PAM file by distro
-  # XXX - missing deb5 and others
   case "$pp_deb_distro" in
-    deb4.*)
+    deb[456].*)
         mkdir -p ${pp_destdir}/etc/pam.d
 	cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
 	#%PAM-1.0
+
 	@include common-auth
 	@include common-account
+
+	session required pam_permit.so
+	session required pam_limits.so
 	EOF
 	;;
   esac