On 2014-11-16 14:33, martin f krafft wrote:
> also sprach intrigeri <intrig...@debian.org> [2014-11-16 13:58 +0200]:
>> If Bdale can't take care of it shortly, does anyone affected (who can
>> actually test that the resulting package fixes the problem for them)
>> want to NMU? I think DELAYED/2 or /5 would be appropriate.
>
> I am travelling this week without either a usable laptop, internet
> connection, or time slots. If Christian has time before the weekend…
I'm not a DD yet so I can't upload, but I forgot to mention that I
successfully tested the resulting package prior to submitting the patch.
I only now realized that the version of sudo in testing is still at
1.8.10p3-1. The diff to 1.8.11p2-1 is not trivial. However, given that
1.8.11p1-1 was uploaded on Oct 20th, and the 1.8.11p2-1 upload on Oct
30th (which reset the 10-day clock) only contained a single bug fix, the
RT might be lenient regarding an unblock.
If the RT should insist on a fix targeting 1.8.10p2-1, please find
attached the patch, backported to that version. The resulting package
tested successfully on my jessie system.
Regards,
Christian
Index: sudo-1.8.10p3/plugins/sudoers/sudoers.c
===================================================================
--- sudo-1.8.10p3.orig/plugins/sudoers/sudoers.c
+++ sudo-1.8.10p3/plugins/sudoers/sudoers.c
@@ -799,32 +799,69 @@ set_loginclass(struct passwd *pw)
#endif
/*
- * Look up the fully qualified domain name and set user_host and user_shost.
+ * Look up the fully qualified domain name of user_host and user_runhost.
+ * Sets user_host, user_shost, user_runhost and user_srunhost.
* Use AI_FQDN if available since "canonical" is not always the same as fqdn.
*/
static void
set_fqdn(void)
{
struct addrinfo *res0, hint;
+ bool remote;
char *p;
debug_decl(set_fqdn, SUDO_DEBUG_PLUGIN)
+ /* If the -h flag was given we need to resolve both host and runhost. */
+ remote = strcmp(user_runhost, user_host) != 0;
+
memset(&hint, 0, sizeof(hint));
hint.ai_family = PF_UNSPEC;
hint.ai_flags = AI_FQDN;
+
+ /* First resolve user_host, sets user_host and user_shost. */
if (getaddrinfo(user_host, NULL, &hint, &res0) != 0) {
log_warning(MSG_ONLY, N_("unable to resolve host %s"), user_host);
} else {
if (user_shost != user_host)
efree(user_shost);
efree(user_host);
- user_host = estrdup(res0->ai_canonname);
+ user_host = user_shost = estrdup(res0->ai_canonname);
freeaddrinfo(res0);
if ((p = strchr(user_host, '.')) != NULL)
user_shost = estrndup(user_host, (size_t)(p - user_host));
- else
- user_shost = user_host;
}
+
+ /* Next resolve user_runhost, sets user_runhost and user_srunhost. */
+ if (remote) {
+ if (getaddrinfo(user_runhost, NULL, &hint, &res0) != 0) {
+ log_warning(MSG_ONLY,
+ N_("unable to resolve host %s"), user_runhost);
+ } else {
+ if (user_srunhost != user_runhost)
+ efree(user_srunhost);
+ efree(user_runhost);
+ user_runhost = user_srunhost = estrdup(res0->ai_canonname);
+ freeaddrinfo(res0);
+ if ((p = strchr(user_runhost, '.'))) {
+ user_srunhost =
+ estrndup(user_runhost, (size_t)(p - user_runhost));
+ }
+ }
+ } else {
+ /* Not remote, just use user_host. */
+ if (user_srunhost != user_runhost)
+ efree(user_srunhost);
+ efree(user_runhost);
+ user_runhost = user_srunhost = estrdup(user_host);
+ if ((p = strchr(user_runhost, '.'))) {
+ user_srunhost =
+ estrndup(user_runhost, (size_t)(p - user_runhost));
+ }
+ }
+
+ sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
+ "host %s, shost %s, runhost %s, srunhost %s",
+ user_host, user_shost, user_runhost, user_srunhost);
debug_return;
}
