X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;ds=sidebyside;f=meta-starlingx%2Fmeta-stx-integ%2Frecipes-extended%2Fsudo%2Ffiles%2Fsudo-1.8.23-nowaitopt.patch;fp=meta-starlingx%2Fmeta-stx-integ%2Frecipes-extended%2Fsudo%2Ffiles%2Fsudo-1.8.23-nowaitopt.patch;h=a7a18a1d39ba41e7e62c4efa79ed9e545ef253f2;hb=e0634c6eaf2fe2641a0fb90e84a5defb880b1335;hp=0000000000000000000000000000000000000000;hpb=210d0f78485e760dffcdd3f630f59cec797f3f11;p=pti%2Frtp.git

diff --git a/meta-starlingx/meta-stx-integ/recipes-extended/sudo/files/sudo-1.8.23-nowaitopt.patch b/meta-starlingx/meta-stx-integ/recipes-extended/sudo/files/sudo-1.8.23-nowaitopt.patch
new file mode 100644
index 0000000..a7a18a1
--- /dev/null
+++ b/meta-starlingx/meta-stx-integ/recipes-extended/sudo/files/sudo-1.8.23-nowaitopt.patch
@@ -0,0 +1,75 @@
+From acbbefdbcf2951a2ce31fe4fc789cf8397a406cc Mon Sep 17 00:00:00 2001
+From: "Sar Ashki, Babak" <Babak.SarAshki@windriver.com>
+Date: Wed, 11 Dec 2019 19:43:19 -0800
+
+---
+ plugins/sudoers/def_data.c  |  4 ++++
+ plugins/sudoers/def_data.h  |  2 ++
+ plugins/sudoers/def_data.in |  3 +++
+ plugins/sudoers/sudoers.c   | 14 ++++++++++++++
+ 4 files changed, 23 insertions(+)
+
+diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c
+index 5fa45bb..9d7a842 100644
+--- a/plugins/sudoers/def_data.c
++++ b/plugins/sudoers/def_data.c
+@@ -498,6 +498,10 @@ struct sudo_defs_types sudo_defs_table[] = {
+ 	N_("Don't pre-resolve all group names"),
+ 	NULL,
+     }, {
++	"cmnd_no_wait", T_FLAG,
++	N_("Don't fork and wait for the command to finish, just exec it"),
++	NULL,
++    }, {
+ 	NULL, 0, NULL
+     }
+ };
+diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h
+index 940fa8f..68ceed0 100644
+--- a/plugins/sudoers/def_data.h
++++ b/plugins/sudoers/def_data.h
+@@ -228,6 +228,8 @@
+ #define def_case_insensitive_group (sudo_defs_table[I_CASE_INSENSITIVE_GROUP].sd_un.flag)
+ #define I_LEGACY_GROUP_PROCESSING 114
+ #define def_legacy_group_processing (sudo_defs_table[I_LEGACY_GROUP_PROCESSING].sd_un.flag)
++#define I_CMND_NO_WAIT          115
++#define def_cmnd_no_wait        (sudo_defs_table[I_CMND_NO_WAIT].sd_un.flag)
+ 
+ enum def_tuple {
+ 	never,
+diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in
+index 571bc96..4250917 100644
+--- a/plugins/sudoers/def_data.in
++++ b/plugins/sudoers/def_data.in
+@@ -360,3 +360,6 @@ case_insensitive_group
+ legacy_group_processing
+ 	T_FLAG
+ 	"Don't pre-resolve all group names"
++cmnd_no_wait
++	T_FLAG
++	"Don't fork and wait for the command to finish, just exec it"
+diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
+index d8f4dd0..00669b4 100644
+--- a/plugins/sudoers/sudoers.c
++++ b/plugins/sudoers/sudoers.c
+@@ -221,6 +221,20 @@ sudoers_policy_init(void *info, char * const envp[])
+         def_match_group_by_gid = false;
+ 	def_legacy_group_processing = false;
+     }
++
++    /*
++     * Emulate cmnd_no_wait option by disabling PAM session, PTY allocation
++     * and I/O logging. This will cause sudo to execute the given command
++     * directly instead of forking a separate process for it.
++     */
++    if (def_cmnd_no_wait) {
++        def_pam_setcred = false;
++        def_pam_session = false;
++        def_use_pty = false;
++        def_log_input = false;
++        def_log_output = false;
++    }
++
+ cleanup:
+     if (!restore_perms())
+ 	ret = -1;