33 lines
922 B
Diff
33 lines
922 B
Diff
|
--- sudo-1.6.8p8/auth/pam.c.sess 2005-05-24 16:38:35.976866872 +0200
|
||
|
+++ sudo-1.6.8p8/auth/pam.c 2005-05-24 16:39:50.061604280 +0200
|
||
|
@@ -175,6 +175,8 @@
|
||
|
pam_prep_user(pw)
|
||
|
struct passwd *pw;
|
||
|
{
|
||
|
+ int error;
|
||
|
+
|
||
|
if (pamh == NULL)
|
||
|
pam_init(pw, NULL, NULL);
|
||
|
|
||
|
@@ -195,6 +197,20 @@
|
||
|
*/
|
||
|
(void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
|
||
|
|
||
|
+ /*
|
||
|
+ * That's enough initialize PAM session in this function, because
|
||
|
+ * sudo calls it before exec()
|
||
|
+ */
|
||
|
+ if ((error = pam_open_session(pamh, 0))!=PAM_SUCCESS) {
|
||
|
+ pam_end(pamh, error);
|
||
|
+ return(AUTH_FAILURE);
|
||
|
+ }
|
||
|
+ /*
|
||
|
+ * For example settings from pam_limits are persistent after pam_session_close() and
|
||
|
+ * it's probably more clean call pam_close_session() than omit it.
|
||
|
+ */
|
||
|
+ pam_close_session(pamh, 0);
|
||
|
+
|
||
|
if (pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT) == PAM_SUCCESS)
|
||
|
return(AUTH_SUCCESS);
|
||
|
else
|