sudo-pam-sess.patch

   1 --- sudo-1.6.8p8/auth/pam.c.sess        2005-05-24 16:38:35.976866872 +0200
   2 +++ sudo-1.6.8p8/auth/pam.c     2005-05-24 16:39:50.061604280 +0200
   3 @@ -175,6 +175,8 @@
   4  pam_prep_user(pw)
   5      struct passwd *pw;
   6  {
   7 +    int error;
   8 +
   9      if (pamh == NULL)
  10         pam_init(pw, NULL, NULL);
  11
  12 @@ -195,6 +197,20 @@
  13       */
  14      (void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
  15
  16 +    /*
  17 +     * That's enough initialize PAM session in this function, because
  18 +     * sudo calls it before exec()
  19 +     */
  20 +    if ((error = pam_open_session(pamh, 0))!=PAM_SUCCESS) {
  21 +           pam_end(pamh, error);
  22 +           return(AUTH_FAILURE);
  23 +    }
  24 +    /*
  25 +     * For example settings from pam_limits are persistent after pam_session_close() and
  26 +     * it's probably more clean call pam_close_session() than omit it.
  27 +     */
  28 +    pam_close_session(pamh, 0);
  29 +
  30      if (pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT) == PAM_SUCCESS)
  31         return(AUTH_SUCCESS);
  32      else