Call the policy's init_session() function before we fork the child.

That way, the session is created and destroyed in the same process, which is needed by some modules, such as pam_mount.
2012-04-23 16:38:16 -04:00
parent 1480bb88b7
commit 23b7a1fa5c
8 changed files with 43 additions and 32 deletions
--- a/src/exec.c
+++ b/src/exec.c
@@ -99,6 +99,13 @@ static int fork_cmnd(struct command_details *details, int sv[2])
    sa.sa_handler = handler;
    sigaction(SIGCONT, &sa, NULL);

+    /*
+     * The policy plugin's session init must be run before we fork
+     * or certain pam modules won't be able to track their state.
+     */
+    if (policy_init_session(details) != true)
+	errorx(1, _("policy plugin failed session initialization"));
+
    child = sudo_debug_fork();
    switch (child) {
    case -1: