Add pam_service and pam_login_service sudoers settings to control

the service name passed to pam_start.
2013-08-06 11:01:36 -06:00
parent 385e20c7bc
commit 52954481e1
10 changed files with 263 additions and 173 deletions
--- a/plugins/sudoers/auth/pam.c
+++ b/plugins/sudoers/auth/pam.c
@@ -93,12 +93,8 @@ sudo_pam_init(struct passwd *pw, sudo_auth *auth)
    if (auth != NULL)
 	auth->data = (void *) &pam_status;
    pam_conv.conv = converse;
-#ifdef HAVE_PAM_LOGIN
-    if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
-	pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh);
-    else
-#endif
-	pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
+    pam_status = pam_start(ISSET(sudo_mode, MODE_LOGIN_SHELL) ?
+	def_pam_login_service : def_pam_service, pw->pw_name, &pam_conv, &pamh);
    if (pam_status != PAM_SUCCESS) {
 	log_warning(USE_ERRNO|NO_MAIL, N_("unable to initialize PAM"));
 	debug_return_int(AUTH_FATAL);