Now that pam_open_session() failure is fatal we should print and log

an error from it. Bug #744
2016-05-11 15:01:45 -06:00
parent d3622b0f2c
commit b0be9895d9
1 changed files with 3 additions and 2 deletions
--- a/plugins/sudoers/auth/pam.c
+++ b/plugins/sudoers/auth/pam.c
@@ -303,10 +303,11 @@ sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth)
 	*pam_status = pam_open_session(pamh, 0);
 	if (*pam_status != PAM_SUCCESS) {
 	    const char *errstr = pam_strerror(pamh, *pam_status);
-	    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
-		"pam_open_session: %s", errstr ? errstr : "unknown error");
+	    log_warningx(0, N_("pam_open_session: %s"),
+		errstr ? errstr : "unknown error");
 	    rc = pam_end(pamh, *pam_status | PAM_DATA_SILENT);
 	    if (rc != PAM_SUCCESS) {
+		errstr = pam_strerror(pamh, rc);
 		sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
 		    "pam_end: %s", errstr ? errstr : "unknown error");
 	    }