isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix a PAM_USER mismatch in session open/close. We update PAM_USER

Browse Source 
to the target user immediately before setting resource limits, which
is after the monitor process has forked (so it has the old value).
Also, if the user did not authenticate, there is no pamh in the
monitor so we need to init pam here too.  This means we end up
calling pam_start() twice, which should be fixed, but at least the
session is always properly closed now.
This commit is contained in:
Todd C. Miller
2011-09-27 11:13:44 -04:00
parent 7304bc744e
commit c5f8dc95c6
4 changed files with 19 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/sudoers/auth/sudo_auth.h
View File

@@ -33,7 +33,7 @@ typedef struct sudo_auth {
int (*verify)(struct passwd *pw, char *p, struct sudo_auth *auth);
int (*cleanup)(struct passwd *pw, struct sudo_auth *auth);
int (*begin_session)(struct passwd *pw, struct sudo_auth *auth);
int (*end_session)(struct sudo_auth *auth);
int (*end_session)(struct passwd *pw, struct sudo_auth *auth);
} sudo_auth;
/* Values for sudo_auth.flags. */
@@ -62,7 +62,7 @@ int pam_init(struct passwd *pw, char **prompt, sudo_auth *auth);
int pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth);
int pam_cleanup(struct passwd *pw, sudo_auth *auth);
int pam_begin_session(struct passwd *pw, sudo_auth *auth);
int pam_end_session(sudo_auth *auth);
int pam_end_session(struct passwd *pw, sudo_auth *auth);
int sia_setup(struct passwd *pw, char **prompt, sudo_auth *auth);
int sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth);
int sia_cleanup(struct passwd *pw, sudo_auth *auth);