isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Call pam_getenvlist() after we've opened the session to get the

Browse Source 
session-specific environment variables.
This commit is contained in:
Todd C. Miller
2013-08-17 06:22:46 -06:00
parent 1a652757c2
commit f72f47aa1d
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
plugins/sudoers/auth/pam.c
View File

@@ -240,6 +240,15 @@ sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth)
if (def_pam_setcred)
(void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
if (def_pam_session) {
*pam_status = pam_open_session(pamh, 0);
if (*pam_status != PAM_SUCCESS) {
(void) pam_end(pamh, *pam_status | PAM_DATA_SILENT);
pamh = NULL;
status = AUTH_FAILURE;
}
}
#ifdef HAVE_PAM_GETENVLIST
/*
* Update environment based on what is stored in pamh.
@@ -260,15 +269,6 @@ sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth)
}
#endif /* HAVE_PAM_GETENVLIST */
if (def_pam_session) {
*pam_status = pam_open_session(pamh, 0);
if (*pam_status != PAM_SUCCESS) {
(void) pam_end(pamh, *pam_status | PAM_DATA_SILENT);
pamh = NULL;
status = AUTH_FAILURE;
}
}
done:
debug_return_int(status);
}