SOURCES: sudo-pam-sess.patch (NEW) - add PAM session support to sudo
baggins
baggins at pld-linux.org
Tue Mar 27 17:29:03 CEST 2007
Author: baggins Date: Tue Mar 27 15:29:03 2007 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- add PAM session support to sudo
---- Files affected:
SOURCES:
sudo-pam-sess.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/sudo-pam-sess.patch
diff -u /dev/null SOURCES/sudo-pam-sess.patch:1.1
--- /dev/null Tue Mar 27 17:29:03 2007
+++ SOURCES/sudo-pam-sess.patch Tue Mar 27 17:28:58 2007
@@ -0,0 +1,32 @@
+--- sudo-1.6.8p8/auth/pam.c.sess 2005-05-24 16:38:35.976866872 +0200
++++ sudo-1.6.8p8/auth/pam.c 2005-05-24 16:39:50.061604280 +0200
+@@ -175,6 +175,8 @@
+ pam_prep_user(pw)
+ struct passwd *pw;
+ {
++ int error;
++
+ if (pamh == NULL)
+ pam_init(pw, NULL, NULL);
+
+@@ -195,6 +197,20 @@
+ */
+ (void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
+
++ /*
++ * That's enough initialize PAM session in this function, because
++ * sudo calls it before exec()
++ */
++ if ((error = pam_open_session(pamh, 0))!=PAM_SUCCESS) {
++ pam_end(pamh, error);
++ return(AUTH_FAILURE);
++ }
++ /*
++ * For example settings from pam_limits are persistent after pam_session_close() and
++ * it's probably more clean call pam_close_session() than omit it.
++ */
++ pam_close_session(pamh, 0);
++
+ if (pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT) == PAM_SUCCESS)
+ return(AUTH_SUCCESS);
+ else
================================================================
More information about the pld-cvs-commit
mailing list