is to compile noexec support if libtool supports building
shared objects on your OS.
+ --disable-pam-session
+ Disable sudo's PAM session support. This may be needed on
+ older PAM implementations or on operating systems where
+ opening a PAM session changes the utmp or wtmp files. If
+ PAM session support is disabled, resource limits may not
+ be updatedin for command being run.
+
--disable-root-mailer
By default sudo will run the mailer as root when tattling
on a user so as to prevent that user from killing the mailer.
*/
(void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
+#ifndef NO_PAM_SESSION
/*
* To fully utilize PAM sessions we would need to keep a
* sudo process around until the command exits. However, we
return(AUTH_FAILURE);
}
(void) pam_close_session(pamh, 0);
+#endif
if (pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT) == PAM_SUCCESS)
return(AUTH_SUCCESS);
sudo. */
#undef NO_LECTURE
+/* Define to 1 if you don't want to use sudo's PAM session support. */
+#undef NO_PAM_SESSION
+
/* Define to avoid runing the mailer as root. */
#undef NO_ROOT_MAILER
AC_DEFINE(HAVE_PAM)
AUTH_OBJS="$AUTH_OBJS pam.o";
AUTH_EXCL=PAM
+ AC_MSG_CHECKING(whether to use PAM session support)
+ AC_ARG_ENABLE(pam_session,
+ [ --disable-pam-session Disable PAM session support],
+ [ case "$enableval" in
+ yes) AC_MSG_RESULT(yes)
+ ;;
+ no) AC_MSG_RESULT(no)
+ AC_DEFINE(NO_PAM_SESSION)
+ ;;
+ *) AC_MSG_RESULT(no)
+ AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
+ ;;
+ esac], AC_MSG_RESULT(yes))
fi
fi
projects / sudo / commitdiff