Now that pam_open_session() failure is fatal we should print and log

an error from it.  Bug #744

diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c
index 679f0c02ac86483a02035f9c22e9b51399e64160..502703e2f8c883757ed379d21c90e120c7d1d2b4 100644 (file)
--- a/plugins/sudoers/auth/pam.c
+++ b/plugins/sudoers/auth/pam.c
@@ -303,10 +303,11 @@ sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth)
        *pam_status = pam_open_session(pamh, 0);
        if (*pam_status != PAM_SUCCESS) {
            const char *errstr = pam_strerror(pamh, *pam_status);
-           sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
-               "pam_open_session: %s", errstr ? errstr : "unknown error");
+           log_warningx(0, N_("pam_open_session: %s"),
+               errstr ? errstr : "unknown error");
            rc = pam_end(pamh, *pam_status | PAM_DATA_SILENT);
            if (rc != PAM_SUCCESS) {
+               errstr = pam_strerror(pamh, rc);
                sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
                    "pam_end: %s", errstr ? errstr : "unknown error");
            }