From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Wed, 11 May 2016 21:01:45 +0000 (-0600)
Subject: Now that pam_open_session() failure is fatal we should print and log
X-Git-Tag: SUDO_1_8_17^2~69
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b0be9895d966cdcf47bb76e33e363e90dd1a4fff;p=sudo

Now that pam_open_session() failure is fatal we should print and log
an error from it.  Bug #744
---

diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c
index 679f0c02a..502703e2f 100644
--- a/plugins/sudoers/auth/pam.c
+++ b/plugins/sudoers/auth/pam.c
@@ -303,10 +303,11 @@ sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth)
 	*pam_status = pam_open_session(pamh, 0);
 	if (*pam_status != PAM_SUCCESS) {
 	    const char *errstr = pam_strerror(pamh, *pam_status);
-	    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
-		"pam_open_session: %s", errstr ? errstr : "unknown error");
+	    log_warningx(0, N_("pam_open_session: %s"),
+		errstr ? errstr : "unknown error");
 	    rc = pam_end(pamh, *pam_status | PAM_DATA_SILENT);
 	    if (rc != PAM_SUCCESS) {
+		errstr = pam_strerror(pamh, rc);
 		sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
 		    "pam_end: %s", errstr ? errstr : "unknown error");
 	    }