From: Todd C. Miller Date: Fri, 27 May 2005 05:59:02 +0000 (+0000) Subject: Call pam_open_session() and pam_close_session() to give pam_limits a X-Git-Tag: SUDO_1_7_0~645 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d3b45ae3f15b0e971ad8851f4408a13860063f3d;p=sudo Call pam_open_session() and pam_close_session() to give pam_limits a chance to run. Idea from Karel Zak. --- diff --git a/auth/pam.c b/auth/pam.c index 03779b704..7f88bf3ec 100644 --- a/auth/pam.c +++ b/auth/pam.c @@ -195,6 +195,18 @@ pam_prep_user(pw) */ (void) pam_setcred(pamh, PAM_ESTABLISH_CRED); + /* + * To fully utilize PAM sessions we would need to keep a + * sudo process around until the command exits. However, we + * can at least cause pam_limits to be run by opening and then + * immediately closing the session. + */ + if (pam_open_session(pamh, 0) != PAM_SUCCESS) { + (void) pam_end(pamh, error); + return(AUTH_FAILURE); + } + (void) pam_close_session(pamh, 0); + if (pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT) == PAM_SUCCESS) return(AUTH_SUCCESS); else