From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sat, 17 Aug 2013 12:22:46 +0000 (-0600)
Subject: Call pam_getenvlist() after we've opened the session to get the
X-Git-Tag: SUDO_1_8_8^2~41
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f72f47aa1d5117d3729a6675fb78e17fbfff4336;p=sudo

Call pam_getenvlist() after we've opened the session to get the
session-specific environment variables.
---

diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c
index b80190d7e..ba4f9e55f 100644
--- a/plugins/sudoers/auth/pam.c
+++ b/plugins/sudoers/auth/pam.c
@@ -240,6 +240,15 @@ sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth)
     if (def_pam_setcred)
 	(void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
 
+    if (def_pam_session) {
+	*pam_status = pam_open_session(pamh, 0);
+	if (*pam_status != PAM_SUCCESS) {
+	    (void) pam_end(pamh, *pam_status | PAM_DATA_SILENT);
+	    pamh = NULL;
+	    status = AUTH_FAILURE;
+	}
+    }
+
 #ifdef HAVE_PAM_GETENVLIST
     /*
      * Update environment based on what is stored in pamh.
@@ -260,15 +269,6 @@ sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth)
     }
 #endif /* HAVE_PAM_GETENVLIST */
 
-    if (def_pam_session) {
-	*pam_status = pam_open_session(pamh, 0);
-	if (*pam_status != PAM_SUCCESS) {
-	    (void) pam_end(pamh, *pam_status | PAM_DATA_SILENT);
-	    pamh = NULL;
-	    status = AUTH_FAILURE;
-	}
-    }
-
 done:
     debug_return_int(status);
 }