From 50d89747538702dc04f468e4d0567a1629a0641f Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Thu, 6 Nov 2008 00:08:24 +0000
Subject: [PATCH] Unset AUTHSTATE after calling authenticate() as it may not be
 correct for the user we are running the command as.

---
 auth/aix_auth.c | 2 ++
 env.c           | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/auth/aix_auth.c b/auth/aix_auth.c
index 05bc369d1..38f80c380 100644
--- a/auth/aix_auth.c
+++ b/auth/aix_auth.c
@@ -70,6 +70,8 @@ aixauth_verify(pw, prompt, auth)
 	/* XXX - should probably print message on failure. */
 	if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
 	    rval = AUTH_SUCCESS;
+	/* Unset AUTHSTATE as it may not be correct for the runas user. */
+	sudo_unsetenv("AUTHSTATE");
 	free(message);
 	zero_bytes(pass, strlen(pass));
     }
diff --git a/env.c b/env.c
index 27434e7be..03ec79fa1 100644
--- a/env.c
+++ b/env.c
@@ -133,6 +133,7 @@ static const char *initial_badenv_table[] = {
 #ifdef _AIX
     "LDR_*",
     "LIBPATH",
+    "AUTHSTATE",
 #endif
 #ifdef __APPLE__
     "DYLD_*",
@@ -292,7 +293,9 @@ sudo_setenv(var, val, dupcheck)
     }
     insert_env(estring, dupcheck, TRUE);
 }
+#endif /* HAVE_LDAP */
 
+#if defined(HAVE_LDAP) || defined(HAVE_AIXAUTH)
 /*
  * Similar to unsetenv(3) but operates on sudo's private copy of the
  * environment.
@@ -319,7 +322,7 @@ sudo_unsetenv(var)
 	}
     }
 }
-#endif /* HAVE_LDAP */
+#endif /* HAVE_LDAP || HAVE_AIXAUTH */
 
 /*
  * Insert str into env.envp, assumes str has an '=' in it.
-- 
2.40.0