From 7f9da8948b37d24821cff6a998a6f239d41bca4c Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Fri, 30 Mar 2012 12:47:42 -0400
Subject: [PATCH] For PAM authentication, merge the PAM environment with the
 user environment in pam_begin_session().

--HG--
branch : 1.7
---
 auth/pam.c | 17 +++++++++++++++++
 env.c      | 12 ++++++++++++
 sudo.h     |  1 +
 3 files changed, 30 insertions(+)

diff --git a/auth/pam.c b/auth/pam.c
index 39d658e5d..89e9fa99e 100644
--- a/auth/pam.c
+++ b/auth/pam.c
@@ -206,6 +206,9 @@ int
 pam_begin_session(pw)
     struct passwd *pw;
 {
+#ifdef HAVE_PAM_GETENVLIST
+    char **pam_envp;
+#endif
     int status = PAM_SUCCESS;
 
     /*
@@ -237,6 +240,20 @@ pam_begin_session(pw)
      */
     (void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
 
+#ifdef HAVE_PAM_GETENVLIST
+    /*
+     * Update environment based on what is stored in pamh.
+     * If no authentication is done we will only have environment
+     * variables if pam_env is called via session.
+     */
+    if ((pam_envp = pam_getenvlist(pamh)) != NULL) {
+	/* Merge pam env with user env but do not overwrite. */
+	env_merge(pam_envp, FALSE);
+	efree(pam_envp);
+	/* XXX - we leak any duplicates that were in pam_envp */
+    }
+#endif /* HAVE_PAM_GETENVLIST */
+
 #ifndef NO_PAM_SESSION
     status = pam_open_session(pamh, 0);
     if (status != PAM_SUCCESS) {
diff --git a/env.c b/env.c
index 95bd84a81..962ade147 100644
--- a/env.c
+++ b/env.c
@@ -496,6 +496,18 @@ sudo_putenv(str, dupcheck, overwrite)
     }
 }
 
+/*
+ * Merge another environment with our private copy.
+ */
+void
+env_merge(char * const envp[], int overwrite)
+{
+    char * const *ep;
+  
+    for (ep = envp; *ep != NULL; ep++)
+	sudo_putenv(*ep, TRUE, overwrite);
+}
+
 /*
  * Check the env_delete blacklist.
  * Returns TRUE if the variable was found, else false.
diff --git a/sudo.h b/sudo.h
index 19eaeba1d..b106162d4 100644
--- a/sudo.h
+++ b/sudo.h
@@ -226,6 +226,7 @@ void remove_timestamp	__P((int));
 /* env.c */
 char **env_get		__P((void));
 void env_init		__P((int lazy));
+void env_merge		__P((char * const envp[], int overwrite));
 void init_envtables	__P((void));
 void insert_env_vars	__P((struct list_member *));
 void read_env_file	__P((const char *, int));
-- 
2.40.0