From b0be9895d966cdcf47bb76e33e363e90dd1a4fff Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Wed, 11 May 2016 15:01:45 -0600
Subject: [PATCH] Now that pam_open_session() failure is fatal we should print
 and log an error from it.  Bug #744

---
 plugins/sudoers/auth/pam.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c
index 679f0c02a..502703e2f 100644
--- a/plugins/sudoers/auth/pam.c
+++ b/plugins/sudoers/auth/pam.c
@@ -303,10 +303,11 @@ sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth)
 	*pam_status = pam_open_session(pamh, 0);
 	if (*pam_status != PAM_SUCCESS) {
 	    const char *errstr = pam_strerror(pamh, *pam_status);
-	    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
-		"pam_open_session: %s", errstr ? errstr : "unknown error");
+	    log_warningx(0, N_("pam_open_session: %s"),
+		errstr ? errstr : "unknown error");
 	    rc = pam_end(pamh, *pam_status | PAM_DATA_SILENT);
 	    if (rc != PAM_SUCCESS) {
+		errstr = pam_strerror(pamh, rc);
 		sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
 		    "pam_end: %s", errstr ? errstr : "unknown error");
 	    }
-- 
2.40.0