From d3b45ae3f15b0e971ad8851f4408a13860063f3d Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Fri, 27 May 2005 05:59:02 +0000
Subject: [PATCH] Call pam_open_session() and pam_close_session() to give
 pam_limits a chance to run.  Idea from Karel Zak.

---
 auth/pam.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/auth/pam.c b/auth/pam.c
index 03779b704..7f88bf3ec 100644
--- a/auth/pam.c
+++ b/auth/pam.c
@@ -195,6 +195,18 @@ pam_prep_user(pw)
      */
     (void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
 
+    /*
+     * To fully utilize PAM sessions we would need to keep a
+     * sudo process around until the command exits.  However, we
+     * can at least cause pam_limits to be run by opening and then
+     * immediately closing the session.
+     */
+    if (pam_open_session(pamh, 0) != PAM_SUCCESS) {
+	(void) pam_end(pamh, error);
+	return(AUTH_FAILURE);
+    }
+    (void) pam_close_session(pamh, 0);
+
     if (pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT) == PAM_SUCCESS)
 	return(AUTH_SUCCESS);
     else
-- 
2.50.1