1
Description: Merge the PAM environment into the user environment
2
Variables unique to the PAM environment are merged into the user
3
environment. None of the user's environment is overwritten.
4
Origin: backport, http://www.sudo.ws/repos/sudo/rev/15abe30f755d
5
Origin: backport, http://www.sudo.ws/repos/sudo/rev/3319c6cce1e7
6
Origin: backport, http://www.sudo.ws/repos/sudo/rev/078bee18fec1
8
Index: sudo-1.8.3p1/config.h.in
9
===================================================================
10
--- sudo-1.8.3p1.orig/config.h.in 2012-05-17 13:28:18.805606789 -0500
11
+++ sudo-1.8.3p1/config.h.in 2012-05-17 13:28:25.245638726 -0500
13
/* Define to 1 if you use PAM authentication. */
16
+/* Define to 1 if you have the `pam_getenvlist' function. */
17
+#undef HAVE_PAM_GETENVLIST
19
/* Define to 1 if you use a specific PAM session for sudo -i. */
22
Index: sudo-1.8.3p1/configure
23
===================================================================
24
--- sudo-1.8.3p1.orig/configure 2012-05-17 13:28:18.817606850 -0500
25
+++ sudo-1.8.3p1/configure 2012-05-17 13:28:25.257638788 -0500
26
@@ -17899,6 +17899,21 @@
29
if test "$with_pam" = "yes"; then
30
+ # Older PAM implementations lack pam_getenvlist
32
+ LIBS="$LIBS -lpam $lt_cv_dlopen_libs"
33
+ for ac_func in pam_getenvlist
35
+ ac_fn_c_check_func "$LINENO" "pam_getenvlist" "ac_cv_func_pam_getenvlist"
36
+if test "x$ac_cv_func_pam_getenvlist" = xyes; then :
37
+ cat >>confdefs.h <<_ACEOF
38
+#define HAVE_PAM_GETENVLIST 1
45
$as_echo "#define HAVE_PAM 1" >>confdefs.h
47
AUTH_OBJS="$AUTH_OBJS pam.lo";
48
Index: sudo-1.8.3p1/configure.in
49
===================================================================
50
--- sudo-1.8.3p1.orig/configure.in 2012-05-17 13:28:18.741606474 -0500
51
+++ sudo-1.8.3p1/configure.in 2012-05-17 13:28:25.265638824 -0500
52
@@ -2365,6 +2365,11 @@
54
AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
55
if test "$with_pam" = "yes"; then
56
+ # Older PAM implementations lack pam_getenvlist
58
+ LIBS="$LIBS -lpam $lt_cv_dlopen_libs"
59
+ AC_CHECK_FUNCS(pam_getenvlist)
62
AUTH_OBJS="$AUTH_OBJS pam.lo";
64
Index: sudo-1.8.3p1/plugins/sudoers/sudoers.c
65
===================================================================
66
--- sudo-1.8.3p1.orig/plugins/sudoers/sudoers.c 2012-05-17 13:28:18.789606714 -0500
67
+++ sudo-1.8.3p1/plugins/sudoers/sudoers.c 2012-05-17 13:28:25.269638848 -0500
69
NewArgv[1] = "--login";
72
-#if defined(__linux__) || defined(_AIX)
73
+#if defined(_AIX) || (defined(__linux__) && !defined(HAVE_PAM))
74
/* Insert system-wide environment variables. */
75
read_env_file(_PATH_ENVIRONMENT, TRUE);
77
Index: sudo-1.8.3p1/plugins/sudoers/auth/pam.c
78
===================================================================
79
--- sudo-1.8.3p1.orig/plugins/sudoers/auth/pam.c 2012-05-17 13:28:18.761606572 -0500
80
+++ sudo-1.8.3p1/plugins/sudoers/auth/pam.c 2012-05-17 13:28:25.269638848 -0500
83
pam_begin_session(struct passwd *pw, sudo_auth *auth)
85
+#ifdef HAVE_PAM_GETENVLIST
88
int status = PAM_SUCCESS;
93
(void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
95
+#ifdef HAVE_PAM_GETENVLIST
97
+ * Update environment based on what is stored in pamh.
98
+ * If no authentication is done we will only have environment
99
+ * variables if pam_env is called via session.
101
+ if ((pam_envp = pam_getenvlist(pamh)) != NULL) {
102
+ /* Merge pam env with user env but do not overwrite. */
103
+ env_merge(pam_envp, FALSE);
105
+ /* XXX - we leak any duplicates that were in pam_envp */
107
+#endif /* HAVE_PAM_GETENVLIST */
109
#ifndef NO_PAM_SESSION
110
status = pam_open_session(pamh, 0);
111
if (status != PAM_SUCCESS) {
112
Index: sudo-1.8.3p1/plugins/sudoers/env.c
113
===================================================================
114
--- sudo-1.8.3p1.orig/plugins/sudoers/env.c 2012-05-17 13:28:18.749606510 -0500
115
+++ sudo-1.8.3p1/plugins/sudoers/env.c 2012-05-17 13:28:25.273638863 -0500
120
+ * Merge another environment with our private copy.
123
+env_merge(char * const envp[], int overwrite)
127
+ for (ep = envp; *ep != NULL; ep++)
128
+ sudo_putenv(*ep, TRUE, overwrite);
132
* Check the env_delete blacklist.
133
* Returns TRUE if the variable was found, else false.
135
Index: sudo-1.8.3p1/plugins/sudoers/sudoers.h
136
===================================================================
137
--- sudo-1.8.3p1.orig/plugins/sudoers/sudoers.h 2012-05-17 13:28:18.777606649 -0500
138
+++ sudo-1.8.3p1/plugins/sudoers/sudoers.h 2012-05-17 13:28:25.273638863 -0500
141
char **env_get(void);
142
void env_init(char * const envp[]);
143
+void env_merge(char * const envp[], int overwrite);
144
void init_envtables(void);
145
void insert_env_vars(char * const envp[]);
146
void read_env_file(const char *, int);