Fix the environment handling:
However, there's still a bug in login.c because you copy the environment *before* the call to pam_open_session, which won't set the necessary variables set by /usr/ports/security/pam_ssh. Submitted by: Volker Stolz <stolz@hyperion.informatik.rwth-aachen.de>
This commit is contained in:
parent
00efe71bc7
commit
9567ba9dda
@ -575,18 +575,6 @@ main(argc, argv)
|
||||
if (!pflag)
|
||||
environ = envinit;
|
||||
|
||||
#ifdef USE_PAM
|
||||
/*
|
||||
* Add any environmental variables that the
|
||||
* PAM modules may have set.
|
||||
*/
|
||||
if (pamh) {
|
||||
environ_pam = pam_getenvlist(pamh);
|
||||
if (environ_pam)
|
||||
export_pam_environment();
|
||||
}
|
||||
#endif /* USE_PAM */
|
||||
|
||||
/*
|
||||
* PAM modules might add supplementary groups during pam_setcred().
|
||||
*/
|
||||
@ -606,6 +594,17 @@ main(argc, argv)
|
||||
pam_strerror(pamh, e));
|
||||
}
|
||||
|
||||
/*
|
||||
* Add any environmental variables that the
|
||||
* PAM modules may have set.
|
||||
* Call *after* opening session!
|
||||
*/
|
||||
if (pamh) {
|
||||
environ_pam = pam_getenvlist(pamh);
|
||||
if (environ_pam)
|
||||
export_pam_environment();
|
||||
}
|
||||
|
||||
/*
|
||||
* We must fork() before setuid() because we need to call
|
||||
* pam_close_session() as root.
|
||||
|
Loading…
Reference in New Issue
Block a user