diff -up sudo-1.6.9p17/auth/pam.c.login sudo-1.6.9p17/auth/pam.c
--- sudo-1.6.9p17/auth/pam.c.login 2008-02-22 21:19:45.000000000 +0100
+++ sudo-1.6.9p17/auth/pam.c 2008-07-04 15:34:17.000000000 +0200
@@ -98,7 +98,12 @@ pam_init(pw, promptp, auth)
if (auth != NULL)
auth->data = (VOID *) &pam_status;
pam_conv.conv = sudo_conv;
- pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
+#ifdef HAVE_PAM_LOGIN
+ if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
+ pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh);
+ else
+#endif
+ pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
if (pam_status != PAM_SUCCESS) {
log_error(USE_ERRNO|NO_EXIT|NO_MAIL, "unable to initialize PAM");
return(AUTH_FATAL);
diff -up sudo-1.6.9p17/env.c.login sudo-1.6.9p17/env.c
--- sudo-1.6.9p17/env.c.login 2008-06-21 21:04:07.000000000 +0200
+++ sudo-1.6.9p17/env.c 2008-07-04 15:34:17.000000000 +0200
@@ -104,7 +104,7 @@ struct environment {
/*
* Prototypes
*/
-char **rebuild_env __P((char **, int, int));
+char **rebuild_env __P((char **, int));
static void insert_env __P((char *, struct environment *, int));
static char *format_env __P((char *, ...));
@@ -392,9 +392,8 @@ matches_env_keep(var)
* Also adds sudo-specific variables (SUDO_*).
*/
char **
-rebuild_env(envp, sudo_mode, noexec)
+rebuild_env(envp, noexec)
char **envp;
- int sudo_mode;
int noexec;
{
char **ep, *cp, *ps1;
diff -up sudo-1.6.9p17/configure.in.login sudo-1.6.9p17/configure.in
--- sudo-1.6.9p17/configure.in.login 2008-06-22 22:23:56.000000000 +0200
+++ sudo-1.6.9p17/configure.in 2008-07-04 15:34:17.000000000 +0200
@@ -366,6 +366,17 @@ AC_ARG_WITH(pam, [ --with-pam
;;
esac])
+AC_ARG_WITH(pam-login, [ --with-pam-login enable specific PAM session for sudo -i],
+[case $with_pam_login in
+ yes) AC_DEFINE([HAVE_PAM_LOGIN], [], ["Define to 1 if you use specific PAM session for sodo -i."])
+ AC_MSG_CHECKING(whether to use PAM login)
+ AC_MSG_RESULT(yes)
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-pam-login does not take an argument."])
+ ;;
+esac])
+
AC_ARG_WITH(AFS, [ --with-AFS enable AFS support],
[case $with_AFS in
yes) AC_DEFINE(HAVE_AFS)
diff -up sudo-1.6.9p17/sudo.h.login sudo-1.6.9p17/sudo.h
--- sudo-1.6.9p17/sudo.h.login 2008-02-09 15:44:48.000000000 +0100
+++ sudo-1.6.9p17/sudo.h 2008-07-04 15:34:17.000000000 +0200
@@ -281,6 +281,7 @@ extern struct passwd *auth_pw;
extern FILE *sudoers_fp;
extern int tgetpass_flags;
extern uid_t timestamp_uid;
+extern int sudo_mode;
#endif
#ifndef errno
extern int errno;
diff -up sudo-1.6.9p17/sudo.c.login sudo-1.6.9p17/sudo.c
--- sudo-1.6.9p17/sudo.c.login 2008-06-21 21:04:07.000000000 +0200
+++ sudo-1.6.9p17/sudo.c 2008-07-04 16:01:43.000000000 +0200
@@ -125,7 +125,7 @@ static void usage_excl __P((int));
static struct passwd *get_authpw __P((void));
extern int sudo_edit __P((int, char **, char **));
extern void list_matches __P((void));
-extern char **rebuild_env __P((char **, int, int));
+extern char **rebuild_env __P((char **, int));
extern void validate_env_vars __P((struct list_member *));
extern char **insert_env_vars __P((char **, struct list_member *));
extern struct passwd *sudo_getpwnam __P((const char *));
@@ -156,7 +156,7 @@ login_cap_t *lc;
char *login_style;
#endif /* HAVE_BSD_AUTH_H */
sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp;
-
+int sudo_mode;
int
main(argc, argv, envp)
@@ -167,7 +167,6 @@ main(argc, argv, envp)
int validated;
int fd;
int cmnd_status;
- int sudo_mode;
int pwflag;
sigaction_t sa;
extern int printmatches;
@@ -345,7 +344,7 @@ main(argc, argv, envp)
def_env_reset = FALSE;
/* Build a new environment that avoids any nasty bits. */
- environ = rebuild_env(environ, sudo_mode, ISSET(validated, FLAG_NOEXEC));
+ environ = rebuild_env(envp, ISSET(validated, FLAG_NOEXEC));
/* Fill in passwd struct based on user we are authenticating as. */
auth_pw = get_authpw();