diff -up sudo-1.6.9p17/auth/pam.c.login sudo-1.6.9p17/auth/pam.c --- sudo-1.6.9p17/auth/pam.c.login 2008-02-22 21:19:45.000000000 +0100 +++ sudo-1.6.9p17/auth/pam.c 2008-07-04 15:34:17.000000000 +0200 @@ -98,7 +98,12 @@ pam_init(pw, promptp, auth) if (auth != NULL) auth->data = (VOID *) &pam_status; pam_conv.conv = sudo_conv; - pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh); +#ifdef HAVE_PAM_LOGIN + if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) + pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh); + else +#endif + pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh); if (pam_status != PAM_SUCCESS) { log_error(USE_ERRNO|NO_EXIT|NO_MAIL, "unable to initialize PAM"); return(AUTH_FATAL); diff -up sudo-1.6.9p17/env.c.login sudo-1.6.9p17/env.c --- sudo-1.6.9p17/env.c.login 2008-06-21 21:04:07.000000000 +0200 +++ sudo-1.6.9p17/env.c 2008-07-04 15:34:17.000000000 +0200 @@ -104,7 +104,7 @@ struct environment { /* * Prototypes */ -char **rebuild_env __P((char **, int, int)); +char **rebuild_env __P((char **, int)); static void insert_env __P((char *, struct environment *, int)); static char *format_env __P((char *, ...)); @@ -392,9 +392,8 @@ matches_env_keep(var) * Also adds sudo-specific variables (SUDO_*). */ char ** -rebuild_env(envp, sudo_mode, noexec) +rebuild_env(envp, noexec) char **envp; - int sudo_mode; int noexec; { char **ep, *cp, *ps1; diff -up sudo-1.6.9p17/configure.in.login sudo-1.6.9p17/configure.in --- sudo-1.6.9p17/configure.in.login 2008-06-22 22:23:56.000000000 +0200 +++ sudo-1.6.9p17/configure.in 2008-07-04 15:34:17.000000000 +0200 @@ -366,6 +366,17 @@ AC_ARG_WITH(pam, [ --with-pam ;; esac]) +AC_ARG_WITH(pam-login, [ --with-pam-login enable specific PAM session for sudo -i], +[case $with_pam_login in + yes) AC_DEFINE([HAVE_PAM_LOGIN], [], ["Define to 1 if you use specific PAM session for sodo -i."]) + AC_MSG_CHECKING(whether to use PAM login) + AC_MSG_RESULT(yes) + ;; + no) ;; + *) AC_MSG_ERROR(["--with-pam-login does not take an argument."]) + ;; +esac]) + AC_ARG_WITH(AFS, [ --with-AFS enable AFS support], [case $with_AFS in yes) AC_DEFINE(HAVE_AFS) diff -up sudo-1.6.9p17/sudo.h.login sudo-1.6.9p17/sudo.h --- sudo-1.6.9p17/sudo.h.login 2008-02-09 15:44:48.000000000 +0100 +++ sudo-1.6.9p17/sudo.h 2008-07-04 15:34:17.000000000 +0200 @@ -281,6 +281,7 @@ extern struct passwd *auth_pw; extern FILE *sudoers_fp; extern int tgetpass_flags; extern uid_t timestamp_uid; +extern int sudo_mode; #endif #ifndef errno extern int errno; diff -up sudo-1.6.9p17/sudo.c.login sudo-1.6.9p17/sudo.c --- sudo-1.6.9p17/sudo.c.login 2008-06-21 21:04:07.000000000 +0200 +++ sudo-1.6.9p17/sudo.c 2008-07-04 16:01:43.000000000 +0200 @@ -125,7 +125,7 @@ static void usage_excl __P((int)); static struct passwd *get_authpw __P((void)); extern int sudo_edit __P((int, char **, char **)); extern void list_matches __P((void)); -extern char **rebuild_env __P((char **, int, int)); +extern char **rebuild_env __P((char **, int)); extern void validate_env_vars __P((struct list_member *)); extern char **insert_env_vars __P((char **, struct list_member *)); extern struct passwd *sudo_getpwnam __P((const char *)); @@ -156,7 +156,7 @@ login_cap_t *lc; char *login_style; #endif /* HAVE_BSD_AUTH_H */ sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp; - +int sudo_mode; int main(argc, argv, envp) @@ -167,7 +167,6 @@ main(argc, argv, envp) int validated; int fd; int cmnd_status; - int sudo_mode; int pwflag; sigaction_t sa; extern int printmatches; @@ -345,7 +344,7 @@ main(argc, argv, envp) def_env_reset = FALSE; /* Build a new environment that avoids any nasty bits. */ - environ = rebuild_env(environ, sudo_mode, ISSET(validated, FLAG_NOEXEC)); + environ = rebuild_env(envp, ISSET(validated, FLAG_NOEXEC)); /* Fill in passwd struct based on user we are authenticating as. */ auth_pw = get_authpw();