[PATCH] Export PAM environment to shell

[Denys Vlasenko]

On Thu, Mar 31, 2011 at 1:00 AM, Ryan Phillips <ryan at trolocsis.com> wrote:
> Denys Vlasenko <vda.linux at googlemail.com> said:
>> On Tuesday 15 March 2011 16:28, Ryan Phillips wrote:
>> > Hi!
>> >
>> > Here is a patch to export the PAM environment to the shell. This patch is needed
>> > for certain PAM modules that manipulate environment variables.
>>
>> Since you only need to do it in login, can you put necessary
>> code in login.c, instead of touching so many other files too?
>
> Denys,
>
> The function that is called is a shared API call to other applications. IIRC,
> the modified function does a clearenv() so I believe this modification will need
> an API change.

I don't understand your explanation.

You added the following to setup_environment():

-void FAST_FUNC setup_environment(const char *shell, int flags, const
struct passwd *pw)
+void FAST_FUNC setup_environment(const char *shell, int flags, const
struct passwd *pw, char **pam_envlist )
...
+       if (pam_envlist) {
+               int i;
+               for (i=0; pam_envlist[i] != NULL; i++) {
+                       putenv(pam_envlist[i]);
+               }
+       }
 }


In su and crontab, you pass pam_envlist = NULL. Which means
setup_environment() actions won't change for these applets.

Only in login you pass non-NULL:

+
+               /* Get PAM environment */
+               pam_envlist = pam_getenvlist(pamh);
+
...
        setup_environment(pw->pw_shell,
                        (!(opt & LOGIN_OPT_p) * SETUP_ENV_CLEARENV) +
SETUP_ENV_CHANGEENV,
-                       pw);
+                       pw,
+                       pam_envlist);

Question:

Why don't you just add this code block directly in login.c?
What's the point adding it in setup_environment()?

-- 
vda