File libgnomesu-reorder-pam-init.patch of Package libgnomesu.1421

Index: libgnomesu-1.0.0/pam-backend/pam.c
===================================================================
--- libgnomesu-1.0.0.orig/pam-backend/pam.c
+++ libgnomesu-1.0.0/pam-backend/pam.c
@@ -323,18 +323,25 @@ main (int argc, char *argv[])
 		char **command = argv + 4;
 		pid_t pid;
 		int exitCode = 1, status;
+		int setcred = 0;
 
-		modify_environment (pw);
-		#ifdef HAVE_SETFSUID
-		setfsuid (pw->pw_uid);
-		#endif /* HAVE_SETFSUID */
-		change_identity (pw);
+		init_groups (pw);
 
 		retval = pam_setcred (pamh, PAM_ESTABLISH_CRED);
 		if (retval != PAM_SUCCESS)
 			fprintf (stderr, "Warning: %s\n", pam_strerror (pamh, retval));
+		else
+			setcred = 1;
 
 		pam_open_session (pamh, 0);
+
+		#ifdef HAVE_SETFSUID
+		setfsuid (pw->pw_uid);
+		#endif /* HAVE_SETFSUID */
+		change_identity (pw);
+
+		modify_environment (pw);
+
 		pid = fork ();
 		switch (pid)
 		{
@@ -364,6 +371,8 @@ main (int argc, char *argv[])
 			break;
 		}
 		pam_close_session (pamh, 0);
+		if (setcred)
+			pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT);
 		close_pam (pamh, retval);
 
 		/* evecvp() failed */
Index: libgnomesu-1.0.0/su-backend/common.c
===================================================================
--- libgnomesu-1.0.0.orig/su-backend/common.c
+++ libgnomesu-1.0.0/su-backend/common.c
@@ -223,13 +223,18 @@ modify_environment (const struct passwd
 
 /* Become the user and group(s) specified by PW.  */
 void
-change_identity (const struct passwd *pw)
+init_groups (const struct passwd *pw)
 {
 #ifdef HAVE_INITGROUPS
 	errno = 0;
 	initgroups (pw->pw_name, pw->pw_gid);
 	endgrent ();
 #endif
+}
+
+void
+change_identity (const struct passwd *pw)
+{
 	if (setgid (pw->pw_gid))
 		perror ("cannot set group id");
 	if (setuid (pw->pw_uid))
Index: libgnomesu-1.0.0/su-backend/common.h
===================================================================
--- libgnomesu-1.0.0.orig/su-backend/common.h
+++ libgnomesu-1.0.0/su-backend/common.h
@@ -30,6 +30,7 @@ char *concat (const char *s1, const char
 void xputenv (const char *val);
 void init_xauth (const struct passwd *pw);
 void setup_xauth (const struct passwd *pw);
+void init_groups (const struct passwd *pw);
 void change_identity (const struct passwd *pw);
 void modify_environment (const struct passwd *pw);
 void *safe_memset (void *s, int c, size_t n);
Index: libgnomesu-1.0.0/su-backend/su.c
===================================================================
--- libgnomesu-1.0.0.orig/su-backend/su.c
+++ libgnomesu-1.0.0/su-backend/su.c
@@ -322,6 +322,7 @@ main (int argc, char **argv)
 
   init_xauth (pw);
   modify_environment (pw);
+  init_groups (pw);
   change_identity (pw);
   setup_xauth (pw);
openSUSE Build Service is sponsored by