diff -ur apache_1.3.27/src/support/Makefile.tmpl apache_1.3.27.old/src/support/Makefile.tmpl~ --- apache_1.3.27/src/support/Makefile.tmpl Sat Mar 2 20:46:23 2002 +++ apache_1.3.27.old/src/support/Makefile.tmpl Mon Nov 4 14:33:14 2002 @@ -49,6 +49,8 @@ -e 's%@LDFLAGS_MOD_SHLIB@%$(LDFLAGS_MOD_SHLIB)%g' \ -e 's%@LIBS_SHLIB@%$(LIBS_SHLIB)%g' && chmod a+x apxs +suexec: CFLAGS += -DSUEXEC_PAM_SESSION +suexec: LIBS += -lpam suexec: suexec.o $(CC) $(CFLAGS) -o suexec $(LDFLAGS) suexec.o $(LIBS) diff -ur apache_1.3.27/src/support/suexec.c apache_1.3.27.old/src/support/suexec.c --- apache_1.3.27/src/support/suexec.c Mon Nov 4 14:30:16 2002 +++ apache_1.3.27.old/src/support/suexec.c Mon Nov 4 14:35:45 2002 @@ -92,6 +92,10 @@ #include #include +#ifdef SUEXEC_PAM_SESSION +#include +#endif + #include "suexec.h" /* @@ -848,6 +852,43 @@ #endif /* SUEXEC_UMASK */ clean_env(); +#ifdef SUEXEC_PAM_SESSION + /* + * Use PAM session support. Initial goal was to use the pam_limits module. + */ + +#ifndef PAM_SERVICE_NAME +#define PAM_SERVICE_NAME "suexec" +#endif /* PAM_SERVICE_NAME */ + +#define PAM_CALL(call, name, err_code, do_end) \ + do \ + { \ + rc = (call); \ + if (rc != PAM_SUCCESS) \ + { \ + log_err("error: %s(): [%d] %s\n", (name), rc, pam_strerror(pamh, rc)); \ + (do_end) && pam_end(pamh, rc); \ + exit(err_code); \ + } \ + } while (0) + + { + int rc; + pam_handle_t *pamh = NULL; + struct pam_conv pamc = { NULL, NULL }; + + PAM_CALL(pam_start(PAM_SERVICE_NAME, actual_uname, &pamc, &pamh), + "pam_start", 241, 0); + PAM_CALL(pam_open_session(pamh, 0), "pam_open_session", 242, 1); + PAM_CALL(pam_close_session(pamh, 0), "pam_close_session", 243, 1); + PAM_CALL(pam_end(pamh, 0), "pam_end", 244, 0); + } + +#undef PAM_CALL +#undef PAM_SERVICE_NAME +#endif /* SUEXEC_PAM_SESSION */ + /* * Be sure to close the log file so the CGI can't * mess with it. If the exec fails, it will be reopened