From 061334771b143b7f47caccba8525be6e041a252f Mon Sep 17 00:00:00 2001
From: Dave Olson <olson@cumulusnetworks.com>
Date: Wed, 21 Jun 2017 20:00:05 -0700
Subject: Fix problem with sudo, su, etc. in pam_script scripts

The flat file was overwritten on su, sudo, etc.  Fixed that.

The flat file was removed on exit from su, sudo, etc.  I've
temporarily worked around that by not cleaning up.  Need to do
a better job, but this will let testing continue.
---
 pam_script_ses_close | 6 +++++-
 pam_script_ses_open  | 5 ++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/pam_script_ses_close b/pam_script_ses_close
index a59664c..a806d2c 100755
--- a/pam_script_ses_close
+++ b/pam_script_ses_close
@@ -55,8 +55,12 @@ file=$dbdir/$sess
    [ "$auid" != "$fauid" -o "$sess" != "$fsess" ] &&
      logger -t $0 "Session $sess mismatch auid $auid,$fauid session $sess,$fsess"
 
-   rm -f $file
+   #OLSON rm -f $file
    }
 
+# OLSON, probably need to gc all files on exit from any, because
+# original PID is always gone, but we don't want to remove on exit
+# from su, sudo, etc.
+
 # always succeed, this should not cause sessions shutdown errors
 exit 0
diff --git a/pam_script_ses_open b/pam_script_ses_open
index 6bdf57e..731e250 100755
--- a/pam_script_ses_open
+++ b/pam_script_ses_open
@@ -54,7 +54,10 @@ fi
 hdir=$(eval echo ~$PAM_USER)
 [ -d "$hdir" ] || /sbin/mkhomedir_helper $PAM_USER
 
-date +"%FT%T.%N%nuser=$PAM_USER%npid=$$%nauid=$auid%nsession=$sess%nhome=$hdir" \
+# don't overwrite if it already exists.  Happens when sudo or su
+# is run from an existing mapped session.
+[ -s $dbdir/$sess ] || \
+   date +"%FT%T.%N%nuser=$PAM_USER%npid=$$%nauid=$auid%nsession=$sess%nhome=$hdir" \
    > $dbdir/$sess
 
 # always succeed, this should not block sessions on errors
-- 
cgit v1.2.3