From 166a678fea3e2301a9be4ba72c5b7f7183615065 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 15 Nov 2024 15:08:15 +0100
Subject: [PATCH] pam_systemd: split out setting of shell env vars from
 credentials and move it later

Let's shorten the code of pam_sm_open_session() a bit, and also make
sure the importing of the env vars from the creds also happens if the
session registration with logind is skipped.
---
 src/login/pam_systemd.c | 38 +++++++++++++++++++++++++-------------
 1 file changed, 25 insertions(+), 13 deletions(-)

diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
index e218fdbc0c4..b9b257df00e 100644
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -948,6 +948,27 @@ static int create_session_message(
         return 0;
 }
 
+static int import_shell_credentials(pam_handle_t *handle) {
+
+        static const char *const propagate[] = {
+                "shell.prompt.prefix", "SHELL_PROMPT_PREFIX",
+                "shell.prompt.suffix", "SHELL_PROMPT_SUFFIX",
+                "shell.welcome",       "SHELL_WELCOME",
+                NULL
+        };
+        int r;
+
+        assert(handle);
+
+        STRV_FOREACH_PAIR(k, v, propagate) {
+                r = propagate_credential_to_environment(handle, *k, *v);
+                if (r != PAM_SUCCESS)
+                        return r;
+        }
+
+        return PAM_SUCCESS;
+}
+
 _public_ PAM_EXTERN int pam_sm_open_session(
                 pam_handle_t *handle,
                 int flags,
@@ -1234,19 +1255,6 @@ _public_ PAM_EXTERN int pam_sm_open_session(
         if (r != PAM_SUCCESS)
                 return r;
 
-        static const char *const propagate[] = {
-                "shell.prompt.prefix", "SHELL_PROMPT_PREFIX",
-                "shell.prompt.suffix", "SHELL_PROMPT_SUFFIX",
-                "shell.welcome",       "SHELL_WELCOME",
-                NULL
-        };
-
-        STRV_FOREACH_PAIR(k, v, propagate) {
-                r = propagate_credential_to_environment(handle, *k, *v);
-                if (r != PAM_SUCCESS)
-                        return r;
-        }
-
         if (vtnr > 0) {
                 char buf[DECIMAL_STR_MAX(vtnr)];
                 sprintf(buf, "%u", vtnr);
@@ -1272,6 +1280,10 @@ _public_ PAM_EXTERN int pam_sm_open_session(
         }
 
 success:
+        r = import_shell_credentials(handle);
+        if (r != PAM_SUCCESS)
+                return r;
+
         if (default_capability_ambient_set == UINT64_MAX)
                 default_capability_ambient_set = pick_default_capability_ambient_set(ur, service, seat);