*** peruser-dc2.c	Thu Mar 12 09:22:20 2009
--- peruser-pam-dc2.c	Thu Oct  2 10:44:28 2008
***************
*** 120,125 ****
--- 120,130 ----
  #error "Peruser MPM requres shared memory support."
  #endif
  
+ #define PERUSER_PAM_SESSION
+ 
+ #ifdef PERUSER_PAM_SESSION
+ #include <security/pam_appl.h>
+ #endif /* PERUSER_PAM_SESSION */
  
  /* should be APR-ized */
  #include <grp.h>
***************
*** 1510,1515 ****
--- 1515,1568 ----
        }
      }
  
+ #ifdef PERUSER_PAM_SESSION
+     /*
+      * Use PAM session support. Initial goal was to use the pam_limits module.
+      */
+ #ifndef PAM_SERVICE_NAME
+ #define PAM_SERVICE_NAME "peruser"
+ #endif /* PAM_SERVICE_NAME */
+ 
+     if(senv->uid > 1000) {
+ 
+     struct passwd *pw;
+     pw = getpwuid (senv->uid);
+ 
+     /*
+     ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL,
+                  "user: %s", pw->pw_name);
+     */
+ 
+     #define PAM_CALL(call, name, err_code, do_end) \
+     do \
+     { \
+         rc = (call); \
+         if (rc != PAM_SUCCESS) \
+         { \
+             ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \
+                          "error: %s(): [%d] %s", (name), rc,pam_strerror(pamh, rc)); \
+             (do_end) && pam_end(pamh, rc); \
+             exit(err_code); \
+         } \
+     } while (0)
+ 
+     {
+     int     rc;
+     pam_handle_t    *pamh = NULL;
+     struct pam_conv pamc = { NULL, NULL };
+ 
+     PAM_CALL(pam_start(PAM_SERVICE_NAME, pw->pw_name, &pamc, &pamh), "pam_start", 241, 0);
+     PAM_CALL(pam_open_session(pamh, 0), "pam_open_session", 242, 1);
+     PAM_CALL(pam_close_session(pamh, 0), "pam_close_session", 243, 1);
+     PAM_CALL(pam_end(pamh, 0), "pam_end", 244, 0);
+     }
+ 
+ #undef PAM_CALL
+     }
+ 
+ #undef PAM_SERVICE_NAME
+ #endif /* PERUSER_PAM_SESSION */
+ 
      if (senv->uid == -1 && senv->gid == -1) {
          return unixd_setup_child();
      }