Pass a pointer to user_env in to the init_session policy plugin

function so session setup can modify the user environment as needed.
For PAM authentication, merge the PAM environment with the user
environment at init_session time.  We no longer need to swap in the
user_env for environ during session init, nor do we need to disable
the env hooks at init_session time.

plugins/sudoers/env.c

@@ -90,6 +90,7 @@
 #define KEPT_MAX    	0xff00
 
 struct environment {
+    char * const *old_envp;	/* pointer the environment we passed back */
     char **envp;		/* pointer to the new environment */
     size_t env_size;		/* size of new_environ in char **'s */
     size_t env_len;		/* number of slots used, not counting NULL */
@@ -208,8 +209,10 @@ env_init(char * const envp[])
     debug_decl(env_init, SUDO_DEBUG_ENV)
 
     if (envp == NULL) {
-	/* Reset to initial state. */
+	/* Reset to initial state but keep a pointer to what we allocated. */
+	envp = env.envp;
 	memset(&env, 0, sizeof(env));
+	env.old_envp = envp;
     } else {
 	/* Make private copy of envp. */
 	for (ep = envp; *ep != NULL; ep++)
@@ -224,6 +227,10 @@ env_init(char * const envp[])
 #endif
 	memcpy(env.envp, envp, len * sizeof(char *));
 	env.envp[len] = '\0';
+
+	/* Free the old envp we allocated, if any. */
+	if (env.old_envp != NULL)
+	    efree((void *)env.old_envp);
     }
 
     debug_return;
@@ -485,6 +492,21 @@ sudo_getenv(const char *name)
     debug_return_str(val);
 }
 
+/*
+ * Merge another environment with our private copy.
+ */
+void
+env_merge(char * const envp[], bool overwrite)
+{
+    char * const *ep;
+    debug_decl(env_merge, SUDO_DEBUG_ENV)
+
+    for (ep = envp; *ep != NULL; ep++)
+	sudo_putenv(*ep, true, overwrite);
+
+    debug_return;
+}
+
 /*
  * Check the env_delete blacklist.
  * Returns true if the variable was found, else false.