- (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move

pam_open_session and pam_close_session into the privsep monitor, which will ensure that pam_session_close is called as root. Patch from Tomas Mraz.
author: Darren Tucker <dtucker@zip.com.au> 2008-03-11 22:58:25 +1100
committer: Darren Tucker <dtucker@zip.com.au> 2008-03-11 22:58:25 +1100
commit: 52358d6df32d9ae923572c43a58159d84b673631 (patch)
tree: 83261a70dd007f2af900e1b22884c75b703f8b37 /auth-pam.c
parent: fe1cf97ee811dc7a2bb7cea912c9292c976ab5af (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/auth-pam.c b/auth-pam.c
index a07f1fe7..ccdb9937 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -598,15 +598,17 @@ static struct pam_conv store_conv = { sshpam_store_conv, NULL };
 void
 sshpam_cleanup(void)
 {
-	debug("PAM: cleanup");
-	if (sshpam_handle == NULL)
+	if (sshpam_handle == NULL || (use_privsep && !mm_is_monitor()))
 		return;
+	debug("PAM: cleanup");
 	pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
 	if (sshpam_cred_established) {
+		debug("PAM: deleting credentials");
 		pam_setcred(sshpam_handle, PAM_DELETE_CRED);
 		sshpam_cred_established = 0;
 	}
 	if (sshpam_session_open) {
+		debug("PAM: closing session");
 		pam_close_session(sshpam_handle, PAM_SILENT);
 		sshpam_session_open = 0;
 	}
author	Darren Tucker <dtucker@zip.com.au>	2008-03-11 22:58:25 +1100
committer	Darren Tucker <dtucker@zip.com.au>	2008-03-11 22:58:25 +1100
commit	52358d6df32d9ae923572c43a58159d84b673631 (patch)
tree	83261a70dd007f2af900e1b22884c75b703f8b37 /auth-pam.c
parent	fe1cf97ee811dc7a2bb7cea912c9292c976ab5af (diff)