- (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always

   called with PAM_ESTABLISH_CRED at least once, which resolves a problem
   with pam_dhkeys.  Patch from David Leonard, ok djm@

2 files changed, 8 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 5314b283..8a602213 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+20070813
+ - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always
+   called with PAM_ESTABLISH_CRED at least once, which resolves a problem
+   with pam_dhkeys.  Patch from David Leonard, ok djm@
+
 20070810
  - (dtucker) [auth-pam.c] Use sigdie here too.  ok djm@
  - (dtucker) [configure.ac] Bug #1343: Set DISABLE_FD_PASSING for QNX6. From 
@@ -3147,4 +3152,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4724 2007/08/10 04:36:12 dtucker Exp $
+$Id: ChangeLog,v 1.4725 2007/08/13 13:11:56 dtucker Exp $
diff --git a/session.c b/session.c
index 32e592ad..8c09c17c 100644
--- a/session.c
+++ b/session.c
@@ -1310,7 +1310,7 @@ do_setusercontext(struct passwd *pw)
 # ifdef USE_PAM
 		if (options.use_pam) {
 			do_pam_session();
-			do_pam_setcred(0);
+			do_pam_setcred(use_privsep);
 		}
 # endif /* USE_PAM */
 		if (setusercontext(lc, pw, pw->pw_uid,
@@ -1352,7 +1352,7 @@ do_setusercontext(struct passwd *pw)
 		 */
 		if (options.use_pam) {
 			do_pam_session();
-			do_pam_setcred(0);
+			do_pam_setcred(use_privsep);
 		}
 # endif /* USE_PAM */
 # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)