- (dtucker) [session.c] Call PAM cleanup functions for unauthenticated

   connections too.  Based on a patch from Sandro Wefel, with & ok djm@

2 files changed, 17 insertions, 9 deletions

diff --git a/ChangeLog b/ChangeLog
index 56ecc293..c56c6bd3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20070816
+ - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated
+   connections too.  Based on a patch from Sandro Wefel, with & ok djm@
+
 20070815
  - (dtucker) OpenBSD CVS Sync
    - markus@cvs.openbsd.org 2007/08/15 08:14:46
@@ -3169,4 +3173,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4730 2007/08/15 12:20:22 dtucker Exp $
+$Id: ChangeLog,v 1.4731 2007/08/16 13:28:04 dtucker Exp $
diff --git a/session.c b/session.c
index 8c09c17c..9a606ef8 100644
--- a/session.c
+++ b/session.c
@@ -2478,8 +2478,19 @@ do_cleanup(Authctxt *authctxt)
 		return;
 	called = 1;
 
-	if (authctxt == NULL || !authctxt->authenticated)
+	if (authctxt == NULL)
 		return;
+
+#ifdef USE_PAM
+	if (options.use_pam) {
+		sshpam_cleanup();
+		sshpam_thread_cleanup();
+	}
+#endif
+
+	if (!authctxt->authenticated)
+		return;
+
 #ifdef KRB5
 	if (options.kerberos_ticket_cleanup &&
 	    authctxt->krb5_ctx)
@@ -2491,13 +2502,6 @@ do_cleanup(Authctxt *authctxt)
 		ssh_gssapi_cleanup_creds();
 #endif
 
-#ifdef USE_PAM
-	if (options.use_pam) {
-		sshpam_cleanup();
-		sshpam_thread_cleanup();
-	}
-#endif
-
 	/* remove agent socket */
 	auth_sock_cleanup_proc(authctxt->pw);