- (djm) Reestablish PAM credentials (which can be supplemental group

memberships) after initgroups() blows them away. Report and suggested fix from Nalin Dahyabhai <nalin@redhat.com>
author: Damien Miller <djm@mindrot.org> 2001-03-27 16:12:24 +1000
committer: Damien Miller <djm@mindrot.org> 2001-03-27 16:12:24 +1000
commit: f9e93009478075ec04f0ee407e8f83ab2558a892 (patch)
tree: 48327e0001087c3d25a13a4a53111519c5b0145c /auth-pam.c
parent: 771bbac73327304cbac69ca37e33b5771e01fc17 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/auth-pam.c b/auth-pam.c
index 2ea29964..d8eefdfd 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -33,7 +33,7 @@
 #include "canohost.h"
 #include "readpass.h"
 
-RCSID("$Id: auth-pam.c,v 1.33 2001/03/21 02:01:35 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.34 2001/03/27 06:12:24 djm Exp $");
 
 #define NEW_AUTHTOK_MSG \
 	"Warning: Your password has expired, please change it now"
@@ -287,14 +287,15 @@ void do_pam_session(char *username, const char *ttyname)
 }
 
 /* Set PAM credentials */
-void do_pam_setcred(void)
+void do_pam_setcred(int init)
 {
 	int pam_retval;
 
 	do_pam_set_conv(&conv);
 
 	debug("PAM establishing creds");
-	pam_retval = pam_setcred(__pamh, PAM_ESTABLISH_CRED);
+	pam_retval = pam_setcred(__pamh, 
+	    init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED);
 	if (pam_retval != PAM_SUCCESS) {
 		if (was_authenticated)
 			fatal("PAM setcred failed[%d]: %.200s",
author	Damien Miller <djm@mindrot.org>	2001-03-27 16:12:24 +1000
committer	Damien Miller <djm@mindrot.org>	2001-03-27 16:12:24 +1000
commit	f9e93009478075ec04f0ee407e8f83ab2558a892 (patch)
tree	48327e0001087c3d25a13a4a53111519c5b0145c /auth-pam.c
parent	771bbac73327304cbac69ca37e33b5771e01fc17 (diff)