diff options
author | Darren Tucker <dtucker@zip.com.au> | 2008-03-11 22:58:25 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2008-03-11 22:58:25 +1100 |
commit | 52358d6df32d9ae923572c43a58159d84b673631 (patch) | |
tree | 83261a70dd007f2af900e1b22884c75b703f8b37 /auth-pam.c | |
parent | fe1cf97ee811dc7a2bb7cea912c9292c976ab5af (diff) |
- (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move
pam_open_session and pam_close_session into the privsep monitor, which
will ensure that pam_session_close is called as root. Patch from Tomas
Mraz.
Diffstat (limited to 'auth-pam.c')
-rw-r--r-- | auth-pam.c | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -598,15 +598,17 @@ static struct pam_conv store_conv = { sshpam_store_conv, NULL }; void sshpam_cleanup(void) { - debug("PAM: cleanup"); - if (sshpam_handle == NULL) + if (sshpam_handle == NULL || (use_privsep && !mm_is_monitor())) return; + debug("PAM: cleanup"); pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv); if (sshpam_cred_established) { + debug("PAM: deleting credentials"); pam_setcred(sshpam_handle, PAM_DELETE_CRED); sshpam_cred_established = 0; } if (sshpam_session_open) { + debug("PAM: closing session"); pam_close_session(sshpam_handle, PAM_SILENT); sshpam_session_open = 0; } |