- (djm) Make privsep work with PAM (still experimental)

author: Damien Miller <djm@mindrot.org> 2002-04-23 20:28:48 +1000
committer: Damien Miller <djm@mindrot.org> 2002-04-23 20:28:48 +1000
commit: 7941855f09b067b639d72757ee3b1d5be1925d50 (patch)
tree: 0e94366b3fdd991cae8de9d0ce04a4f374fa12cf /auth2.c
parent: 594a71b9b92af786d34d8d961162374e5e4af72f (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/auth2.c b/auth2.c
index eadaa713..4c18d232 100644
--- a/auth2.c
+++ b/auth2.c
@@ -189,12 +189,12 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 			authctxt->valid = 1;
 			debug2("input_userauth_request: setting up authctxt for %s", user);
 #ifdef USE_PAM
-			start_pam(authctxt->pw->pw_name);
+			PRIVSEP(start_pam(authctxt->pw->pw_name));
 #endif
 		} else {
 			log("input_userauth_request: illegal user %s", user);
 #ifdef USE_PAM
-			start_pam("NOUSER");
+			PRIVSEP(start_pam("NOUSER"));
 #endif
 		}
 		setproctitle("%s%s", authctxt->pw ? user : "unknown",
@@ -242,8 +242,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
 		authenticated = 0;
 
 #ifdef USE_PAM
-	if (authenticated && authctxt->user && !do_pam_account(authctxt->user,
-	    NULL))
+	if (!use_privsep && authenticated && authctxt->user && 
+	    !do_pam_account(authctxt->user, NULL))
 		authenticated = 0;
 #endif /* USE_PAM */
author	Damien Miller <djm@mindrot.org>	2002-04-23 20:28:48 +1000
committer	Damien Miller <djm@mindrot.org>	2002-04-23 20:28:48 +1000
commit	7941855f09b067b639d72757ee3b1d5be1925d50 (patch)
tree	0e94366b3fdd991cae8de9d0ce04a4f374fa12cf /auth2.c
parent	594a71b9b92af786d34d8d961162374e5e4af72f (diff)