From 2d9636471bb75c10342dbabcc2f6a0b2e60cca01 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Mon, 13 Aug 2007 23:11:56 +1000
Subject:  - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is
 always    called with PAM_ESTABLISH_CRED at least once, which resolves a
 problem    with pam_dhkeys.  Patch from David Leonard, ok djm@

---
 ChangeLog | 7 ++++++-
 session.c | 4 ++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 5314b283..8a602213 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+20070813
+ - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always
+   called with PAM_ESTABLISH_CRED at least once, which resolves a problem
+   with pam_dhkeys.  Patch from David Leonard, ok djm@
+
 20070810
  - (dtucker) [auth-pam.c] Use sigdie here too.  ok djm@
  - (dtucker) [configure.ac] Bug #1343: Set DISABLE_FD_PASSING for QNX6. From 
@@ -3147,4 +3152,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4724 2007/08/10 04:36:12 dtucker Exp $
+$Id: ChangeLog,v 1.4725 2007/08/13 13:11:56 dtucker Exp $
diff --git a/session.c b/session.c
index 32e592ad..8c09c17c 100644
--- a/session.c
+++ b/session.c
@@ -1310,7 +1310,7 @@ do_setusercontext(struct passwd *pw)
 # ifdef USE_PAM
 		if (options.use_pam) {
 			do_pam_session();
-			do_pam_setcred(0);
+			do_pam_setcred(use_privsep);
 		}
 # endif /* USE_PAM */
 		if (setusercontext(lc, pw, pw->pw_uid,
@@ -1352,7 +1352,7 @@ do_setusercontext(struct passwd *pw)
 		 */
 		if (options.use_pam) {
 			do_pam_session();
-			do_pam_setcred(0);
+			do_pam_setcred(use_privsep);
 		}
 # endif /* USE_PAM */
 # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
-- 
cgit v1.2.3