- (dtucker) [session.c] Call PAM cleanup functions for unauthenticated

   connections too.  Based on a patch from Sandro Wefel, with & ok djm@

2 files changed, 17 insertions, 9 deletions

diff --git a/ChangeLog b/ChangeLog
index 56ecc2931..c56c6bd3f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20070816
+ - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated
+   connections too.  Based on a patch from Sandro Wefel, with & ok djm@
+
 20070815
  - (dtucker) OpenBSD CVS Sync
    - markus@cvs.openbsd.org 2007/08/15 08:14:46
@@ -3169,4 +3173,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4730 2007/08/15 12:20:22 dtucker Exp $
+$Id: ChangeLog,v 1.4731 2007/08/16 13:28:04 dtucker Exp $
diff --git a/session.c b/session.c
index 8c09c17cd..9a606ef8f 100644
--- a/session.c
+++ b/session.c
@@ -2478,8 +2478,19 @@ do_cleanup(Authctxt *authctxt)
                 return;
         called = 1;
 
-        if (authctxt == NULL || !authctxt->authenticated)
+        if (authctxt == NULL)
                 return;
+
+#ifdef USE_PAM
+        if (options.use_pam) {
+                sshpam_cleanup();
+                sshpam_thread_cleanup();
+        }
+#endif
+
+        if (!authctxt->authenticated)
+                return;
+
 #ifdef KRB5
         if (options.kerberos_ticket_cleanup &&
             authctxt->krb5_ctx)
@@ -2491,13 +2502,6 @@ do_cleanup(Authctxt *authctxt)
                 ssh_gssapi_cleanup_creds();
 #endif
 
-#ifdef USE_PAM
-        if (options.use_pam) {
-                sshpam_cleanup();
-                sshpam_thread_cleanup();
-        }
-#endif
-
         /* remove agent socket */
         auth_sock_cleanup_proc(authctxt->pw);