diff options
author | Darren Tucker <dtucker@zip.com.au> | 2008-03-11 22:58:25 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2008-03-11 22:58:25 +1100 |
commit | 52358d6df32d9ae923572c43a58159d84b673631 (patch) | |
tree | 83261a70dd007f2af900e1b22884c75b703f8b37 /auth-pam.c | |
parent | fe1cf97ee811dc7a2bb7cea912c9292c976ab5af (diff) |
- (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move
pam_open_session and pam_close_session into the privsep monitor, which
will ensure that pam_session_close is called as root. Patch from Tomas
Mraz.
Diffstat (limited to 'auth-pam.c')
-rw-r--r-- | auth-pam.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/auth-pam.c b/auth-pam.c index a07f1fe77..ccdb9937e 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -598,15 +598,17 @@ static struct pam_conv store_conv = { sshpam_store_conv, NULL }; | |||
598 | void | 598 | void |
599 | sshpam_cleanup(void) | 599 | sshpam_cleanup(void) |
600 | { | 600 | { |
601 | debug("PAM: cleanup"); | 601 | if (sshpam_handle == NULL || (use_privsep && !mm_is_monitor())) |
602 | if (sshpam_handle == NULL) | ||
603 | return; | 602 | return; |
603 | debug("PAM: cleanup"); | ||
604 | pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv); | 604 | pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv); |
605 | if (sshpam_cred_established) { | 605 | if (sshpam_cred_established) { |
606 | debug("PAM: deleting credentials"); | ||
606 | pam_setcred(sshpam_handle, PAM_DELETE_CRED); | 607 | pam_setcred(sshpam_handle, PAM_DELETE_CRED); |
607 | sshpam_cred_established = 0; | 608 | sshpam_cred_established = 0; |
608 | } | 609 | } |
609 | if (sshpam_session_open) { | 610 | if (sshpam_session_open) { |
611 | debug("PAM: closing session"); | ||
610 | pam_close_session(sshpam_handle, PAM_SILENT); | 612 | pam_close_session(sshpam_handle, PAM_SILENT); |
611 | sshpam_session_open = 0; | 613 | sshpam_session_open = 0; |
612 | } | 614 | } |