summaryrefslogtreecommitdiff
path: root/auth-pam.c
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2008-03-11 22:58:25 +1100
committerDarren Tucker <dtucker@zip.com.au>2008-03-11 22:58:25 +1100
commit52358d6df32d9ae923572c43a58159d84b673631 (patch)
tree83261a70dd007f2af900e1b22884c75b703f8b37 /auth-pam.c
parentfe1cf97ee811dc7a2bb7cea912c9292c976ab5af (diff)
- (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move
pam_open_session and pam_close_session into the privsep monitor, which will ensure that pam_session_close is called as root. Patch from Tomas Mraz.
Diffstat (limited to 'auth-pam.c')
-rw-r--r--auth-pam.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/auth-pam.c b/auth-pam.c
index a07f1fe77..ccdb9937e 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -598,15 +598,17 @@ static struct pam_conv store_conv = { sshpam_store_conv, NULL };
598void 598void
599sshpam_cleanup(void) 599sshpam_cleanup(void)
600{ 600{
601 debug("PAM: cleanup"); 601 if (sshpam_handle == NULL || (use_privsep && !mm_is_monitor()))
602 if (sshpam_handle == NULL)
603 return; 602 return;
603 debug("PAM: cleanup");
604 pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv); 604 pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
605 if (sshpam_cred_established) { 605 if (sshpam_cred_established) {
606 debug("PAM: deleting credentials");
606 pam_setcred(sshpam_handle, PAM_DELETE_CRED); 607 pam_setcred(sshpam_handle, PAM_DELETE_CRED);
607 sshpam_cred_established = 0; 608 sshpam_cred_established = 0;
608 } 609 }
609 if (sshpam_session_open) { 610 if (sshpam_session_open) {
611 debug("PAM: closing session");
610 pam_close_session(sshpam_handle, PAM_SILENT); 612 pam_close_session(sshpam_handle, PAM_SILENT);
611 sshpam_session_open = 0; 613 sshpam_session_open = 0;
612 } 614 }