2 files changed, 19 insertions, 4 deletions

diff --git a/ChangeLog b/ChangeLog
index 013a092b8..20ebaa3c9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+20010214
+ - (djm) Don't try to close PAM session or delete credentials if the
+   session has not been open or credentials not set. Based on patch from 
+   Andrew Bartlett <abartlet@pcug.org.au>
+
 20010213
  - (djm) Only test -S potential EGD sockets if they exist and are readable.
  - (bal) Cleaned out bsd-snprintf.c.  VARARGS have been banished and
@@ -3913,4 +3918,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.754 2001/02/13 11:26:21 stevesk Exp $
+$Id: ChangeLog,v 1.755 2001/02/13 13:43:55 djm Exp $
diff --git a/auth-pam.c b/auth-pam.c
index 9e0467f56..cdaa97ed4 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -33,7 +33,7 @@
 #include "canohost.h"
 #include "readpass.h"
 
-RCSID("$Id: auth-pam.c,v 1.27 2001/02/11 11:39:19 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.28 2001/02/13 13:43:56 djm Exp $");
 
 #define NEW_AUTHTOK_MSG \
         "Warning: Your password has expired, please change it now"
@@ -72,6 +72,10 @@ int do_pam_authenticate(int flags)
         return retval;
 }
 
+/* Remember what has been initialised */
+static int session_opened = 0;
+static int creds_set = 0;
+
 /*
  * PAM conversation function.
  * There are two states this can run in.
@@ -170,17 +174,21 @@ void pam_cleanup_proc(void *context)
 {
         int pam_retval;
 
-        if (pamh) {
+        if (pamh && session_opened) {
                 pam_retval = pam_close_session(pamh, 0);
                 if (pam_retval != PAM_SUCCESS)
                         log("Cannot close PAM session[%d]: %.200s",
                             pam_retval, PAM_STRERROR(pamh, pam_retval));
+        }
 
+        if (pamh && creds_set) {
                 pam_retval = pam_setcred(pamh, PAM_DELETE_CRED);
                 if (pam_retval != PAM_SUCCESS)
                         debug("Cannot delete credentials[%d]: %.200s", 
                             pam_retval, PAM_STRERROR(pamh, pam_retval));
+        }
 
+        if (pamh) {
                 pam_retval = pam_end(pamh, pam_retval);
                 if (pam_retval != PAM_SUCCESS)
                         log("Cannot release PAM authentication[%d]: %.200s",
@@ -272,6 +280,7 @@ void do_pam_session(char *username, const char *ttyname)
         if (pam_retval != PAM_SUCCESS)
                 fatal("PAM session setup failed[%d]: %.200s",
                     pam_retval, PAM_STRERROR(pamh, pam_retval));
+        session_opened = 1;
 }
 
 /* Set PAM credentials */
@@ -288,7 +297,8 @@ void do_pam_setcred(void)
                 else
                         debug("PAM setcred failed[%d]: %.200s",
                             pam_retval, PAM_STRERROR(pamh, pam_retval));
-        }
+        } else
+                creds_set = 1;
 }
 
 /* accessor function for file scope static variable */