diff options
Diffstat (limited to 'session.c')
-rw-r--r-- | session.c | 28 |
1 files changed, 16 insertions, 12 deletions
@@ -1310,7 +1310,7 @@ do_setusercontext(struct passwd *pw) | |||
1310 | # ifdef USE_PAM | 1310 | # ifdef USE_PAM |
1311 | if (options.use_pam) { | 1311 | if (options.use_pam) { |
1312 | do_pam_session(); | 1312 | do_pam_session(); |
1313 | do_pam_setcred(0); | 1313 | do_pam_setcred(use_privsep); |
1314 | } | 1314 | } |
1315 | # endif /* USE_PAM */ | 1315 | # endif /* USE_PAM */ |
1316 | if (setusercontext(lc, pw, pw->pw_uid, | 1316 | if (setusercontext(lc, pw, pw->pw_uid, |
@@ -1352,7 +1352,7 @@ do_setusercontext(struct passwd *pw) | |||
1352 | */ | 1352 | */ |
1353 | if (options.use_pam) { | 1353 | if (options.use_pam) { |
1354 | do_pam_session(); | 1354 | do_pam_session(); |
1355 | do_pam_setcred(0); | 1355 | do_pam_setcred(use_privsep); |
1356 | } | 1356 | } |
1357 | # endif /* USE_PAM */ | 1357 | # endif /* USE_PAM */ |
1358 | # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) | 1358 | # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) |
@@ -1361,11 +1361,11 @@ do_setusercontext(struct passwd *pw) | |||
1361 | # ifdef _AIX | 1361 | # ifdef _AIX |
1362 | aix_usrinfo(pw); | 1362 | aix_usrinfo(pw); |
1363 | # endif /* _AIX */ | 1363 | # endif /* _AIX */ |
1364 | #if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) | 1364 | #ifdef USE_LIBIAF |
1365 | if (set_id(pw->pw_name) != 0) { | 1365 | if (set_id(pw->pw_name) != 0) { |
1366 | exit(1); | 1366 | exit(1); |
1367 | } | 1367 | } |
1368 | #endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */ | 1368 | #endif /* USE_LIBIAF */ |
1369 | /* Permanently switch to the desired uid. */ | 1369 | /* Permanently switch to the desired uid. */ |
1370 | permanently_set_uid(pw); | 1370 | permanently_set_uid(pw); |
1371 | #endif | 1371 | #endif |
@@ -2478,8 +2478,19 @@ do_cleanup(Authctxt *authctxt) | |||
2478 | return; | 2478 | return; |
2479 | called = 1; | 2479 | called = 1; |
2480 | 2480 | ||
2481 | if (authctxt == NULL || !authctxt->authenticated) | 2481 | if (authctxt == NULL) |
2482 | return; | 2482 | return; |
2483 | |||
2484 | #ifdef USE_PAM | ||
2485 | if (options.use_pam) { | ||
2486 | sshpam_cleanup(); | ||
2487 | sshpam_thread_cleanup(); | ||
2488 | } | ||
2489 | #endif | ||
2490 | |||
2491 | if (!authctxt->authenticated) | ||
2492 | return; | ||
2493 | |||
2483 | #ifdef KRB5 | 2494 | #ifdef KRB5 |
2484 | if (options.kerberos_ticket_cleanup && | 2495 | if (options.kerberos_ticket_cleanup && |
2485 | authctxt->krb5_ctx) | 2496 | authctxt->krb5_ctx) |
@@ -2491,13 +2502,6 @@ do_cleanup(Authctxt *authctxt) | |||
2491 | ssh_gssapi_cleanup_creds(); | 2502 | ssh_gssapi_cleanup_creds(); |
2492 | #endif | 2503 | #endif |
2493 | 2504 | ||
2494 | #ifdef USE_PAM | ||
2495 | if (options.use_pam) { | ||
2496 | sshpam_cleanup(); | ||
2497 | sshpam_thread_cleanup(); | ||
2498 | } | ||
2499 | #endif | ||
2500 | |||
2501 | /* remove agent socket */ | 2505 | /* remove agent socket */ |
2502 | auth_sock_cleanup_proc(authctxt->pw); | 2506 | auth_sock_cleanup_proc(authctxt->pw); |
2503 | 2507 | ||