- (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move pam_open_session and pam_close_session into the privsep monitor, which will ensure that pam_session_close is called as root. Patch from Tomas Mraz.

commit: 52358d6df32d9ae923572c43a58159d84b673631 [log] [tgz]
author: Darren Tucker <dtucker@zip.com.au> Tue Mar 11 22:58:25 2008 +1100
committer: Darren Tucker <dtucker@zip.com.au> Tue Mar 11 22:58:25 2008 +1100
tree: 83261a70dd007f2af900e1b22884c75b703f8b37
parent: fe1cf97ee811dc7a2bb7cea912c9292c976ab5af [diff] [blame]
diff --git a/auth-pam.c b/auth-pam.c
index a07f1fe..ccdb993 100644
--- a/auth-pam.c
+++ b/auth-pam.c

@@ -598,15 +598,17 @@
 void
 sshpam_cleanup(void)
 {
-	debug("PAM: cleanup");
-	if (sshpam_handle == NULL)
+	if (sshpam_handle == NULL || (use_privsep && !mm_is_monitor()))
 		return;
+	debug("PAM: cleanup");
 	pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
 	if (sshpam_cred_established) {
+		debug("PAM: deleting credentials");
 		pam_setcred(sshpam_handle, PAM_DELETE_CRED);
 		sshpam_cred_established = 0;
 	}
 	if (sshpam_session_open) {
+		debug("PAM: closing session");
 		pam_close_session(sshpam_handle, PAM_SILENT);
 		sshpam_session_open = 0;
 	}
commit	52358d6df32d9ae923572c43a58159d84b673631	[log] [tgz]
author	Darren Tucker <dtucker@zip.com.au>	Tue Mar 11 22:58:25 2008 +1100
committer	Darren Tucker <dtucker@zip.com.au>	Tue Mar 11 22:58:25 2008 +1100
tree	83261a70dd007f2af900e1b22884c75b703f8b37
parent	fe1cf97ee811dc7a2bb7cea912c9292c976ab5af [diff] [blame]