- (dtucker) [session.c] Call PAM cleanup functions for unauthenticated
connections too. Based on a patch from Sandro Wefel, with & ok djm@
diff --git a/ChangeLog b/ChangeLog
index 56ecc29..c56c6bd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20070816
+ - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated
+ connections too. Based on a patch from Sandro Wefel, with & ok djm@
+
20070815
- (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2007/08/15 08:14:46
@@ -3169,4 +3173,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4730 2007/08/15 12:20:22 dtucker Exp $
+$Id: ChangeLog,v 1.4731 2007/08/16 13:28:04 dtucker Exp $
diff --git a/session.c b/session.c
index 8c09c17..9a606ef 100644
--- a/session.c
+++ b/session.c
@@ -2478,8 +2478,19 @@
return;
called = 1;
- if (authctxt == NULL || !authctxt->authenticated)
+ if (authctxt == NULL)
return;
+
+#ifdef USE_PAM
+ if (options.use_pam) {
+ sshpam_cleanup();
+ sshpam_thread_cleanup();
+ }
+#endif
+
+ if (!authctxt->authenticated)
+ return;
+
#ifdef KRB5
if (options.kerberos_ticket_cleanup &&
authctxt->krb5_ctx)
@@ -2491,13 +2502,6 @@
ssh_gssapi_cleanup_creds();
#endif
-#ifdef USE_PAM
- if (options.use_pam) {
- sshpam_cleanup();
- sshpam_thread_cleanup();
- }
-#endif
-
/* remove agent socket */
auth_sock_cleanup_proc(authctxt->pw);