- (djm) Reestablish PAM credentials (which can be supplemental group memberships) after initgroups() blows them away. Report and suggested fix from Nalin Dahyabhai <nalin@redhat.com>

commit: f9e93009478075ec04f0ee407e8f83ab2558a892 [log] [tgz]
author: Damien Miller <djm@mindrot.org> Tue Mar 27 16:12:24 2001 +1000
committer: Damien Miller <djm@mindrot.org> Tue Mar 27 16:12:24 2001 +1000
tree: 48327e0001087c3d25a13a4a53111519c5b0145c
parent: 771bbac73327304cbac69ca37e33b5771e01fc17 [diff] [blame]
diff --git a/auth-pam.c b/auth-pam.c
index 2ea2996..d8eefdf 100644
--- a/auth-pam.c
+++ b/auth-pam.c

@@ -33,7 +33,7 @@
 #include "canohost.h"
 #include "readpass.h"
 
-RCSID("$Id: auth-pam.c,v 1.33 2001/03/21 02:01:35 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.34 2001/03/27 06:12:24 djm Exp $");
 
 #define NEW_AUTHTOK_MSG \
 	"Warning: Your password has expired, please change it now"
@@ -287,14 +287,15 @@
 }
 
 /* Set PAM credentials */
-void do_pam_setcred(void)
+void do_pam_setcred(int init)
 {
 	int pam_retval;
 
 	do_pam_set_conv(&conv);
 
 	debug("PAM establishing creds");
-	pam_retval = pam_setcred(__pamh, PAM_ESTABLISH_CRED);
+	pam_retval = pam_setcred(__pamh, 
+	    init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED);
 	if (pam_retval != PAM_SUCCESS) {
 		if (was_authenticated)
 			fatal("PAM setcred failed[%d]: %.200s",
commit	f9e93009478075ec04f0ee407e8f83ab2558a892	[log] [tgz]
author	Damien Miller <djm@mindrot.org>	Tue Mar 27 16:12:24 2001 +1000
committer	Damien Miller <djm@mindrot.org>	Tue Mar 27 16:12:24 2001 +1000
tree	48327e0001087c3d25a13a4a53111519c5b0145c
parent	771bbac73327304cbac69ca37e33b5771e01fc17 [diff] [blame]