Attachment #709 for bug #926




	if (sshpam_err != PAM_SUCCESS)
		fatal("PAM: pam_open_session(): %s",
		    pam_strerror(sshpam_handle, sshpam_err));
}

/*
 * Because the session modules are run by the forked child just before
 * do_setusercontext, the cleanup must be run (as root) in the parent, so
 * we set this flag in the parent instead.
 */
void
sshpam_set_session_open(int isopen)
{
	sshpam_session_open = isopen;
}

/*

Lines 35-40 void start_pam(Authctxt *); Link Here

(-)auth-pam.h (+1 lines)
35	void finish_pam(void);	35	void finish_pam(void);
36	u_int do_pam_account(void);	36	u_int do_pam_account(void);
37	void do_pam_session(void);	37	void do_pam_session(void);
		38	void sshpam_set_session_open(int);
38	void do_pam_set_tty(const char *);	39	void do_pam_set_tty(const char *);
39	void do_pam_setcred(int );	40	void do_pam_setcred(int );
40	void do_pam_chauthtok(void);	41	void do_pam_chauthtok(void);

Lines 398-405 do_exec_no_pty(Session s, const char c Link Here

(-)session.c (-2 / +6 lines)
398	session_proctitle(s);	398	session_proctitle(s);
399		399
400	#if defined(USE_PAM)	400	#if defined(USE_PAM)
401	if (options.use_pam && !use_privsep)	401	if (options.use_pam) {
402	do_pam_setcred(1);	402	if (!use_privsep)
		403	do_pam_setcred(1);
		404	sshpam_set_session_open(1);
		405	}
403	#endif /* USE_PAM */	406	#endif /* USE_PAM */
404		407
405	/* Fork the child. */	408	/* Fork the child. */
Lines 537-542 do_exec_pty(Session s, const char comm Link Here
537	do_pam_set_tty(s->tty);	540	do_pam_set_tty(s->tty);
538	if (!use_privsep)	541	if (!use_privsep)
539	do_pam_setcred(1);	542	do_pam_setcred(1);
		543	sshpam_set_session_open(1);
540	}	544	}
541	#endif	545	#endif
542		546

Return to bug 926

Lines 952-958 do_pam_session(void) Link Here

(-)auth-pam.c (-1 / +11 lines)
952	if (sshpam_err != PAM_SUCCESS)	952	if (sshpam_err != PAM_SUCCESS)
953	fatal("PAM: pam_open_session(): %s",	953	fatal("PAM: pam_open_session(): %s",
954	pam_strerror(sshpam_handle, sshpam_err));	954	pam_strerror(sshpam_handle, sshpam_err));
955	sshpam_session_open = 1;	955	}
		956
		957	/*
		958	* Because the session modules are run by the forked child just before
		959	* do_setusercontext, the cleanup must be run (as root) in the parent, so
		960	* we set this flag in the parent instead.
		961	*/
		962	void
		963	sshpam_set_session_open(int isopen)
		964	{
		965	sshpam_session_open = isopen;
956	}	966	}
957		967
958	/*	968	/*