From 3f8123c804bdabbc95caf9e3495310e584944fb2 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sat, 19 Aug 2006 00:32:46 +1000
Subject: [PATCH]    - markus@cvs.openbsd.org 2006/08/18 09:15:20      [auth.h
 session.c sshd.c]      delay authentication related cleanups until we're
 authenticated and      all alarms have been cancelled; ok deraadt

---
 ChangeLog | 6 +++++-
 auth.h    | 3 ++-
 session.c | 4 ++--
 sshd.c    | 3 ++-
 4 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 6a04d1a0f..8fdabe467 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -26,6 +26,10 @@
      [log.c log.h sshd.c]
      make signal handler termination path shorter; risky code pointed out by
      mark dowd; ok djm markus
+   - markus@cvs.openbsd.org 2006/08/18 09:15:20
+     [auth.h session.c sshd.c]
+     delay authentication related cleanups until we're authenticated and
+     all alarms have been cancelled; ok deraadt
 
 20060817
  - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c]
@@ -5247,4 +5251,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.4491 2006/08/18 14:32:20 djm Exp $
+$Id: ChangeLog,v 1.4492 2006/08/18 14:32:46 djm Exp $
diff --git a/auth.h b/auth.h
index 26158b9dd..8c554b6a6 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.57 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth.h,v 1.58 2006/08/18 09:15:20 markus Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -48,6 +48,7 @@ typedef struct KbdintDevice KbdintDevice;
 
 struct Authctxt {
 	sig_atomic_t	 success;
+	int		 authenticated;	/* authenticated and alarms cancelled */
 	int		 postponed;	/* authentication needs another step */
 	int		 valid;		/* user exists and is allowed to login */
 	int		 attempt;
diff --git a/session.c b/session.c
index 1eb66f440..057298c86 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.217 2006/08/04 20:46:05 stevesk Exp $ */
+/* $OpenBSD: session.c,v 1.218 2006/08/18 09:15:20 markus Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -2476,7 +2476,7 @@ do_cleanup(Authctxt *authctxt)
 		return;
 	called = 1;
 
-	if (authctxt == NULL)
+	if (authctxt == NULL || !authctxt->authenticated)
 		return;
 #ifdef KRB5
 	if (options.kerberos_ticket_cleanup &&
diff --git a/sshd.c b/sshd.c
index f1f2e38b3..dcc626589 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.346 2006/08/18 09:13:26 deraadt Exp $ */
+/* $OpenBSD: sshd.c,v 1.347 2006/08/18 09:15:20 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1800,6 +1800,7 @@ main(int ac, char **av)
 	 */
 	alarm(0);
 	signal(SIGALRM, SIG_DFL);
+	authctxt->authenticated = 1;
 	if (startup_pipe != -1) {
 		close(startup_pipe);
 		startup_pipe = -1;