From 5a7613186bb74394912b179689190f439bfbba27 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 27 Feb 2001 09:28:23 +1100 Subject: [PATCH] - (djm) Move PAM init to after fork for non-Solaris derived PAMs --- ChangeLog | 3 ++- session.c | 13 ++++++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0d09f9b70..6f743c781 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,7 @@ - (djm) Search for -lcrypt on FreeBSD too - (djm) fatal() on OpenSSL version mismatch + - (djm) Move PAM init to after fork for non-Solaris derived PAMs 20010226 - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again. @@ -4145,4 +4146,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.830 2001/02/26 22:20:57 djm Exp $ +$Id: ChangeLog,v 1.831 2001/02/26 22:28:23 djm Exp $ diff --git a/session.c b/session.c index ee14afa68..d4053b4c9 100644 --- a/session.c +++ b/session.c @@ -487,7 +487,8 @@ do_exec_no_pty(Session *s, const char *command, struct passwd * pw) session_proctitle(s); -#ifdef USE_PAM +#if defined(USE_PAM) && defined(PAM_SUN_CODEBASE) + /* Solaris-derived PAMs don't like doing this after the fork() */ do_pam_setcred(); #endif /* USE_PAM */ @@ -603,10 +604,11 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw) ptyfd = s->ptyfd; ttyfd = s->ttyfd; -#ifdef USE_PAM +#if defined(USE_PAM) && defined(PAM_SUN_CODEBASE) + /* Solaris-derived PAMs don't like doing this after the fork() */ do_pam_session(pw->pw_name, s->tty); do_pam_setcred(); -#endif /* USE_PAM */ +#endif /* Fork the child. */ if ((pid = fork()) == 0) { @@ -1032,6 +1034,11 @@ do_child(const char *command, struct passwd * pw, const char *term, #endif /* WITH_IRIX_ARRAY */ #endif /* WITH_IRIX_JOBS */ +#if defined(USE_PAM) && !defined(PAM_SUN_CODEBASE) + /* Solaris-derived PAMs don't like doing this after the fork() */ + do_pam_session(pw->pw_name, s->tty); + do_pam_setcred(); +#endif /* login(1) is only called if we execute the login shell */ if (options.use_login && command != NULL)