From eabf3417bc73ca9546a3ed489cd809ffdf303853 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Tue, 7 Dec 1999 14:56:27 +1100
Subject: [PATCH]  - Fix PAM account and session being called multiple times.
 Problem    reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>

---
 ChangeLog |  2 ++
 sshd.c    | 45 +++++++++++++++++++++++++++++++--------------
 2 files changed, 33 insertions(+), 14 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 476d8630c..f475f188d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,8 @@
  - sshd Redhat init script patch from Jim Knoble <jmknoble@pobox.com>
    fixes compatability with 4.x and 5.x
  - Fixed default SSH_ASKPASS
+ - Fix PAM account and session being called multiple times. Problem 
+   reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
 
 19991204
  - Small cleanup of PAM code in sshd.c
diff --git a/sshd.c b/sshd.c
index fa9eab74f..60d34d8b6 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.33 1999/12/04 09:24:48 damien Exp $");
+RCSID("$Id: sshd.c,v 1.34 1999/12/07 03:56:27 damien Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -1551,24 +1551,41 @@ do_authloop(struct passwd * pw)
 			get_remote_port(),
 			user);
 
-#ifdef HAVE_LIBPAM
-		do_pam_account_and_session(pw->pw_name, client_user);
-
-		/* Clean up */
-		if (client_user != NULL)
-			xfree(client_user);
-
-		if (password != NULL) {
-			memset(password, 0, strlen(password));
-			xfree(password);
-		}
-#endif /* HAVE_LIBPAM */
-
+#ifndef HAVE_LIBPAM
 		if (authenticated)
 			return;
 
 		if (attempt > AUTH_FAIL_MAX)
 			packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
+#else /* HAVE_LIBPAM */
+		if (authenticated) {
+			do_pam_account_and_session(pw->pw_name, client_user);
+
+			/* Clean up */
+			if (client_user != NULL)
+				xfree(client_user);
+
+			if (password != NULL) {
+				memset(password, 0, strlen(password));
+				xfree(password);
+			}
+			
+			return;
+		}
+
+		if (attempt > AUTH_FAIL_MAX) {
+			/* Clean up */
+			if (client_user != NULL)
+				xfree(client_user);
+
+			if (password != NULL) {
+				memset(password, 0, strlen(password));
+				xfree(password);
+			}
+			
+			packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
+		}
+#endif /* HAVE_LIBPAM */
 
 		/* Send a message indicating that the authentication attempt failed. */
 		packet_start(SSH_SMSG_FAILURE);