summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2001-02-27 09:28:23 +1100
committerDamien Miller <djm@mindrot.org>2001-02-27 09:28:23 +1100
commit5a7613186bb74394912b179689190f439bfbba27 (patch)
tree5c0c96bba4f16640f980fdea26b5043b319770ca
parent767c7fc27cac2ecbb2d8248369c0b93d8901f30f (diff)
- (djm) Move PAM init to after fork for non-Solaris derived PAMs
-rw-r--r--ChangeLog3
-rw-r--r--session.c13
2 files changed, 12 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 0d09f9b7..6f743c78 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,7 @@
<markm@swoon.net>
- (djm) Search for -lcrypt on FreeBSD too
- (djm) fatal() on OpenSSL version mismatch
+ - (djm) Move PAM init to after fork for non-Solaris derived PAMs
20010226
- (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again.
@@ -4145,4 +4146,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.830 2001/02/26 22:20:57 djm Exp $
+$Id: ChangeLog,v 1.831 2001/02/26 22:28:23 djm Exp $
diff --git a/session.c b/session.c
index ee14afa6..d4053b4c 100644
--- a/session.c
+++ b/session.c
@@ -487,7 +487,8 @@ do_exec_no_pty(Session *s, const char *command, struct passwd * pw)
session_proctitle(s);
-#ifdef USE_PAM
+#if defined(USE_PAM) && defined(PAM_SUN_CODEBASE)
+ /* Solaris-derived PAMs don't like doing this after the fork() */
do_pam_setcred();
#endif /* USE_PAM */
@@ -603,10 +604,11 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw)
ptyfd = s->ptyfd;
ttyfd = s->ttyfd;
-#ifdef USE_PAM
+#if defined(USE_PAM) && defined(PAM_SUN_CODEBASE)
+ /* Solaris-derived PAMs don't like doing this after the fork() */
do_pam_session(pw->pw_name, s->tty);
do_pam_setcred();
-#endif /* USE_PAM */
+#endif
/* Fork the child. */
if ((pid = fork()) == 0) {
@@ -1032,6 +1034,11 @@ do_child(const char *command, struct passwd * pw, const char *term,
#endif /* WITH_IRIX_ARRAY */
#endif /* WITH_IRIX_JOBS */
+#if defined(USE_PAM) && !defined(PAM_SUN_CODEBASE)
+ /* Solaris-derived PAMs don't like doing this after the fork() */
+ do_pam_session(pw->pw_name, s->tty);
+ do_pam_setcred();
+#endif
/* login(1) is only called if we execute the login shell */
if (options.use_login && command != NULL)