diff options
author | Damien Miller <djm@mindrot.org> | 2001-02-27 09:28:23 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2001-02-27 09:28:23 +1100 |
commit | 5a7613186bb74394912b179689190f439bfbba27 (patch) | |
tree | 5c0c96bba4f16640f980fdea26b5043b319770ca | |
parent | 767c7fc27cac2ecbb2d8248369c0b93d8901f30f (diff) | |
download | openssh-git-5a7613186bb74394912b179689190f439bfbba27.tar.gz |
- (djm) Move PAM init to after fork for non-Solaris derived PAMs
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | session.c | 13 |
2 files changed, 12 insertions, 4 deletions
@@ -11,6 +11,7 @@ <markm@swoon.net> - (djm) Search for -lcrypt on FreeBSD too - (djm) fatal() on OpenSSL version mismatch + - (djm) Move PAM init to after fork for non-Solaris derived PAMs 20010226 - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again. @@ -4145,4 +4146,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.830 2001/02/26 22:20:57 djm Exp $ +$Id: ChangeLog,v 1.831 2001/02/26 22:28:23 djm Exp $ @@ -487,7 +487,8 @@ do_exec_no_pty(Session *s, const char *command, struct passwd * pw) session_proctitle(s); -#ifdef USE_PAM +#if defined(USE_PAM) && defined(PAM_SUN_CODEBASE) + /* Solaris-derived PAMs don't like doing this after the fork() */ do_pam_setcred(); #endif /* USE_PAM */ @@ -603,10 +604,11 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw) ptyfd = s->ptyfd; ttyfd = s->ttyfd; -#ifdef USE_PAM +#if defined(USE_PAM) && defined(PAM_SUN_CODEBASE) + /* Solaris-derived PAMs don't like doing this after the fork() */ do_pam_session(pw->pw_name, s->tty); do_pam_setcred(); -#endif /* USE_PAM */ +#endif /* Fork the child. */ if ((pid = fork()) == 0) { @@ -1032,6 +1034,11 @@ do_child(const char *command, struct passwd * pw, const char *term, #endif /* WITH_IRIX_ARRAY */ #endif /* WITH_IRIX_JOBS */ +#if defined(USE_PAM) && !defined(PAM_SUN_CODEBASE) + /* Solaris-derived PAMs don't like doing this after the fork() */ + do_pam_session(pw->pw_name, s->tty); + do_pam_setcred(); +#endif /* login(1) is only called if we execute the login shell */ if (options.use_login && command != NULL) |