Release new patch today.

[gssapi-openssh.git] / openssh / session.c

diff --git a/openssh/session.c b/openssh/session.c
index 750a3196d569339523afad1d6ff39ebe094e8820..c9b9552c8ff869c007d42c5041ae186ac06f7884 100644 (file)
--- a/openssh/session.c
+++ b/openssh/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.219 2006/08/29 10:40:19 djm Exp $ */
+/* $OpenBSD: session.c,v 1.221 2007/01/21 01:41:54 stevesk Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -369,8 +369,8 @@ do_authenticated1(Authctxt *authctxt)
                        }
                        debug("Received TCP/IP port forwarding request.");
                        if (channel_input_port_forward_request(s->pw->pw_uid == 0,
-                options.gateway_ports,
-                options.hpn_disabled, options.hpn_buffer_size) < 0) {
+                             options.gateway_ports, options.hpn_disabled,
+                              options.hpn_buffer_size) < 0) {
                                debug("Port forwarding failed.");
                                break;
                        }
@@ -1480,7 +1480,7 @@ do_setusercontext(struct passwd *pw)
 # ifdef USE_PAM
                if (options.use_pam) {
                        do_pam_session();
-                       do_pam_setcred(0);
+                       do_pam_setcred(use_privsep);
                }
 # endif /* USE_PAM */
                if (setusercontext(lc, pw, pw->pw_uid,
@@ -1522,7 +1522,7 @@ do_setusercontext(struct passwd *pw)
                 */
                if (options.use_pam) {
                        do_pam_session();
-                       do_pam_setcred(0);
+                       do_pam_setcred(use_privsep);
                }
 # endif /* USE_PAM */
 # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
@@ -1531,11 +1531,11 @@ do_setusercontext(struct passwd *pw)
 # ifdef _AIX
                aix_usrinfo(pw);
 # endif /* _AIX */
-#if defined(HAVE_LIBIAF)  &&  !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
                if (set_id(pw->pw_name) != 0) {
                        exit(1);
                }
-#endif /* HAVE_LIBIAF  && !BROKEN_LIBIAF */
+#endif /* USE_LIBIAF */
                /* Permanently switch to the desired uid. */
                permanently_set_uid(pw);
 #endif
@@ -2244,7 +2244,7 @@ session_input_channel_req(Channel *c, const char *rtype)
                } else if (strcmp(rtype, "exec") == 0) {
                        success = session_exec_req(s);
                } else if (strcmp(rtype, "pty-req") == 0) {
-                       success =  session_pty_req(s);
+                       success = session_pty_req(s);
                } else if (strcmp(rtype, "x11-req") == 0) {
                        success = session_x11_req(s);
                } else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) {
@@ -2376,7 +2376,7 @@ session_close_single_x11(int id, void *arg)
 
        debug3("session_close_single_x11: channel %d", id);
        channel_cancel_cleanup(id);
-       if ((s  = session_by_x11_channel(id)) == NULL)
+       if ((s = session_by_x11_channel(id)) == NULL)
                fatal("session_close_single_x11: no x11 channel %d", id);
        for (i = 0; s->x11_chanids[i] != -1; i++) {
                debug("session_close_single_x11: session %d: "
@@ -2703,8 +2703,19 @@ do_cleanup(Authctxt *authctxt)
                return;
        called = 1;
 
-       if (authctxt == NULL || !authctxt->authenticated)
+       if (authctxt == NULL)
+               return;
+
+#ifdef USE_PAM
+       if (options.use_pam) {
+               sshpam_cleanup();
+               sshpam_thread_cleanup();
+       }
+#endif
+
+       if (!authctxt->authenticated)
                return;
+
 #ifdef KRB5
        if (options.kerberos_ticket_cleanup &&
            authctxt->krb5_ctx)
@@ -2716,13 +2727,6 @@ do_cleanup(Authctxt *authctxt)
                ssh_gssapi_cleanup_creds();
 #endif
 
-#ifdef USE_PAM
-       if (options.use_pam) {
-               sshpam_cleanup();
-               sshpam_thread_cleanup();
-       }
-#endif
-
        /* remove agent socket */
        auth_sock_cleanup_proc(authctxt->pw);