- tedu@cvs.openbsd.org 2010/01/17 21:49:09

[openssh.git] / auth-pam.c

diff --git a/auth-pam.c b/auth-pam.c
index a07f1fe77d86e7290209ffcbf8346bf97b9786a2..675006e6fb25cbb7f48bb8115b8d32cb2897c2d8 100644 (file)
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -598,18 +598,20 @@ static struct pam_conv store_conv = { sshpam_store_conv, NULL };
 void
 sshpam_cleanup(void)
 {
-       debug("PAM: cleanup");
-       if (sshpam_handle == NULL)
+       if (sshpam_handle == NULL || (use_privsep && !mm_is_monitor()))
                return;
+       debug("PAM: cleanup");
        pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
-       if (sshpam_cred_established) {
-               pam_setcred(sshpam_handle, PAM_DELETE_CRED);
-               sshpam_cred_established = 0;
-       }
        if (sshpam_session_open) {
+               debug("PAM: closing session");
                pam_close_session(sshpam_handle, PAM_SILENT);
                sshpam_session_open = 0;
        }
+       if (sshpam_cred_established) {
+               debug("PAM: deleting credentials");
+               pam_setcred(sshpam_handle, PAM_DELETE_CRED);
+               sshpam_cred_established = 0;
+       }
        sshpam_authenticated = 0;
        pam_end(sshpam_handle, sshpam_err);
        sshpam_handle = NULL;