From: dtucker <dtucker>
Date: Mon, 13 Aug 2007 13:11:56 +0000 (+0000)
Subject:  - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always
X-Git-Tag: V_4_7_P1~15
X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/commitdiff_plain/265edd5eb51e18318ac3d20543affe924e3c2929

 - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always
   called with PAM_ESTABLISH_CRED at least once, which resolves a problem
   with pam_dhkeys.  Patch from David Leonard, ok djm@
---

diff --git a/ChangeLog b/ChangeLog
index a642a00e..a99a6af2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+20070813
+ - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always
+   called with PAM_ESTABLISH_CRED at least once, which resolves a problem
+   with pam_dhkeys.  Patch from David Leonard, ok djm@
+
 20070810
  - (dtucker) [auth-pam.c] Use sigdie here too.  ok djm@
  - (dtucker) [configure.ac] Bug #1343: Set DISABLE_FD_PASSING for QNX6. From 
diff --git a/session.c b/session.c
index 32e592ad..8c09c17c 100644
--- a/session.c
+++ b/session.c
@@ -1310,7 +1310,7 @@ do_setusercontext(struct passwd *pw)
 # ifdef USE_PAM
 		if (options.use_pam) {
 			do_pam_session();
-			do_pam_setcred(0);
+			do_pam_setcred(use_privsep);
 		}
 # endif /* USE_PAM */
 		if (setusercontext(lc, pw, pw->pw_uid,
@@ -1352,7 +1352,7 @@ do_setusercontext(struct passwd *pw)
 		 */
 		if (options.use_pam) {
 			do_pam_session();
-			do_pam_setcred(0);
+			do_pam_setcred(use_privsep);
 		}
 # endif /* USE_PAM */
 # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)