From: dtucker <dtucker>
Date: Sat, 16 Jul 2005 01:33:06 +0000 (+0000)
Subject:  - (dtucker) [auth-pam.c] Ensure that only one side of the authentication
X-Git-Tag: V_4_2_P1~41
X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/commitdiff_plain/5d001c7013c018b06d184ab5d124f91ee6daf11c

 - (dtucker) [auth-pam.c] Ensure that only one side of the authentication
   socketpair stays open on in both the monitor and PAM process.  Patch from
   Joerg Sonnenberger.
---

diff --git a/ChangeLog b/ChangeLog
index e3ae468d..8dfa0c07 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+20050716
+ - (dtucker) [auth-pam.c] Ensure that only one side of the authentication
+   socketpair stays open on in both the monitor and PAM process.  Patch from
+   Joerg Sonnenberger.
+
 20050714
  - (dtucker) OpenBSD CVS Sync
    - dtucker@cvs.openbsd.org 2005/07/06 09:33:05
diff --git a/auth-pam.c b/auth-pam.c
index d25cff37..29dd2c97 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -157,6 +157,7 @@ pthread_create(sp_pthread_t *thread, const void *attr __unused,
     void *(*thread_start)(void *), void *arg)
 {
 	pid_t pid;
+	struct pam_ctxt *ctx = arg;
 
 	sshpam_thread_status = -1;
 	switch ((pid = fork())) {
@@ -164,10 +165,14 @@ pthread_create(sp_pthread_t *thread, const void *attr __unused,
 		error("fork(): %s", strerror(errno));
 		return (-1);
 	case 0:
+		close(ctx->pam_psock);
+		ctx->pam_psock = -1;
 		thread_start(arg);
 		_exit(1);
 	default:
 		*thread = pid;
+		close(ctx->pam_csock);
+		ctx->pam_csock = -1;
 		sshpam_oldsig = signal(SIGCHLD, sshpam_sigchld_handler);
 		return (0);
 	}