- (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move

pam_open_session and pam_close_session into the privsep monitor, which will ensure that pam_session_close is called as root. Patch from Tomas Mraz.
author: Darren Tucker <dtucker@zip.com.au> 2008-03-11 12:58:25 +0100
committer: Darren Tucker <dtucker@zip.com.au> 2008-03-11 12:58:25 +0100
commit: 52358d6df32d9ae923572c43a58159d84b673631 (patch)
tree: 83261a70dd007f2af900e1b22884c75b703f8b37 /sshd.c
parent: - (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch (diff)
download: openssh-52358d6df32d9ae923572c43a58159d84b673631.tar.xz
openssh-52358d6df32d9ae923572c43a58159d84b673631.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/sshd.c b/sshd.c
index 5ea87f0f9..5dfc2b185 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1847,6 +1847,20 @@ main(int ac, char **av)
 	audit_event(SSH_AUTH_SUCCESS);
 #endif
 
+#ifdef GSSAPI
+	if (options.gss_authentication) {
+		temporarily_use_uid(authctxt->pw);
+		ssh_gssapi_storecreds();
+		restore_uid();
+	}
+#endif
+#ifdef USE_PAM
+	if (options.use_pam) {
+		do_pam_setcred(1);
+		do_pam_session();
+	}
+#endif
+
 	/*
 	 * In privilege separation, we fork another child and prepare
 	 * file descriptor passing.
author	Darren Tucker <dtucker@zip.com.au>	2008-03-11 12:58:25 +0100
committer	Darren Tucker <dtucker@zip.com.au>	2008-03-11 12:58:25 +0100
commit	52358d6df32d9ae923572c43a58159d84b673631 (patch)
tree	83261a70dd007f2af900e1b22884c75b703f8b37 /sshd.c
parent	- (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch (diff)
download	openssh-52358d6df32d9ae923572c43a58159d84b673631.tar.xz openssh-52358d6df32d9ae923572c43a58159d84b673631.zip