diff --git a/ChangeLog b/ChangeLog index 5beed08e..04cd6789 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ * src/su.c: Also drop the controlling terminal when PAM is not used. * src/su.c: Remove run_shell(). + * src/su.c: After prepare_pam_close_session() there is no need to + close the session in the child. Added pam_setcred to + prepare_pam_close_session(). 2011-06-12 Nicolas François diff --git a/src/su.c b/src/su.c index 14483327..e0a2c6d8 100644 --- a/src/su.c +++ b/src/su.c @@ -376,11 +376,10 @@ static void prepare_pam_close_session (void) SYSLOG ((LOG_ERR, "pam_close_session: %s", pam_strerror (pamh, ret))); fprintf (stderr, _("%s: %s\n"), Prog, pam_strerror (pamh, ret)); - (void) pam_end (pamh, ret); - exit (1); } - ret = pam_end (pamh, PAM_SUCCESS); + (void) pam_setcred (pamh, PAM_DELETE_CRED); + (void) pam_end (pamh, PAM_SUCCESS); if (0 != caught) { (void) signal (SIGALRM, kill_child); @@ -1016,9 +1015,6 @@ int main (int argc, char **argv) /* become the new user */ if (change_uid (pw) != 0) { - pam_close_session (pamh, 0); - pam_setcred (pamh, PAM_DELETE_CRED); - (void) pam_end (pamh, PAM_ABORT); exit (1); } #else /* !USE_PAM */