Call pam_end() after fork in child code path

This conforms to PAM documentation and it is needed to support ambient capabilities with PAM + libcap-2.58+. Signed-off-by: Björn Fischer <bf@CeBiTec.Uni-Bielefeld.DE>
2021-09-08 15:03:36 +02:00 · 2021-09-08 15:03:36 +02:00 · 6938bab429
commit 6938bab429
parent 4624e9fca1
2 changed files with 4 additions and 6 deletions
--- a/src/login.c
+++ b/src/login.c
@ -1288,6 +1288,7 @@ int main (int argc, char **argv)
 			env++;
 		}
 	}
+	(void) pam_end (pamh, PAM_SUCCESS | PAM_DATA_SILENT);
 #endif

 	(void) setlocale (LC_ALL, "");
--- a/src/su.c
+++ b/src/su.c
@ -1156,12 +1156,9 @@ int main (int argc, char **argv)
 		}
 	}

-	/*
-	 * PAM_DATA_SILENT is not supported by some modules, and
-	 * there is no strong need to clean up the process space's
-	 * memory since we will either call exec or exit.
-	pam_end (pamh, PAM_SUCCESS | PAM_DATA_SILENT);
-	 */
+#ifdef USE_PAM
+	(void) pam_end (pamh, PAM_SUCCESS | PAM_DATA_SILENT);
+#endif

 	endpwent ();
 	endspent ();