* src/login.c: Open the PAM session before pam_setcred and before

initgroups. This is more consistent with rfc86.0.
This commit is contained in:
nekral-guest 2009-04-20 12:54:17 +00:00
parent 432faba3e1
commit c694843da5
2 changed files with 13 additions and 3 deletions

View File

@ -1,3 +1,8 @@
2009-04-20 Nicolas François <nicolas.francois@centraliens.net>
* src/login.c: Open the PAM session before pam_setcred and before
initgroups. This is more consistent with rfc86.0.
2009-04-20 Nicolas François <nicolas.francois@centraliens.net>
* src/login.c: Added helper functions get_pam_user() and

View File

@ -849,6 +849,11 @@ int main (int argc, char **argv)
}
PAM_FAIL_CHECK;
/* Open the PAM session */
get_pam_user (&pam_user);
retcode = pam_open_session (pamh, hushed (pam_user) ? PAM_SILENT : 0);
PAM_FAIL_CHECK;
/* Grab the user information out of the password file for future usage
* First get the username that we are actually using, though.
*
@ -880,9 +885,9 @@ int main (int argc, char **argv)
retcode = pam_setcred (pamh, PAM_ESTABLISH_CRED);
PAM_FAIL_CHECK;
retcode = pam_open_session (pamh, hushed (username) ? PAM_SILENT : 0);
PAM_FAIL_CHECK;
/* NOTE: If pam_setcred changes PAM_USER, this will not be taken
* into account.
*/
#else /* ! USE_PAM */
while (true) { /* repeatedly get login/password pairs */