Call pam_end() after fork in child code path

This conforms to PAM documentation and it is needed to support
ambient capabilities with PAM + libcap-2.58+.

Signed-off-by: Björn Fischer <bf@CeBiTec.Uni-Bielefeld.DE>

diff --git a/src/login.c b/src/login.c
index 7ec2401e207da56b94f3ca2eddb980134213ccf4..5fbbc6140c3a66f49a5facf412716d159e70ed2a 100644 (file)
--- a/src/login.c
+++ b/src/login.c
@@ -1288,6 +1288,7 @@ int main (int argc, char **argv)
                        env++;
                }
        }
+       (void) pam_end (pamh, PAM_SUCCESS | PAM_DATA_SILENT);
 #endif
 
        (void) setlocale (LC_ALL, "");

diff --git a/src/su.c b/src/su.c
index 04011afa4d8ae045c2e5fc11e116a4e45e5bacfe..55ca80d2d15f675ce7766becf7e0ea4e3957eeb9 100644 (file)
--- a/src/su.c
+++ b/src/su.c
@@ -1156,12 +1156,9 @@ int main (int argc, char **argv)
                }
        }
 
-       /*
-        * PAM_DATA_SILENT is not supported by some modules, and
-        * there is no strong need to clean up the process space's
-        * memory since we will either call exec or exit.
-       pam_end (pamh, PAM_SUCCESS | PAM_DATA_SILENT);
-        */
+#ifdef USE_PAM
+       (void) pam_end (pamh, PAM_SUCCESS | PAM_DATA_SILENT);
+#endif
 
        endpwent ();
        endspent ();