From: Björn Fischer <bf@CeBiTec.Uni-Bielefeld.DE>
Date: Wed, 8 Sep 2021 13:03:36 +0000 (+0200)
Subject: Call pam_end() after fork in child code path
X-Git-Tag: 4.10~10^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6938bab42953510f8774a9ffb8f5db6692bd4504;p=thirdparty%2Fshadow.git

Call pam_end() after fork in child code path

This conforms to PAM documentation and it is needed to support
ambient capabilities with PAM + libcap-2.58+.

Signed-off-by: Björn Fischer <bf@CeBiTec.Uni-Bielefeld.DE>
---

diff --git a/src/login.c b/src/login.c
index 7ec2401e2..5fbbc6140 100644
--- a/src/login.c
+++ b/src/login.c
@@ -1288,6 +1288,7 @@ int main (int argc, char **argv)
 			env++;
 		}
 	}
+	(void) pam_end (pamh, PAM_SUCCESS | PAM_DATA_SILENT);
 #endif
 
 	(void) setlocale (LC_ALL, "");
diff --git a/src/su.c b/src/su.c
index 04011afa4..55ca80d2d 100644
--- a/src/su.c
+++ b/src/su.c
@@ -1156,12 +1156,9 @@ int main (int argc, char **argv)
 		}
 	}
 
-	/*
-	 * PAM_DATA_SILENT is not supported by some modules, and
-	 * there is no strong need to clean up the process space's
-	 * memory since we will either call exec or exit.
-	pam_end (pamh, PAM_SUCCESS | PAM_DATA_SILENT);
-	 */
+#ifdef USE_PAM
+	(void) pam_end (pamh, PAM_SUCCESS | PAM_DATA_SILENT);
+#endif
 
 	endpwent ();
 	endspent ();