- (djm) Move PAM session initialisation until after fork in sshd. Patch

from Nalin Dahyabhai <nalin@redhat.com>

ChangeLog

@@ -2,6 +2,8 @@
  - (djm) Don't try to close PAM session or delete credentials if the
    session has not been open or credentials not set. Based on patch from 
    Andrew Bartlett <abartlet@pcug.org.au>
+ - (djm) Move PAM session initialisation until after fork in sshd. Patch 
+   from Nalin Dahyabhai <nalin@redhat.com>
 
 20010213
  - (djm) Only test -S potential EGD sockets if they exist and are readable.
@@ -3918,4 +3920,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.755 2001/02/13 13:43:55 djm Exp $
+$Id: ChangeLog,v 1.756 2001/02/13 13:45:51 djm Exp $

session.c

@@ -484,10 +484,6 @@ do_exec_no_pty(Session *s, const char *command, struct passwd * pw)
 
 	session_proctitle(s);
 
-#ifdef USE_PAM
-			do_pam_setcred();
-#endif /* USE_PAM */
-
 	/* Fork the child. */
 	if ((pid = fork()) == 0) {
 		/* Child.  Reinitialize the log since the pid has changed. */
@@ -600,11 +596,6 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw)
 	ptyfd = s->ptyfd;
 	ttyfd = s->ttyfd;
 
-#ifdef USE_PAM
-			do_pam_session(pw->pw_name, s->tty);
-			do_pam_setcred();
-#endif /* USE_PAM */
-
 	/* Fork the child. */
 	if ((pid = fork()) == 0) {
 		/* Child.  Reinitialize the log because the pid has changed. */
@@ -1156,6 +1147,11 @@ do_child(const char *command, struct passwd * pw, const char *term,
 	shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
 #endif
 
+#ifdef USE_PAM
+	do_pam_session(pw->pw_name, ttyname);
+	do_pam_setcred();
+#endif /* USE_PAM */
+
 #ifdef AFS
 	/* Try to get AFS tokens for the local cell. */
 	if (k_hasafs()) {