Index: modules/mod_auth_pam.c

===================================================================

RCS file: /cvsroot/proftp/proftpd/modules/mod_auth_pam.c,v

retrieving revision 1.27

diff -u -r1.27 mod_auth_pam.c

--- modules/mod_auth_pam.c	26 Feb 2013 23:12:31 -0000	1.27

+++ modules/mod_auth_pam.c	16 Apr 2013 16:53:54 -0000

@@ -171,7 +171,7 @@

 };

 static void auth_pam_exit_ev(const void *event_data, void *user_data) {

-  int pam_error = 0;

+  int pam_error = 0, disable_id_switching;

   /* Sanity check.

    */

@@ -182,6 +182,16 @@

    * friends.

    */

   pr_signals_block();

+

+  /* If ID switching has been disabled, we need to re-enable it; some

+   * (spurious, IMHO) PAM errors can happen if pam_close_session(3) is called

+   * without proper root privs (Bug#3929).

+   */

+  disable_id_switching = session.disable_id_switching;

+  if (disable_id_switching) {

+    session.disable_id_switching = FALSE;

+  }

+

   PRIVS_ROOT

   /* Give up our credentials, close our session, and finally close out this

@@ -209,6 +219,12 @@

   pamh = NULL;

 #endif

+  PRIVS_RELINQUISH

+  pr_signals_unblock();

+

+  /* Restore any "ID switching disabled" setting. */

+  session.disable_id_switching = disable_id_switching;

+

   if (pam_user != NULL) {

     memset(pam_user, '\0', pam_user_len);

     free(pam_user);

@@ -216,8 +232,6 @@

     pam_user_len = 0;

   }

-  PRIVS_RELINQUISH

-  pr_signals_unblock();

 }

 MODRET pam_auth(cmd_rec *cmd) {