Index: modules/mod_auth_pam.c
===================================================================
RCS file: /cvsroot/proftp/proftpd/modules/mod_auth_pam.c,v
retrieving revision 1.27
diff -u -r1.27 mod_auth_pam.c
--- modules/mod_auth_pam.c 26 Feb 2013 23:12:31 -0000 1.27
+++ modules/mod_auth_pam.c 16 Apr 2013 16:53:54 -0000
@@ -171,7 +171,7 @@
};
static void auth_pam_exit_ev(const void *event_data, void *user_data) {
- int pam_error = 0;
+ int pam_error = 0, disable_id_switching;
/* Sanity check.
*/
@@ -182,6 +182,16 @@
* friends.
*/
pr_signals_block();
+
+ /* If ID switching has been disabled, we need to re-enable it; some
+ * (spurious, IMHO) PAM errors can happen if pam_close_session(3) is called
+ * without proper root privs (Bug#3929).
+ */
+ disable_id_switching = session.disable_id_switching;
+ if (disable_id_switching) {
+ session.disable_id_switching = FALSE;
+ }
+
PRIVS_ROOT
/* Give up our credentials, close our session, and finally close out this
@@ -209,6 +219,12 @@
pamh = NULL;
#endif
+ PRIVS_RELINQUISH
+ pr_signals_unblock();
+
+ /* Restore any "ID switching disabled" setting. */
+ session.disable_id_switching = disable_id_switching;
+
if (pam_user != NULL) {
memset(pam_user, '\0', pam_user_len);
free(pam_user);
@@ -216,8 +232,6 @@
pam_user_len = 0;
}
- PRIVS_RELINQUISH
- pr_signals_unblock();
}
MODRET pam_auth(cmd_rec *cmd) {