- Reorder PAM initialisation so it does not mess up lastlog. Reported

by Andre Lucas <andre.lucas@dial.pipex.com>

ChangeLog

@@ -1,6 +1,8 @@
 20000125
  - Fix NULL pointer dereference in login.c. Fix from Andre Lucas 
    <andre.lucas@dial.pipex.com>
+ - Reorder PAM initialisation so it does not mess up lastlog. Reported
+   by Andre Lucas <andre.lucas@dial.pipex.com>
 
 20000124
  - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number

sshd.c

@@ -1740,12 +1740,6 @@ do_authenticated(struct passwd * pw)
 
 			/* Indicate that we now have a pty. */
 			have_pty = 1;
-
-#ifdef USE_PAM
-			/* do the pam_open_session since we have the pty */
-			do_pam_session(pw->pw_name, ttyname);
-#endif /* USE_PAM */
-
 			break;
 
 		case SSH_CMSG_X11_REQUEST_FORWARDING:
@@ -1821,9 +1815,6 @@ do_authenticated(struct passwd * pw)
 			packet_set_interactive(have_pty || display != NULL,
 					       options.keepalives);
 
-#ifdef USE_PAM
-			do_pam_setcred();
-#endif /* USE_PAM */
 			if (forced_command != NULL)
 				goto do_forced_command;
 			debug("Forking shell.");
@@ -1839,9 +1830,6 @@ do_authenticated(struct passwd * pw)
 			packet_set_interactive(have_pty || display != NULL,
 					       options.keepalives);
 
-#ifdef USE_PAM
-			do_pam_setcred();
-#endif /* USE_PAM */
 			if (forced_command != NULL)
 				goto do_forced_command;
 			/* Get command from the packet. */
@@ -1929,6 +1917,10 @@ do_exec_no_pty(const char *command, struct passwd * pw,
 
 	setproctitle("%s@notty", pw->pw_name);
 
+#ifdef USE_PAM
+			do_pam_setcred();
+#endif /* USE_PAM */
+
 	/* Fork the child. */
 	if ((pid = fork()) == 0) {
 		/* Child.  Reinitialize the log since the pid has changed. */
@@ -2067,6 +2059,11 @@ do_exec_pty(const char *command, int ptyfd, int ttyfd,
 	}
 	setproctitle("%s@%s", pw->pw_name, strrchr(ttyname, '/') + 1);
 
+#ifdef USE_PAM
+			do_pam_session(pw->pw_name, ttyname);
+			do_pam_setcred();
+#endif /* USE_PAM */
+
 	/* Fork the child. */
 	if ((pid = fork()) == 0) {
 		pid = getpid();