Terminate the child before closing the PAM session.

	* src/su.c: Terminate the child (if needed) before closing the PAM
	session. This is probably more correct, and avoid reporting
	termination from signals possibly sent by PAM modules (e.g. former
	versions of pam_systemd). Debian#670132

2 files changed, 13 insertions, 8 deletions

diff --git a/ChangeLog b/ChangeLog
index 4d40562a..31251ac0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 2013-08-13  Nicolas François  <nicolas.francois@centraliens.net>
 
+	* src/su.c: Terminate the child (if needed) before closing the PAM
+	session. This is probably more correct, and avoid reporting
+	termination from signals possibly sent by PAM modules (e.g. former
+	versions of pam_systemd). Debian#670132
+
+2013-08-13  Nicolas François  <nicolas.francois@centraliens.net>
+
 	* src/su.c: When a SIGTSTP is caught, reset caught to 0. There is
 	no need to kill the child in such case after su is resumed. This
 	remove the "Session terminated, terminating shell...
diff --git a/src/su.c b/src/su.c
index 43f7dc4b..c02ea3ae 100644
--- a/src/su.c
+++ b/src/su.c
@@ -372,6 +372,12 @@ static void prepare_pam_close_session (void)
 		(void) fputs (_("Session terminated, terminating shell..."),
 		              stderr);
 		(void) kill (-pid_child, caught);
+
+		(void) signal (SIGALRM, kill_child);
+		(void) alarm (2);
+
+		(void) wait (&status);
+		(void) fputs (_(" ...terminated.\n"), stderr);
 	}
 
 	ret = pam_close_session (pamh, 0);
@@ -384,14 +390,6 @@ static void prepare_pam_close_session (void)
 	(void) pam_setcred (pamh, PAM_DELETE_CRED);
 	(void) pam_end (pamh, PAM_SUCCESS);
 
-	if (0 != caught) {
-		(void) signal (SIGALRM, kill_child);
-		(void) alarm (2);
-
-		(void) wait (&status);
-		(void) fputs (_(" ...terminated.\n"), stderr);
-	}
-
 	exit ((0 != WIFEXITED (status)) ? WEXITSTATUS (status)
 	                                : WTERMSIG (status) + 128);
 	/* Only the child returns. See above. */