diff options
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | auth-pam.c | 16 |
2 files changed, 19 insertions, 4 deletions
@@ -1,3 +1,8 @@ +20010214 + - (djm) Don't try to close PAM session or delete credentials if the + session has not been open or credentials not set. Based on patch from + Andrew Bartlett <abartlet@pcug.org.au> + 20010213 - (djm) Only test -S potential EGD sockets if they exist and are readable. - (bal) Cleaned out bsd-snprintf.c. VARARGS have been banished and @@ -3913,4 +3918,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.754 2001/02/13 11:26:21 stevesk Exp $ +$Id: ChangeLog,v 1.755 2001/02/13 13:43:55 djm Exp $ @@ -33,7 +33,7 @@ #include "canohost.h" #include "readpass.h" -RCSID("$Id: auth-pam.c,v 1.27 2001/02/11 11:39:19 djm Exp $"); +RCSID("$Id: auth-pam.c,v 1.28 2001/02/13 13:43:56 djm Exp $"); #define NEW_AUTHTOK_MSG \ "Warning: Your password has expired, please change it now" @@ -72,6 +72,10 @@ int do_pam_authenticate(int flags) return retval; } +/* Remember what has been initialised */ +static int session_opened = 0; +static int creds_set = 0; + /* * PAM conversation function. * There are two states this can run in. @@ -170,17 +174,21 @@ void pam_cleanup_proc(void *context) { int pam_retval; - if (pamh) { + if (pamh && session_opened) { pam_retval = pam_close_session(pamh, 0); if (pam_retval != PAM_SUCCESS) log("Cannot close PAM session[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); + } + if (pamh && creds_set) { pam_retval = pam_setcred(pamh, PAM_DELETE_CRED); if (pam_retval != PAM_SUCCESS) debug("Cannot delete credentials[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); + } + if (pamh) { pam_retval = pam_end(pamh, pam_retval); if (pam_retval != PAM_SUCCESS) log("Cannot release PAM authentication[%d]: %.200s", @@ -272,6 +280,7 @@ void do_pam_session(char *username, const char *ttyname) if (pam_retval != PAM_SUCCESS) fatal("PAM session setup failed[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); + session_opened = 1; } /* Set PAM credentials */ @@ -288,7 +297,8 @@ void do_pam_setcred(void) else debug("PAM setcred failed[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); - } + } else + creds_set = 1; } /* accessor function for file scope static variable */ |