summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog7
-rw-r--r--auth-pam.c16
2 files changed, 19 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 013a092b..20ebaa3c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+20010214
+ - (djm) Don't try to close PAM session or delete credentials if the
+ session has not been open or credentials not set. Based on patch from
+ Andrew Bartlett <abartlet@pcug.org.au>
+
20010213
- (djm) Only test -S potential EGD sockets if they exist and are readable.
- (bal) Cleaned out bsd-snprintf.c. VARARGS have been banished and
@@ -3913,4 +3918,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.754 2001/02/13 11:26:21 stevesk Exp $
+$Id: ChangeLog,v 1.755 2001/02/13 13:43:55 djm Exp $
diff --git a/auth-pam.c b/auth-pam.c
index 9e0467f5..cdaa97ed 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -33,7 +33,7 @@
#include "canohost.h"
#include "readpass.h"
-RCSID("$Id: auth-pam.c,v 1.27 2001/02/11 11:39:19 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.28 2001/02/13 13:43:56 djm Exp $");
#define NEW_AUTHTOK_MSG \
"Warning: Your password has expired, please change it now"
@@ -72,6 +72,10 @@ int do_pam_authenticate(int flags)
return retval;
}
+/* Remember what has been initialised */
+static int session_opened = 0;
+static int creds_set = 0;
+
/*
* PAM conversation function.
* There are two states this can run in.
@@ -170,17 +174,21 @@ void pam_cleanup_proc(void *context)
{
int pam_retval;
- if (pamh) {
+ if (pamh && session_opened) {
pam_retval = pam_close_session(pamh, 0);
if (pam_retval != PAM_SUCCESS)
log("Cannot close PAM session[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
+ }
+ if (pamh && creds_set) {
pam_retval = pam_setcred(pamh, PAM_DELETE_CRED);
if (pam_retval != PAM_SUCCESS)
debug("Cannot delete credentials[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
+ }
+ if (pamh) {
pam_retval = pam_end(pamh, pam_retval);
if (pam_retval != PAM_SUCCESS)
log("Cannot release PAM authentication[%d]: %.200s",
@@ -272,6 +280,7 @@ void do_pam_session(char *username, const char *ttyname)
if (pam_retval != PAM_SUCCESS)
fatal("PAM session setup failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
+ session_opened = 1;
}
/* Set PAM credentials */
@@ -288,7 +297,8 @@ void do_pam_setcred(void)
else
debug("PAM setcred failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
- }
+ } else
+ creds_set = 1;
}
/* accessor function for file scope static variable */
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-24 08:05:19 +0000