diff options
| author | Damien Miller <djm@mindrot.org> | 2001-02-13 14:43:55 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2001-02-13 14:43:55 +0100 |
| commit | 3dfeee46d710c74f48919c827b2403dc7a63c591 (patch) | |
| tree | 9bf64743186cfc8ce0ece7084f29cb55b86655c6 /auth-pam.c | |
| parent | - (stevesk) auth1.c: fix PAM passwordless check. (diff) | |
| download | openssh-3dfeee46d710c74f48919c827b2403dc7a63c591.tar.xz openssh-3dfeee46d710c74f48919c827b2403dc7a63c591.zip | |
- (djm) Don't try to close PAM session or delete credentials if the
session has not been open or credentials not set. Based on patch from
Andrew Bartlett <abartlet@pcug.org.au>
Diffstat (limited to 'auth-pam.c')
| -rw-r--r-- | auth-pam.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/auth-pam.c b/auth-pam.c index 9e0467f56..cdaa97ed4 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -33,7 +33,7 @@ #include "canohost.h" #include "readpass.h" -RCSID("$Id: auth-pam.c,v 1.27 2001/02/11 11:39:19 djm Exp $"); +RCSID("$Id: auth-pam.c,v 1.28 2001/02/13 13:43:56 djm Exp $"); #define NEW_AUTHTOK_MSG \ "Warning: Your password has expired, please change it now" @@ -72,6 +72,10 @@ int do_pam_authenticate(int flags) return retval; } +/* Remember what has been initialised */ +static int session_opened = 0; +static int creds_set = 0; + /* * PAM conversation function. * There are two states this can run in. @@ -170,17 +174,21 @@ void pam_cleanup_proc(void *context) { int pam_retval; - if (pamh) { + if (pamh && session_opened) { pam_retval = pam_close_session(pamh, 0); if (pam_retval != PAM_SUCCESS) log("Cannot close PAM session[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); + } + if (pamh && creds_set) { pam_retval = pam_setcred(pamh, PAM_DELETE_CRED); if (pam_retval != PAM_SUCCESS) debug("Cannot delete credentials[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); + } + if (pamh) { pam_retval = pam_end(pamh, pam_retval); if (pam_retval != PAM_SUCCESS) log("Cannot release PAM authentication[%d]: %.200s", @@ -272,6 +280,7 @@ void do_pam_session(char *username, const char *ttyname) if (pam_retval != PAM_SUCCESS) fatal("PAM session setup failed[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); + session_opened = 1; } /* Set PAM credentials */ @@ -288,7 +297,8 @@ void do_pam_setcred(void) else debug("PAM setcred failed[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); - } + } else + creds_set = 1; } /* accessor function for file scope static variable */ |