mirror of git://anongit.mindrot.org/openssh.git
- (djm) Don't try to close PAM session or delete credentials if the
session has not been open or credentials not set. Based on patch from Andrew Bartlett <abartlet@pcug.org.au>
This commit is contained in:
parent
bca8c8f3a1
commit
3dfeee46d7
|
@ -1,3 +1,8 @@
|
|||
20010214
|
||||
- (djm) Don't try to close PAM session or delete credentials if the
|
||||
session has not been open or credentials not set. Based on patch from
|
||||
Andrew Bartlett <abartlet@pcug.org.au>
|
||||
|
||||
20010213
|
||||
- (djm) Only test -S potential EGD sockets if they exist and are readable.
|
||||
- (bal) Cleaned out bsd-snprintf.c. VARARGS have been banished and
|
||||
|
@ -3913,4 +3918,4 @@
|
|||
- Wrote replacements for strlcpy and mkdtemp
|
||||
- Released 1.0pre1
|
||||
|
||||
$Id: ChangeLog,v 1.754 2001/02/13 11:26:21 stevesk Exp $
|
||||
$Id: ChangeLog,v 1.755 2001/02/13 13:43:55 djm Exp $
|
||||
|
|
16
auth-pam.c
16
auth-pam.c
|
@ -33,7 +33,7 @@
|
|||
#include "canohost.h"
|
||||
#include "readpass.h"
|
||||
|
||||
RCSID("$Id: auth-pam.c,v 1.27 2001/02/11 11:39:19 djm Exp $");
|
||||
RCSID("$Id: auth-pam.c,v 1.28 2001/02/13 13:43:56 djm Exp $");
|
||||
|
||||
#define NEW_AUTHTOK_MSG \
|
||||
"Warning: Your password has expired, please change it now"
|
||||
|
@ -72,6 +72,10 @@ int do_pam_authenticate(int flags)
|
|||
return retval;
|
||||
}
|
||||
|
||||
/* Remember what has been initialised */
|
||||
static int session_opened = 0;
|
||||
static int creds_set = 0;
|
||||
|
||||
/*
|
||||
* PAM conversation function.
|
||||
* There are two states this can run in.
|
||||
|
@ -170,17 +174,21 @@ void pam_cleanup_proc(void *context)
|
|||
{
|
||||
int pam_retval;
|
||||
|
||||
if (pamh) {
|
||||
if (pamh && session_opened) {
|
||||
pam_retval = pam_close_session(pamh, 0);
|
||||
if (pam_retval != PAM_SUCCESS)
|
||||
log("Cannot close PAM session[%d]: %.200s",
|
||||
pam_retval, PAM_STRERROR(pamh, pam_retval));
|
||||
}
|
||||
|
||||
if (pamh && creds_set) {
|
||||
pam_retval = pam_setcred(pamh, PAM_DELETE_CRED);
|
||||
if (pam_retval != PAM_SUCCESS)
|
||||
debug("Cannot delete credentials[%d]: %.200s",
|
||||
pam_retval, PAM_STRERROR(pamh, pam_retval));
|
||||
}
|
||||
|
||||
if (pamh) {
|
||||
pam_retval = pam_end(pamh, pam_retval);
|
||||
if (pam_retval != PAM_SUCCESS)
|
||||
log("Cannot release PAM authentication[%d]: %.200s",
|
||||
|
@ -272,6 +280,7 @@ void do_pam_session(char *username, const char *ttyname)
|
|||
if (pam_retval != PAM_SUCCESS)
|
||||
fatal("PAM session setup failed[%d]: %.200s",
|
||||
pam_retval, PAM_STRERROR(pamh, pam_retval));
|
||||
session_opened = 1;
|
||||
}
|
||||
|
||||
/* Set PAM credentials */
|
||||
|
@ -288,7 +297,8 @@ void do_pam_setcred(void)
|
|||
else
|
||||
debug("PAM setcred failed[%d]: %.200s",
|
||||
pam_retval, PAM_STRERROR(pamh, pam_retval));
|
||||
}
|
||||
} else
|
||||
creds_set = 1;
|
||||
}
|
||||
|
||||
/* accessor function for file scope static variable */
|
||||
|
|
Loading…
Reference in New Issue