- (djm) Don't try to close PAM session or delete credentials if the

session has not been open or credentials not set. Based on patch from Andrew Bartlett <abartlet@pcug.org.au>
2001-02-14 00:43:55 +11:00 · 2001-02-14 00:43:55 +11:00 · 3dfeee46d7
parent bca8c8f3a1
commit 3dfeee46d7
2 changed files with 19 additions and 4 deletions
--- a/7
+++ b/7
@ -1,3 +1,8 @@
+20010214
+ - (djm) Don't try to close PAM session or delete credentials if the
+   session has not been open or credentials not set. Based on patch from 
+   Andrew Bartlett <abartlet@pcug.org.au>
+
 20010213
 - (djm) Only test -S potential EGD sockets if they exist and are readable.
 - (bal) Cleaned out bsd-snprintf.c.  VARARGS have been banished and
@ -3913,4 +3918,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1

-$Id: ChangeLog,v 1.754 2001/02/13 11:26:21 stevesk Exp $
+$Id: ChangeLog,v 1.755 2001/02/13 13:43:55 djm Exp $
--- a/auth-pam.c
+++ b/auth-pam.c
@ -33,7 +33,7 @@
 #include "canohost.h"
 #include "readpass.h"

-RCSID("$Id: auth-pam.c,v 1.27 2001/02/11 11:39:19 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.28 2001/02/13 13:43:56 djm Exp $");

 #define NEW_AUTHTOK_MSG \
 	"Warning: Your password has expired, please change it now"
@ -72,6 +72,10 @@ int do_pam_authenticate(int flags)
 	return retval;
 }

+/* Remember what has been initialised */
+static int session_opened = 0;
+static int creds_set = 0;
+
 /*
 * PAM conversation function.
 * There are two states this can run in.
@ -170,17 +174,21 @@ void pam_cleanup_proc(void *context)
 {
 	int pam_retval;

-	if (pamh) {
+	if (pamh && session_opened) {
 		pam_retval = pam_close_session(pamh, 0);
 		if (pam_retval != PAM_SUCCESS)
 			log("Cannot close PAM session[%d]: %.200s",
 			    pam_retval, PAM_STRERROR(pamh, pam_retval));
+	}

+	if (pamh && creds_set) {
 		pam_retval = pam_setcred(pamh, PAM_DELETE_CRED);
 		if (pam_retval != PAM_SUCCESS)
 			debug("Cannot delete credentials[%d]: %.200s", 
 			    pam_retval, PAM_STRERROR(pamh, pam_retval));
+	}

+	if (pamh) {
 		pam_retval = pam_end(pamh, pam_retval);
 		if (pam_retval != PAM_SUCCESS)
 			log("Cannot release PAM authentication[%d]: %.200s",
@ -272,6 +280,7 @@ void do_pam_session(char *username, const char *ttyname)
 	if (pam_retval != PAM_SUCCESS)
 		fatal("PAM session setup failed[%d]: %.200s",
 		    pam_retval, PAM_STRERROR(pamh, pam_retval));
+	session_opened = 1;
 }

 /* Set PAM credentials */
@ -288,7 +297,8 @@ void do_pam_setcred(void)
 		else
 			debug("PAM setcred failed[%d]: %.200s",
 			    pam_retval, PAM_STRERROR(pamh, pam_retval));
-	}
+	} else
+		creds_set = 1;
 }

 /* accessor function for file scope static variable */