closing session in case of pam auth failed

אלכסיי סיליוק alex.silyuk at gmail.com
Tue Jan 22 07:03:51 UTC 2019


Hello, i faced that if PAM and CHILD_PROCCESS for login enabled, in case of
authorithation failure, session not closed.
i am added next to my code, may be it will be usable for somebody in future.
i added F_PAM(login_pam_end(pamh);) inside pam_auth_failed block to force
session closing


@@ -470,8 +470,9 @@ int login_main(int argc UNUSED_PARAM, char **argv)
  pam_auth_failed:
                /* syslog, because we don't want potential attacker
                 * to know _why_ login failed */
-               syslog(LOG_WARNING, "pam_%s call failed: %s (%d)",
failed_msg,
+               syslog(LOG_WARNING, "%s (%d)",
                                        pam_strerror(pamh, pamret), pamret);
+               F_PAM(login_pam_end(pamh);)
                safe_strncpy(username, "UNKNOWN", sizeof(username));
 #else /* not PAM */
                pw = getpwnam(username);

thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20190122/1b60ecbc/attachment.html>


More information about the busybox mailing list