closing session in case of pam auth failed

אלכסיי סיליוק alex.silyuk at
Tue Jan 22 07:03:51 UTC 2019

Hello, i faced that if PAM and CHILD_PROCCESS for login enabled, in case of
authorithation failure, session not closed.
i am added next to my code, may be it will be usable for somebody in future.
i added F_PAM(login_pam_end(pamh);) inside pam_auth_failed block to force
session closing

@@ -470,8 +470,9 @@ int login_main(int argc UNUSED_PARAM, char **argv)
                /* syslog, because we don't want potential attacker
                 * to know _why_ login failed */
-               syslog(LOG_WARNING, "pam_%s call failed: %s (%d)",
+               syslog(LOG_WARNING, "%s (%d)",
                                        pam_strerror(pamh, pamret), pamret);
+               F_PAM(login_pam_end(pamh);)
                safe_strncpy(username, "UNKNOWN", sizeof(username));
 #else /* not PAM */
                pw = getpwnam(username);

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the busybox mailing list