closing session in case of pam auth failed
אלכסיי סיליוק
alex.silyuk at gmail.com
Tue Jan 22 07:03:51 UTC 2019
Hello, i faced that if PAM and CHILD_PROCCESS for login enabled, in case of
authorithation failure, session not closed.
i am added next to my code, may be it will be usable for somebody in future.
i added F_PAM(login_pam_end(pamh);) inside pam_auth_failed block to force
session closing
@@ -470,8 +470,9 @@ int login_main(int argc UNUSED_PARAM, char **argv)
pam_auth_failed:
/* syslog, because we don't want potential attacker
* to know _why_ login failed */
- syslog(LOG_WARNING, "pam_%s call failed: %s (%d)",
failed_msg,
+ syslog(LOG_WARNING, "%s (%d)",
pam_strerror(pamh, pamret), pamret);
+ F_PAM(login_pam_end(pamh);)
safe_strncpy(username, "UNKNOWN", sizeof(username));
#else /* not PAM */
pw = getpwnam(username);
thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20190122/1b60ecbc/attachment.html>
More information about the busybox
mailing list