closing session in case of pam auth failed

Xabier Oneca -- xOneca xoneca at gmail.com
Tue Jan 22 07:32:10 UTC 2019


Hi Alex,

‪El mar., 22 ene. 2019 a las 8:04, ‫אלכסיי סיליוק‬‎
(<alex.silyuk at gmail.com>) escribió:‬
>
> Hello, i faced that if PAM and CHILD_PROCCESS for login enabled, in case of authorithation failure, session not closed.
> i am added next to my code, may be it will be usable for somebody in future.
> i added F_PAM(login_pam_end(pamh);) inside pam_auth_failed block to force session closing

Did you mean IF_PAM?

> @@ -470,8 +470,9 @@ int login_main(int argc UNUSED_PARAM, char **argv)
>   pam_auth_failed:
>                 /* syslog, because we don't want potential attacker
>                  * to know _why_ login failed */
> -               syslog(LOG_WARNING, "pam_%s call failed: %s (%d)", failed_msg,
> +               syslog(LOG_WARNING, "%s (%d)",
>                                         pam_strerror(pamh, pamret), pamret);
> +               F_PAM(login_pam_end(pamh);)
>                 safe_strncpy(username, "UNKNOWN", sizeof(username));
>  #else /* not PAM */
>                 pw = getpwnam(username);
>
> thanks

Cheers,

Xabier Oneca_,,_


More information about the busybox mailing list