closing session in case of pam auth failed
Xabier Oneca -- xOneca
xoneca at gmail.com
Tue Jan 22 07:32:10 UTC 2019
Hi Alex,
El mar., 22 ene. 2019 a las 8:04, אלכסיי סיליוק
(<alex.silyuk at gmail.com>) escribió:
>
> Hello, i faced that if PAM and CHILD_PROCCESS for login enabled, in case of authorithation failure, session not closed.
> i am added next to my code, may be it will be usable for somebody in future.
> i added F_PAM(login_pam_end(pamh);) inside pam_auth_failed block to force session closing
Did you mean IF_PAM?
> @@ -470,8 +470,9 @@ int login_main(int argc UNUSED_PARAM, char **argv)
> pam_auth_failed:
> /* syslog, because we don't want potential attacker
> * to know _why_ login failed */
> - syslog(LOG_WARNING, "pam_%s call failed: %s (%d)", failed_msg,
> + syslog(LOG_WARNING, "%s (%d)",
> pam_strerror(pamh, pamret), pamret);
> + F_PAM(login_pam_end(pamh);)
> safe_strncpy(username, "UNKNOWN", sizeof(username));
> #else /* not PAM */
> pw = getpwnam(username);
>
> thanks
Cheers,
Xabier Oneca_,,_
More information about the busybox
mailing list