closing session in case of pam auth failed

Denys Vlasenko vda.linux at googlemail.com
Tue Jan 22 09:03:10 UTC 2019


‪On Tue, Jan 22, 2019 at 8:04 AM ‫אלכסיי סיליוק‬‎
<alex.silyuk at gmail.com> wrote:‬
>
> Hello, i faced that if PAM and CHILD_PROCCESS for login enabled, in case of authorithation failure, session not closed.
> i am added next to my code, may be it will be usable for somebody in future.
> i added F_PAM(login_pam_end(pamh);) inside pam_auth_failed block to force session closing
>
>
> @@ -470,8 +470,9 @@ int login_main(int argc UNUSED_PARAM, char **argv)
>   pam_auth_failed:
>                 /* syslog, because we don't want potential attacker
>                  * to know _why_ login failed */
> -               syslog(LOG_WARNING, "pam_%s call failed: %s (%d)", failed_msg,
> +               syslog(LOG_WARNING, "%s (%d)",
>                                         pam_strerror(pamh, pamret), pamret);
> +               F_PAM(login_pam_end(pamh);)

What is F_PAM() ?


>                 safe_strncpy(username, "UNKNOWN", sizeof(username));
>  #else /* not PAM */


More information about the busybox mailing list