closing session in case of pam auth failed

[Denys Vlasenko]

Applied, thanks

‪On Tue, Jan 22, 2019 at 8:04 AM ‫אלכסיי סיליוק‬‎
<alex.silyuk at gmail.com> wrote:‬
>
> Hello, i faced that if PAM and CHILD_PROCCESS for login enabled, in case of authorithation failure, session not closed.
> i am added next to my code, may be it will be usable for somebody in future.
> i added F_PAM(login_pam_end(pamh);) inside pam_auth_failed block to force session closing
>
>
> @@ -470,8 +470,9 @@ int login_main(int argc UNUSED_PARAM, char **argv)
>   pam_auth_failed:
>                 /* syslog, because we don't want potential attacker
>                  * to know _why_ login failed */
> -               syslog(LOG_WARNING, "pam_%s call failed: %s (%d)", failed_msg,
> +               syslog(LOG_WARNING, "%s (%d)",
>                                         pam_strerror(pamh, pamret), pamret);
> +               F_PAM(login_pam_end(pamh);)
>                 safe_strncpy(username, "UNKNOWN", sizeof(username));
>  #else /* not PAM */
>                 pw = getpwnam(username);
>
> thanks
> _______________________________________________
> busybox mailing list
> busybox at busybox.net
> http://lists.busybox.net/mailman/listinfo/busybox