About commit db5a6d: login: close PAM session on errors as well, not only on success

Xabier Oneca -- xOneca xoneca at gmail.com
Wed Jan 23 14:55:09 UTC 2019


Hi Denys,

> diff --git a/loginutils/login.c b/loginutils/login.c
> index 25bb5203b..4df651cc6 100644
> --- a/loginutils/login.c
> +++ b/loginutils/login.c
> @@ -245,7 +245,9 @@ static void login_pam_end(pam_handle_t *pamh)
> pam_strerror(pamh, pamret), pamret);
> }
> }
> -#endif /* ENABLE_PAM */
> +#else
> +# define login_pam_end(pamh) ((void)0)
> +#endif

You added this #else here, so...

> static void get_username_or_die(char *buf, int size_buf)
> {
> @@ -471,6 +473,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
> * to know _why_ login failed */
> syslog(LOG_WARNING, "pam_%s call failed: %s (%d)", failed_msg,
> pam_strerror(pamh, pamret), pamret);
> + login_pam_end(pamh);
> safe_strncpy(username, "UNKNOWN", sizeof(username));
> #else /* not PAM */
> pw = getpwnam(username);
> @@ -528,8 +531,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
> if (child_pid < 0)
> bb_perror_msg("vfork");
> else {
> - if (safe_waitpid(child_pid, NULL, 0) == -1)
> - bb_perror_msg("waitpid");
> + wait_for_exitstatus(child_pid);
> update_utmp_DEAD_PROCESS(child_pid);
> }
> IF_PAM(login_pam_end(pamh);)

...this IF_PAM can be removed, no?

Cheers,

Xabier Oneca_,,_


More information about the busybox mailing list