[prev in list] [next in list] [prev in thread] [next in thread] 

List:       busybox
Subject:    Re: closing session in case of pam auth failed
From:       Denys Vlasenko <vda.linux () googlemail ! com>
Date:       2019-01-22 16:00:54
Message-ID: CAK1hOcO4CX17y9eMK8VQ9x5AjJ6k3Vy+xQdG5QALTR7d56GOhA () mail ! gmail ! com
[Download RAW message or body]

Applied, thanks

‪On Tue, Jan 22, 2019 at 8:04 AM ‫אלכסיי סיליוק‬‎
<alex.silyuk@gmail.com> wrote:‬
> 
> Hello, i faced that if PAM and CHILD_PROCCESS for login enabled, in case of \
> authorithation failure, session not closed. i am added next to my code, may be it \
> will be usable for somebody in future. i added F_PAM(login_pam_end(pamh);) inside \
> pam_auth_failed block to force session closing 
> 
> @@ -470,8 +470,9 @@ int login_main(int argc UNUSED_PARAM, char **argv)
> pam_auth_failed:
> /* syslog, because we don't want potential attacker
> * to know _why_ login failed */
> -               syslog(LOG_WARNING, "pam_%s call failed: %s (%d)", failed_msg,
> +               syslog(LOG_WARNING, "%s (%d)",
> pam_strerror(pamh, pamret), pamret);
> +               F_PAM(login_pam_end(pamh);)
> safe_strncpy(username, "UNKNOWN", sizeof(username));
> #else /* not PAM */
> pw = getpwnam(username);
> 
> thanks
> _______________________________________________
> busybox mailing list
> busybox@busybox.net
> http://lists.busybox.net/mailman/listinfo/busybox
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox


[prev in list] [next in list] [prev in thread] [next in thread]