diff options
Diffstat (limited to 'auth-pam.c')
-rw-r--r-- | auth-pam.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/auth-pam.c b/auth-pam.c index 9e0467f56..cdaa97ed4 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -33,7 +33,7 @@ | |||
33 | #include "canohost.h" | 33 | #include "canohost.h" |
34 | #include "readpass.h" | 34 | #include "readpass.h" |
35 | 35 | ||
36 | RCSID("$Id: auth-pam.c,v 1.27 2001/02/11 11:39:19 djm Exp $"); | 36 | RCSID("$Id: auth-pam.c,v 1.28 2001/02/13 13:43:56 djm Exp $"); |
37 | 37 | ||
38 | #define NEW_AUTHTOK_MSG \ | 38 | #define NEW_AUTHTOK_MSG \ |
39 | "Warning: Your password has expired, please change it now" | 39 | "Warning: Your password has expired, please change it now" |
@@ -72,6 +72,10 @@ int do_pam_authenticate(int flags) | |||
72 | return retval; | 72 | return retval; |
73 | } | 73 | } |
74 | 74 | ||
75 | /* Remember what has been initialised */ | ||
76 | static int session_opened = 0; | ||
77 | static int creds_set = 0; | ||
78 | |||
75 | /* | 79 | /* |
76 | * PAM conversation function. | 80 | * PAM conversation function. |
77 | * There are two states this can run in. | 81 | * There are two states this can run in. |
@@ -170,17 +174,21 @@ void pam_cleanup_proc(void *context) | |||
170 | { | 174 | { |
171 | int pam_retval; | 175 | int pam_retval; |
172 | 176 | ||
173 | if (pamh) { | 177 | if (pamh && session_opened) { |
174 | pam_retval = pam_close_session(pamh, 0); | 178 | pam_retval = pam_close_session(pamh, 0); |
175 | if (pam_retval != PAM_SUCCESS) | 179 | if (pam_retval != PAM_SUCCESS) |
176 | log("Cannot close PAM session[%d]: %.200s", | 180 | log("Cannot close PAM session[%d]: %.200s", |
177 | pam_retval, PAM_STRERROR(pamh, pam_retval)); | 181 | pam_retval, PAM_STRERROR(pamh, pam_retval)); |
182 | } | ||
178 | 183 | ||
184 | if (pamh && creds_set) { | ||
179 | pam_retval = pam_setcred(pamh, PAM_DELETE_CRED); | 185 | pam_retval = pam_setcred(pamh, PAM_DELETE_CRED); |
180 | if (pam_retval != PAM_SUCCESS) | 186 | if (pam_retval != PAM_SUCCESS) |
181 | debug("Cannot delete credentials[%d]: %.200s", | 187 | debug("Cannot delete credentials[%d]: %.200s", |
182 | pam_retval, PAM_STRERROR(pamh, pam_retval)); | 188 | pam_retval, PAM_STRERROR(pamh, pam_retval)); |
189 | } | ||
183 | 190 | ||
191 | if (pamh) { | ||
184 | pam_retval = pam_end(pamh, pam_retval); | 192 | pam_retval = pam_end(pamh, pam_retval); |
185 | if (pam_retval != PAM_SUCCESS) | 193 | if (pam_retval != PAM_SUCCESS) |
186 | log("Cannot release PAM authentication[%d]: %.200s", | 194 | log("Cannot release PAM authentication[%d]: %.200s", |
@@ -272,6 +280,7 @@ void do_pam_session(char *username, const char *ttyname) | |||
272 | if (pam_retval != PAM_SUCCESS) | 280 | if (pam_retval != PAM_SUCCESS) |
273 | fatal("PAM session setup failed[%d]: %.200s", | 281 | fatal("PAM session setup failed[%d]: %.200s", |
274 | pam_retval, PAM_STRERROR(pamh, pam_retval)); | 282 | pam_retval, PAM_STRERROR(pamh, pam_retval)); |
283 | session_opened = 1; | ||
275 | } | 284 | } |
276 | 285 | ||
277 | /* Set PAM credentials */ | 286 | /* Set PAM credentials */ |
@@ -288,7 +297,8 @@ void do_pam_setcred(void) | |||
288 | else | 297 | else |
289 | debug("PAM setcred failed[%d]: %.200s", | 298 | debug("PAM setcred failed[%d]: %.200s", |
290 | pam_retval, PAM_STRERROR(pamh, pam_retval)); | 299 | pam_retval, PAM_STRERROR(pamh, pam_retval)); |
291 | } | 300 | } else |
301 | creds_set = 1; | ||
292 | } | 302 | } |
293 | 303 | ||
294 | /* accessor function for file scope static variable */ | 304 | /* accessor function for file scope static variable */ |