End PAM session if we don't run a child process otherwise some PAM modules may leak...

author Robert Ancell <robert.ancell@canonical.com>

Sun, 23 Mar 2014 21:30:20 +0000 (10:30 +1300)

committer Robert Ancell <robert.ancell@canonical.com>

Sun, 23 Mar 2014 21:30:20 +0000 (10:30 +1300)
author Robert Ancell <robert.ancell@canonical.com>
Sun, 23 Mar 2014 21:30:20 +0000 (10:30 +1300)
committer Robert Ancell <robert.ancell@canonical.com>
Sun, 23 Mar 2014 21:30:20 +0000 (10:30 +1300)
diff --git a/src/session-child.c b/src/session-child.c

index 8358c0394be07a249ddead986075a8d51b37f07a..a4c161d8333308003aec7d3c9f3855daa6f6aa6e 100644 (file)
--- a/src/session-child.c
+++ b/src/session-child.c
@@ -353,7 +353,10 @@ session_child_run (int argc, char **argv)
  
          /* See what user we ended up as */
          if (pam_get_item (pam_handle, PAM_USER, (const void **) &new_username) != PAM_SUCCESS)
+        {
+            pam_end (pam_handle, 0);
              return EXIT_FAILURE;
+        }
          g_free (username);
          username = g_strdup (new_username);
  
@@ -438,12 +441,16 @@ session_child_run (int argc, char **argv)
      if (!username)
      {
          g_printerr ("No user selected during authentication\n");
+        pam_end (pam_handle, 0);
          return EXIT_FAILURE;
      }
  
      /* Stop if we didn't authenticated */
      if (authentication_result != PAM_SUCCESS)
+    {
+        pam_end (pam_handle, 0);
          return EXIT_FAILURE;
+    }
  
      /* Get the command to run (blocks) */
      log_filename = read_string ();
@@ -506,6 +513,7 @@ session_child_run (int argc, char **argv)
      if (result != PAM_SUCCESS)
      {
          g_printerr ("Failed to establish PAM credentials: %s\n", pam_strerror (pam_handle, result));
+        pam_end (pam_handle, 0);
          return EXIT_FAILURE;
      }
       
@@ -514,6 +522,7 @@ session_child_run (int argc, char **argv)
      if (result != PAM_SUCCESS)
      {
          g_printerr ("Failed to open PAM session: %s\n", pam_strerror (pam_handle, result));
+        pam_end (pam_handle, 0);
          return EXIT_FAILURE;
      }
  
@@ -522,7 +531,10 @@ session_child_run (int argc, char **argv)
      if (error)
          g_printerr ("Unable to contact system bus: %s", error->message);
      if (!bus)
+    {
+        pam_end (pam_handle, 0);
          return EXIT_FAILURE;
+    }
  
      if (login1_is_running ())
      {
@@ -580,7 +592,10 @@ session_child_run (int argc, char **argv)
              g_printerr ("Error writing X authority: %s\n", error->message);
          g_clear_error (&error);
          if (!result)
+        {
+            pam_end (pam_handle, 0);
              return EXIT_FAILURE;
+        }
  
          value = g_strdup_printf ("XAUTHORITY=%s", x_authority_filename);
          pam_putenv (pam_handle, value);
author	Robert Ancell <robert.ancell@canonical.com>
	Sun, 23 Mar 2014 21:30:20 +0000 (10:30 +1300)
committer	Robert Ancell <robert.ancell@canonical.com>
	Sun, 23 Mar 2014 21:30:20 +0000 (10:30 +1300)