Exemple #1
0
void Authenticator::close_session(void) {
    switch((last_result=pam_close_session(pam_handle, 0))) {
    // The documentation and implementation of Linux PAM differs:
    // PAM_SESSION_ERROR is described in the documentation but
    // don't exists in the actual implementation. This issue needs
    // to be fixes at some point.

    default:
        //case PAM_SESSION_ERROR:
        pam_setcred(pam_handle, PAM_DELETE_CRED);
        _end();
        throw Exception(pam_handle, "pam_close_session", last_result);

    case PAM_SUCCESS:
        break;
    };
    switch((last_result=pam_setcred(pam_handle, PAM_DELETE_CRED))) {
    default:
    case PAM_CRED_ERR:
    case PAM_CRED_UNAVAIL:
    case PAM_CRED_EXPIRED:
    case PAM_USER_UNKNOWN:
        _end();
        throw Exception(pam_handle, "pam_setcred()", last_result);

    case PAM_SUCCESS:
        break;
    }
    return;
}
Exemple #2
0
void end_pam()
{
	if (pamh) {
		pam_close_session(pamh, 0);
		pam_end(pamh, 0);
	}
}
Exemple #3
0
 bool PamHandle::closeSession() {
     m_result = pam_close_session(m_handle, m_silent);
     if (m_result != PAM_SUCCESS) {
         qWarning() << "[PAM] closeSession:" << pam_strerror(m_handle, m_result);
     }
     return m_result == PAM_SUCCESS;
 }
Exemple #4
0
static void
quit(struct weston_launch *wl, int status)
{
	struct vt_mode mode = { 0 };
	int err;

	close(wl->signalfd);
	close(wl->sock[0]);

	if (wl->new_user) {
		err = pam_close_session(wl->ph, 0);
		if (err)
			fprintf(stderr, "pam_close_session failed: %d: %s\n",
				err, pam_strerror(wl->ph, err));
		pam_end(wl->ph, err);
	}

	if (ioctl(wl->tty, KDSKBMUTE, 0) &&
	    ioctl(wl->tty, KDSKBMODE, wl->kb_mode))
		fprintf(stderr, "failed to restore keyboard mode: %m\n");

	if (ioctl(wl->tty, KDSETMODE, KD_TEXT))
		fprintf(stderr, "failed to set KD_TEXT mode on tty: %m\n");

	mode.mode = VT_AUTO;
	if (ioctl(wl->tty, VT_SETMODE, &mode) < 0)
		fprintf(stderr, "could not reset vt handling\n");

	exit(status);
}
Exemple #5
0
static void sftppam_exit_ev(const void *event_data, void *user_data) {

  /* Close the PAM session */

  if (sftppam_pamh != NULL) {
    int res;

#ifdef PAM_CRED_DELETE
    res = pam_setcred(sftppam_pamh, PAM_CRED_DELETE);
#else
    res = pam_setcred(sftppam_pamh, PAM_DELETE_CRED);
#endif
    if (res != PAM_SUCCESS) {
      pr_trace_msg(trace_channel, 9, "PAM error setting PAM_DELETE_CRED: %s",
        pam_strerror(sftppam_pamh, res));
    }

    res = pam_close_session(sftppam_pamh, PAM_SILENT);
    pam_end(sftppam_pamh, res);
    sftppam_pamh = NULL;
  }

  if (sftppam_user != NULL) {
    free(sftppam_user);
    sftppam_user = NULL;
    sftppam_userlen = 0;
  }
}
Exemple #6
0
void terminate(pam_handle_t *pamh, struct command_info *cmd, int status)
{
	int retval;
	struct command_info *item;
	
	if ((retval = pam_close_session(pamh, 0)) != PAM_SUCCESS) {
		fprintf(stderr, "closing pam session error (%d)\n", retval);
		status = retval;
	}
	
	if ((retval = pam_end(pamh,retval)) != PAM_SUCCESS) {   
     		pamh = NULL;
        	fprintf(stderr, "release pam error (%d)\n", retval);
		status = retval;
    	}

	while ((item = cmd) != NULL) {
		F(item->cmd_file);
		F(item->salted_cmd);
		F(item->cmd);
		cmd = cmd->next;
		F(item);
	}		

	exit(status);
}
Exemple #7
0
void SessionExit(struct display *d, int status, int removeAuth)
{
#ifdef USE_PAM
	pam_handle_t *pamh = thepamh();
	if (pamh) {
		/* shutdown PAM session */
		if (pam_setcred(pamh, PAM_DELETE_CRED) != PAM_SUCCESS)
			WDMError("pam_setcred(DELETE_CRED) failed, errno=%d", errno);
		pam_close_session(pamh, 0);
		pam_end(pamh, PAM_SUCCESS);
		pamh = NULL;
	}
#endif

	/* make sure the server gets reset after the session is over */
	if (d->serverPid >= 2 && d->resetSignal)
		kill(d->serverPid, d->resetSignal);
	else
		ResetServer(d);
	if (removeAuth) {
		setgid(verify.gid);
		setuid(verify.uid);
		RemoveUserAuthorization(d, &verify);
	}
	WDMDebug("Display %s exiting with status %d\n", d->name, status);
	exit(status);
}
Exemple #8
0
void
pam_finish ()
{
        int             rc = 0;

	/* 
	 * Allow PAM to clean up its state by closing the user session and
	 * ending the association with PAM.
	 */

	if (!conf->use_pam)
		return;

        if (pam_h != NULL) {
		/*
		 * Log any errors, but there's no need to return a SLURM error.
		 */
                if ((rc = pam_close_session (pam_h, 0)) != PAM_SUCCESS) {
                        error("pam_close_session: %s", pam_strerror(pam_h, rc));
                }
                if ((rc = pam_setcred (pam_h, PAM_DELETE_CRED)) != PAM_SUCCESS){
                        error("pam_setcred DELETE: %s", pam_strerror(pam_h,rc));
                }
                if ((rc = pam_end (pam_h, rc)) != PAM_SUCCESS) {
                        error("pam_end: %s", pam_strerror(NULL, rc));
                }
                pam_h = NULL;
        }
}
Exemple #9
0
static enum pamtest_err run_test_case(pam_handle_t *ph,
				      struct pam_testcase *tc)
{
	switch (tc->pam_operation) {
	case PAMTEST_AUTHENTICATE:
		tc->op_rv = pam_authenticate(ph, tc->flags);
		return PAMTEST_ERR_OK;
	case PAMTEST_SETCRED:
		tc->op_rv = pam_setcred(ph, tc->flags);
		return PAMTEST_ERR_OK;
	case PAMTEST_ACCOUNT:
		tc->op_rv = pam_acct_mgmt(ph, tc->flags);
		return PAMTEST_ERR_OK;
	case PAMTEST_OPEN_SESSION:
		tc->op_rv = pam_open_session(ph, tc->flags);
		return PAMTEST_ERR_OK;
	case PAMTEST_CLOSE_SESSION:
		tc->op_rv = pam_close_session(ph, tc->flags);
		return PAMTEST_ERR_OK;
	case PAMTEST_CHAUTHTOK:
		tc->op_rv = pam_chauthtok(ph, tc->flags);
		return PAMTEST_ERR_OK;
	case PAMTEST_GETENVLIST:
		tc->case_out.envlist = pam_getenvlist(ph);
		return PAMTEST_ERR_OK;
	case PAMTEST_KEEPHANDLE:
		tc->case_out.ph = ph;
		return PAMTEST_ERR_KEEPHANDLE;
	default:
		return PAMTEST_ERR_OP;
	}

	return PAMTEST_ERR_OP;
}
Exemple #10
0
static void
quit(struct weston_launch *wl, int status)
{
	struct vt_mode mode = { 0 };
	int err;

	close(wl->signalfd);
	close(wl->sock[0]);

	if (wl->new_user) {
		err = pam_close_session(wl->ph, 0);
		if (err)
			fprintf(stderr, "pam_close_session failed: %d: %s\n",
				err, pam_strerror(wl->ph, err));
		pam_end(wl->ph, err);
	}

	if (ioctl(wl->tty, KDSKBMUTE, 0) &&
	    ioctl(wl->tty, KDSKBMODE, wl->kb_mode))
		fprintf(stderr, "failed to restore keyboard mode: %m\n");

	if (ioctl(wl->tty, KDSETMODE, KD_TEXT))
		fprintf(stderr, "failed to set KD_TEXT mode on tty: %m\n");

	/* We have to drop master before we switch the VT back in
	 * VT_AUTO, so we don't risk switching to a VT with another
	 * display server, that will then fail to set drm master. */
	drmDropMaster(wl->drm_fd);

	mode.mode = VT_AUTO;
	if (ioctl(wl->tty, VT_SETMODE, &mode) < 0)
		fprintf(stderr, "could not reset vt handling\n");

	exit(status);
}
Exemple #11
0
/*
 * plogout - Logout the user.
 */
static void
plogout(void)
{
#ifdef USE_PAM
    struct pam_conv pam_conversation;
    pam_handle_t *pamh;
    int pam_error;
/*
 * Fill the pam_conversion structure. The PAM specification states that the
 * session must be able to be closed by a totally different handle from which
 * it was created. Hold the PAM group to their own specification!
 */
    memset (&pam_conversation, '\0', sizeof (struct pam_conv));
    pam_conversation.conv = &pam_conv;

    pam_error = pam_start ("ppp", user, &pam_conversation, &pamh);
    if (pam_error == PAM_SUCCESS) {
        pam_set_item (pamh, PAM_TTY, devnam);
        pam_close_session (pamh, PAM_SILENT);
	pam_end (pamh, PAM_SUCCESS);
    }

#else
    char *tty;

    tty = devnam;
    if (strncmp(tty, _PATH_DEV, sizeof _PATH_DEV - 1) == 0)
	tty += 5;
    logwtmp(tty, "", "");		/* Wipe out wtmp logout entry */
    logout(tty);			/* Wipe out utmp */
#endif

    logged_in = FALSE;
}
Exemple #12
0
/* Called at exit to cleanly shutdown PAM */
static void
do_pam_cleanup_proc(void *context)
{
	int pam_retval;
	pam_stuff *pam = (pam_stuff *) context;

	if (pam == NULL)
		return;

	if (pam->authctxt != NULL && pam->authctxt->pam == pam) {
		pam->authctxt->pam_retval = pam->last_pam_retval;
		pam->authctxt->pam = NULL;
		pam->authctxt = NULL;
	}

	if (pam->h == NULL)
		return;

	/*
	 * We're in fatal_cleanup() or not in userauth or without a
	 * channel -- can't converse now, too bad.
	 */
	pam_retval = pam_set_item(pam->h, PAM_CONV, NULL);
	if (pam_retval != PAM_SUCCESS) {
		log("Cannot remove PAM conv, close session or delete creds[%d]: %.200s",
			pam_retval, PAM_STRERROR(pam->h, pam_retval));
		goto cleanup;
	}

	if (pam->state & PAM_S_DONE_OPEN_SESSION) {
		pam_retval = pam_close_session(pam->h, 0);
		if (pam_retval != PAM_SUCCESS)
			log("Cannot close PAM session[%d]: %.200s",
			    pam_retval, PAM_STRERROR(pam->h, pam_retval));
	}

	if (pam->state & PAM_S_DONE_SETCRED) {
		pam_retval = pam_setcred(pam->h, PAM_DELETE_CRED);
		if (pam_retval != PAM_SUCCESS)
			debug("Cannot delete credentials[%d]: %.200s", 
			    pam_retval, PAM_STRERROR(pam->h, pam_retval));
	}

cleanup:

	/* Use the previous PAM result, if not PAM_SUCCESS for pam_end() */
	if (pam->last_pam_retval != PAM_SUCCESS)
		pam_retval = pam_end(pam->h, pam->last_pam_retval);
	else if (pam_retval != PAM_SUCCESS)
		pam_retval = pam_end(pam->h, pam_retval);
	else
		pam_retval = pam_end(pam->h, PAM_ABORT);

	if (pam_retval != PAM_SUCCESS)
		log("Cannot release PAM authentication[%d]: %.200s",
		    pam_retval, PAM_STRERROR(pam->h, pam_retval));

	xfree(pam);
}
PAMAuthenticator::~PAMAuthenticator(void)
{
	if (this->m_ph) {
		int res = pam_close_session(this->m_ph, 0);
		pam_end(this->m_ph, res);
		this->m_ph = 0;
	}
}
Exemple #14
0
void AuthPAMClose()
{
	if (pamh)
	{
	pam_close_session(pamh, 0);
	pam_end(pamh,PAM_SUCCESS);
	}
}
Exemple #15
0
static void checkpw_cleanup (pam_handle_t *hdl)
{
#if 0	/* see checkpw() for why this is #if 0 */
  pam_close_session (hdl,NIL);	/* close session [uw]tmp */
#endif
  pam_setcred (hdl,PAM_DELETE_CRED);
  pam_end (hdl,PAM_SUCCESS);
}
Exemple #16
0
bool XProcess::pam_stopSession(){
  //This should only be run if pam_startSession was successful
  int ret = pam_close_session(pamh,0);
  bool ok = FALSE;
  if(ret == PAM_SUCCESS){ ok = TRUE; }
  else{ pam_logFailure(ret); }
  
  return ok;
}
Exemple #17
0
void
mdm_verify_cleanup (MdmDisplay *d)
{
	gid_t groups[1] = { 0 };
	cur_mdm_disp = d;

	if (pamh != NULL) {
		gint pamerr;
		pam_handle_t *tmp_pamh;
		gboolean old_opened_session;
		gboolean old_did_setcred;

		mdm_debug ("Running mdm_verify_cleanup and pamh != NULL");

		mdm_sigterm_block_push ();
		mdm_sigchld_block_push ();
		tmp_pamh = pamh;
		pamh = NULL;
		old_opened_session = opened_session;
		opened_session = FALSE;
		old_did_setcred = did_setcred;
		did_setcred = FALSE;
		mdm_sigchld_block_pop ();
		mdm_sigterm_block_pop ();

		pamerr = PAM_SUCCESS;

		/* Close the users session */
		if (old_opened_session) {
			mdm_debug ("Running pam_close_session");
			pamerr = pam_close_session (tmp_pamh, 0);
		}

		/* Throw away the credentials */
		if (old_did_setcred) {
			mdm_debug ("Running pam_setcred with PAM_DELETE_CRED");
			pamerr = pam_setcred (tmp_pamh, PAM_DELETE_CRED);
		}

		pam_end (tmp_pamh, pamerr);

		/* Workaround to avoid mdm messages being logged as PAM_pwdb */
                mdm_log_shutdown ();
                mdm_log_init ();
	}

	/* Clear the group setup */
	setgid (0);
	/* this will get rid of any suplementary groups etc... */
	setgroups (1, groups);

	cur_mdm_disp = NULL;

	/* reset limits */
	mdm_reset_limits ();
}
Exemple #18
0
int xlsh_session_close(pam_handle_t* handle)
{
  pam_close_session(handle, 0);
  if(pam_setcred(handle, PAM_DELETE_CRED) != PAM_SUCCESS) {
    pam_end(handle, 0);
    return XLSH_ERROR;
  }

  pam_end(handle, 0);
  return XLSH_EOK;
}
Exemple #19
0
int main(int argc, char *argv[])
{
    unsigned char lb[2];
    unsigned char buf[BUFSIZ];
    char *user;
    char *pwd;
    char *mode;
    int sid;
    int rval;
    struct session *sessp;

    // test clause
    if (argc == 4 ) {
        /* ./epam authmodule user passwd */
        printf("testing service=%s u=%s pwd=%s\n", argv[1],argv[2], argv[3]);
        do_auth(argv[1], argv[2], argv[3], "AS", 33);
        exit(0);
    }
    wstart();
    while (1) {
        if (read_fill(0, lb, 2) != 2)
            exit(1);
        rval = get_int16(lb);
        if (read_fill(0, buf, rval) != rval)
            exit(1);
        switch (buf[0]) {
        case 'a': 
            // auth a user
            user = (char *)&buf[1];
            pwd = user + strlen(user) + 1;
            mode= pwd + strlen(pwd) + 1;
            sid = atoi(mode + strlen(mode) + 1);
            
            do_auth(argv[1], user, pwd, mode, sid);
            break;
        case 'c': 
            // close session
            sid = atoi((char *)&buf[1]);
            if ((sessp = del_session(&sessions, sid)) == NULL) {
                fprintf(stderr, "Couldn't find session %d\r\n", sid); 
                break;
            }
            if (sessp->session_mode == 1) {
                pam_close_session(sessp->pamh, 0);
                /*fprintf(stderr, "did ok close sess \n\r");*/
            }
            pam_end(sessp->pamh, PAM_SUCCESS); 
            free(sessp);
            break;
        default:
            fprintf(stderr, "Bad op \n\r");
        }
    }
}
Exemple #20
0
void
SessionExit (struct display *d, int status, int removeAuth)
{
#ifdef USE_PAM
	pam_handle_t *pamh = thepamh();
#endif
#ifdef USE_PAM
    if (pamh) {
        /* shutdown PAM session */
	pam_close_session(pamh, 0);
	pam_end(pamh, PAM_SUCCESS);
	pamh = NULL;
    }
#endif

    /* make sure the server gets reset after the session is over */
    if (d->serverPid >= 2 && d->resetSignal)
	kill (d->serverPid, d->resetSignal);
    else
	ResetServer (d);
    if (removeAuth)
    {
	setgid (verify.gid);
	setuid (verify.uid);
	RemoveUserAuthorization (d, &verify);
#ifdef K5AUTH
	/* do like "kdestroy" program */
        {
	    krb5_error_code code;
	    krb5_ccache ccache;

	    code = Krb5DisplayCCache(d->name, &ccache);
	    if (code)
		LogError("%s while getting Krb5 ccache to destroy\n",
			 error_message(code));
	    else {
		code = krb5_cc_destroy(ccache);
		if (code) {
		    if (code == KRB5_FCC_NOFILE) {
			Debug ("No Kerberos ccache file found to destroy\n");
		    } else
			LogError("%s while destroying Krb5 credentials cache\n",
				 error_message(code));
		} else
		    Debug ("Kerberos ccache destroyed\n");
		krb5_cc_close(ccache);
	    }
	}
#endif /* K5AUTH */
    }
    Debug ("Display %s exiting with status %d\n", d->name, status);
    exit (status);
}
Exemple #21
0
void context::close_session()
{
    _M_code = pam_close_session(_M_pamh, 0);
    if(errc(_M_code) != errc::success)
    {
        rmcred();
        throw session_error(_M_pamh, _M_code);
    }

    _M_code = rmcred();
    if(errc(_M_code) != errc::success) throw cred_error(_M_pamh, _M_code);
}
Exemple #22
0
static void
vsf_auth_shutdown(void)
{
  if (s_pamh == 0)
  {
    bug("vsf_auth_shutdown");
  }
  (void) pam_close_session(s_pamh, 0);
  (void) pam_setcred(s_pamh, PAM_DELETE_CRED);
  (void) pam_end(s_pamh, PAM_SUCCESS);
  s_pamh = 0;
  vsf_remove_uwtmp();
}
Exemple #23
0
Fichier : pam.c Projet : CVi/sudo
int
pam_end_session(sudo_auth *auth)
{
    int status = PAM_SUCCESS;

    if (pamh) {
#ifndef NO_PAM_SESSION
	(void) pam_close_session(pamh, PAM_SILENT);
#endif
	status = pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT);
    }
    return status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE;
}
gboolean pam_session_close(void)
{
  g_pamLastStatus = pam_close_session(g_pamHandle, 0);

  g_pamLastStatus = pam_setcred(g_pamHandle, PAM_DELETE_CRED);
  if (g_pamLastStatus != PAM_SUCCESS)
    {
      fprintf(stderr, "Jolicloud-DisplayManager: Unable to delete pam credentials. Error %d\n",
	      g_pamLastStatus);
      return FALSE;
    }

  return TRUE;
}
int
main (void)
{
  int retval;

  /* 1: Call with NULL as pam handle */
  retval = pam_close_session (NULL, 0);
  if (retval == PAM_SUCCESS)
    {
      fprintf (stderr, "pam_close_session (NULL, 0) returned PAM_SUCCESS\n");
      return 1;
    }

  return 0;
}
Exemple #26
0
int lxdm_auth_session_end(LXDM_AUTH *a)
{
	int err;
	if(!a->handle)
		return 0;
	if(a->in_session)
	{
		err = pam_close_session(a->handle, 0);
		a->in_session=0;
	}
	pam_end(a->handle, err);
	a->handle = NULL;	
	passwd_clean(&a->pw);
	return 0;
}
Exemple #27
0
static void
cleanup_pam (int retcode)
{
  int saved_errno = errno;

  if (_pam_session_opened)
    pam_close_session (pamh, 0);

  if (_pam_cred_established)
    pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT);

  pam_end(pamh, retcode);

  errno = saved_errno;
}
Exemple #28
0
static void
quit(struct weston_launch *wl, int status)
{
	int err;

	close(wl->signalfd);
	close(wl->sock[0]);

	if (wl->new_user) {
		err = pam_close_session(wl->ph, 0);
		if (err)
			fprintf(stderr, "pam_close_session failed: %d: %s\n",
				err, pam_strerror(wl->ph, err));
		pam_end(wl->ph, err);
	}

	exit(status);
}
Exemple #29
0
int main(int argc, char *argv[])
{
	char *user = (argc > 1) ? argv[1] : getlogin();
	char *service = (argc > 2) ? argv[2] : "pamtest";
	struct pam_conv conv;
	int rc;
	pam_handle_t *pamh = NULL;

	conv.conv = pamtestConv;
	conv.appdata_ptr = NULL;

	fprintf(stderr, "%s:%d Starting with user=%s service=%s\n",
		__FILE__, __LINE__, user, service);

	rc = pam_start(service, user, &conv, &pamh);
	CHECK_STATUS(pamh, "pam_start", rc);

	rc = pam_authenticate(pamh, 0);
	CHECK_STATUS(pamh, "pam_authenticate", rc);

	rc = pam_acct_mgmt(pamh, 0);
	CHECK_STATUS(pamh, "pam_acct_mgmt", rc);

	if (rc == PAM_SUCCESS) {
		rc = pam_open_session(pamh, 0);
		CHECK_STATUS(pamh, "pam_open_session", rc);

		rc = pam_close_session(pamh, 0);
		CHECK_STATUS(pamh, "pam_close_session", rc);
	}

	if (rc != PAM_SUCCESS) {
		return rc;
	}

	if (pamh != NULL) {
		rc = pam_end(pamh, PAM_SUCCESS);
		CHECK_STATUS(pamh, "pam_end", rc);
	}

	return rc;
}
Exemple #30
0
void
sshpam_cleanup(void)
{
	if (sshpam_handle == NULL || (use_privsep && !mm_is_monitor()))
		return;
	debug("PAM: cleanup");
	pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
	if (sshpam_session_open) {
		debug("PAM: closing session");
		pam_close_session(sshpam_handle, PAM_SILENT);
		sshpam_session_open = 0;
	}
	if (sshpam_cred_established) {
		debug("PAM: deleting credentials");
		pam_setcred(sshpam_handle, PAM_DELETE_CRED);
		sshpam_cred_established = 0;
	}
	sshpam_authenticated = 0;
	pam_end(sshpam_handle, sshpam_err);
	sshpam_handle = NULL;
}