blob: 942253d8e618ed15c743212e12d56d8db664f491 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
/* pam_end.c */
/*
* $Id$
*/
#include "pam_private.h"
#include <stdlib.h>
int pam_end(pam_handle_t *pamh, int pam_status)
{
int ret;
D(("entering pam_end()"));
IF_NO_PAMH("pam_end", pamh, PAM_SYSTEM_ERR);
if (__PAM_FROM_MODULE(pamh)) {
D(("called from module!?"));
return PAM_SYSTEM_ERR;
}
#ifdef HAVE_LIBAUDIT
_pam_audit_end(pamh, pam_status);
#endif
/* first liberate the modules (it is not inconcevible that the
modules may need to use the service_name etc. to clean up) */
_pam_free_data(pamh, pam_status);
/* now drop all modules */
if ((ret = _pam_free_handlers(pamh)) != PAM_SUCCESS) {
return ret; /* error occurred */
}
/* from this point we cannot call the modules any more. Free the remaining
memory used by the Linux-PAM interface */
_pam_drop_env(pamh); /* purge the environment */
_pam_overwrite(pamh->authtok); /* blank out old token */
_pam_drop(pamh->authtok);
_pam_overwrite(pamh->oldauthtok); /* blank out old token */
_pam_drop(pamh->oldauthtok);
_pam_overwrite(pamh->former.prompt);
_pam_drop(pamh->former.prompt); /* drop saved prompt */
_pam_overwrite(pamh->service_name);
_pam_drop(pamh->service_name);
_pam_overwrite(pamh->user);
_pam_drop(pamh->user);
_pam_overwrite(pamh->prompt);
_pam_drop(pamh->prompt); /* prompt for pam_get_user() */
_pam_overwrite(pamh->tty);
_pam_drop(pamh->tty);
_pam_overwrite(pamh->rhost);
_pam_drop(pamh->rhost);
_pam_overwrite(pamh->ruser);
_pam_drop(pamh->ruser);
_pam_drop(pamh->pam_conversation);
pamh->fail_delay.delay_fn_ptr = NULL;
_pam_drop(pamh->former.substates);
_pam_overwrite(pamh->xdisplay);
_pam_drop(pamh->xdisplay);
_pam_overwrite(pamh->xauth.name);
_pam_drop(pamh->xauth.name);
_pam_overwrite_n(pamh->xauth.data, (unsigned int)pamh->xauth.datalen);
_pam_drop(pamh->xauth.data);
_pam_overwrite_n((char *)&pamh->xauth, sizeof(pamh->xauth));
_pam_overwrite(pamh->authtok_type);
_pam_drop(pamh->authtok_type);
/* and finally liberate the memory for the pam_handle structure */
_pam_drop(pamh);
D(("exiting pam_end() successfully"));
return PAM_SUCCESS;
}
|