isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Delete creds after closing the PAM session.

Browse Source
This commit is contained in:
Todd C. Miller
2012-04-23 16:11:49 -04:00
parent cde9f8aa12
commit cf4562c031
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
plugins/sudoers/auth/pam.c
View File

@@ -271,14 +271,15 @@ sudo_pam_end_session(struct passwd *pw, sudo_auth *auth)
debug_decl(sudo_pam_end_session, SUDO_DEBUG_AUTH) debug_decl(sudo_pam_end_session, SUDO_DEBUG_AUTH)
if (pamh != NULL) { if (pamh != NULL) {
#ifndef NO_PAM_SESSION
/* /*
* Update PAM_USER to reference the user we are running the command * Update PAM_USER to reference the user we are running the command
* as to match the call to pam_open_session(). * as, as opposed to the user we authenticated as.
*/ */
(void) pam_set_item(pamh, PAM_USER, pw->pw_name); (void) pam_set_item(pamh, PAM_USER, pw->pw_name);
#ifndef NO_PAM_SESSION
(void) pam_close_session(pamh, PAM_SILENT); (void) pam_close_session(pamh, PAM_SILENT);
#endif #endif
(void) pam_setcred(pamh, PAM_DELETE_CRED);
status = pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT); status = pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT);
pamh = NULL; pamh = NULL;
} }