summaryrefslogtreecommitdiffstats
path: root/login-utils/login.c
diff options
context:
space:
mode:
Diffstat (limited to 'login-utils/login.c')
-rw-r--r--login-utils/login.c29
1 files changed, 20 insertions, 9 deletions
diff --git a/login-utils/login.c b/login-utils/login.c
index 828117850..d318e120c 100644
--- a/login-utils/login.c
+++ b/login-utils/login.c
@@ -705,6 +705,22 @@ static void loginpam_acct(struct login_context *cxt)
}
}
+static void loginpam_session(struct login_context *cxt)
+{
+ int rc;
+ pam_handle_t *pamh = cxt->pamh;
+
+ rc = pam_open_session(pamh, 0);
+ if (is_pam_failure(rc))
+ loginpam_err(pamh, rc);
+
+ rc = pam_setcred(pamh, PAM_ESTABLISH_CRED);
+ if (is_pam_failure(rc)) {
+ pam_close_session(pamh, 0);
+ loginpam_err(pamh, rc);
+ }
+}
+
/*
* We need to check effective UID/GID. For example $HOME could be on root
* squashed NFS or on NFS with UID mapping and access(2) uses real UID/GID.
@@ -980,15 +996,10 @@ int main(int argc, char **argv)
exit(EXIT_FAILURE);
}
- retcode = pam_open_session(pamh, 0);
- if (is_pam_failure(retcode))
- loginpam_err(pamh, retcode);
-
- retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED);
- if (is_pam_failure(retcode)) {
- pam_close_session(pamh, 0);
- loginpam_err(pamh, retcode);
- }
+ /*
+ * Open PAM session (after successful authentication and account check)
+ */
+ loginpam_session(&cxt);
/* committed to login -- turn off timeout */
alarm((unsigned int)0);
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-06-10 11:26:58 +0200