]> git.armaanb.net Git - opendoas.git/blobdiff - pam.c
projects / opendoas.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Remove extra include
[opendoas.git] / pam.c
diff --git a/pam.c b/pam.c
index 8a343e978fb5cc32375cc8721f3416442cbdcaa3..f8785bb1016be59c49c26e0f36378807f70689ca 100644 (file)
--- a/pam.c
+++ b/pam.c
@@ -132,6 +132,7 @@ fail:
                }
                rsp[i].resp = NULL;
        }
+       free(rsp);
 
        return PAM_CONV_ERR;
 }
@@ -244,7 +245,7 @@ pamauth(const char *user, const char *myname, int interactive, int nopass, int p
 #endif
 
        if (!user || !myname)
-               errx(1, "Authorization failed");
+               authfail();
 
        ret = pam_start(PAM_SERVICE_NAME, myname, &conv, &pamh);
        if (ret != PAM_SUCCESS)
@@ -276,7 +277,7 @@ pamauth(const char *user, const char *myname, int interactive, int nopass, int p
 
        if (!nopass) {
                if (!interactive)
-                       errx(1, "Authorization required");
+                       authfail();
 
                /* doas style prompt for pam */
                char host[HOST_NAME_MAX + 1];
@@ -290,7 +291,7 @@ pamauth(const char *user, const char *myname, int interactive, int nopass, int p
                if (ret != PAM_SUCCESS) {
                        pamcleanup(ret, sess, cred);
                        syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname);
-                       errx(1, "Authorization failed");
+                       authfail();
                }
        }
 
@@ -303,7 +304,7 @@ pamauth(const char *user, const char *myname, int interactive, int nopass, int p
        if (ret != PAM_SUCCESS) {
                pamcleanup(ret, sess, cred);
                syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname);
-               errx(1, "Authorization failed");
+               authfail();
        }
 
        /* set PAM_USER to the user we want to be */
@@ -312,9 +313,9 @@ pamauth(const char *user, const char *myname, int interactive, int nopass, int p
                warn("pam_set_item(?, PAM_USER, \"%s\"): %s", user,
                    pam_strerror(pamh, ret));
 
-       ret = pam_setcred(pamh, PAM_ESTABLISH_CRED);
+       ret = pam_setcred(pamh, PAM_REINITIALIZE_CRED);
        if (ret != PAM_SUCCESS)
-               warn("pam_setcred(?, PAM_ESTABLISH_CRED): %s", pam_strerror(pamh, ret));
+               warn("pam_setcred(?, PAM_REINITIALIZE_CRED): %s", pam_strerror(pamh, ret));
        else
                cred = 1;
 
Fork of OpenDoas that insults you