/* pam_end.c */ /* * $Id$ */ #include "pam_private.h" #include int pam_end(pam_handle_t *pamh, int pam_status) { int ret; D(("entering pam_end()")); IF_NO_PAMH("pam_end", pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_MODULE(pamh)) { D(("called from module!?")); return PAM_SYSTEM_ERR; } #ifdef HAVE_LIBAUDIT _pam_audit_end(pamh, pam_status); #endif /* first liberate the modules (it is not inconcevible that the modules may need to use the service_name etc. to clean up) */ _pam_free_data(pamh, pam_status); /* now drop all modules */ if ((ret = _pam_free_handlers(pamh)) != PAM_SUCCESS) { return ret; /* error occurred */ } /* from this point we cannot call the modules any more. Free the remaining memory used by the Linux-PAM interface */ _pam_drop_env(pamh); /* purge the environment */ _pam_overwrite(pamh->authtok); /* blank out old token */ _pam_drop(pamh->authtok); _pam_overwrite(pamh->oldauthtok); /* blank out old token */ _pam_drop(pamh->oldauthtok); _pam_overwrite(pamh->former.prompt); _pam_drop(pamh->former.prompt); /* drop saved prompt */ _pam_overwrite(pamh->service_name); _pam_drop(pamh->service_name); _pam_overwrite(pamh->user); _pam_drop(pamh->user); _pam_overwrite(pamh->prompt); _pam_drop(pamh->prompt); /* prompt for pam_get_user() */ _pam_overwrite(pamh->tty); _pam_drop(pamh->tty); _pam_overwrite(pamh->rhost); _pam_drop(pamh->rhost); _pam_overwrite(pamh->ruser); _pam_drop(pamh->ruser); _pam_drop(pamh->pam_conversation); pamh->fail_delay.delay_fn_ptr = NULL; _pam_drop(pamh->former.substates); _pam_overwrite(pamh->xdisplay); _pam_drop(pamh->xdisplay); _pam_overwrite(pamh->xauth.name); _pam_drop(pamh->xauth.name); _pam_overwrite_n(pamh->xauth.data, (unsigned int)pamh->xauth.datalen); _pam_drop(pamh->xauth.data); _pam_overwrite_n((char *)&pamh->xauth, sizeof(pamh->xauth)); _pam_overwrite(pamh->authtok_type); _pam_drop(pamh->authtok_type); /* and finally liberate the memory for the pam_handle structure */ _pam_drop(pamh); D(("exiting pam_end() successfully")); return PAM_SUCCESS; }