In pamCredValidator.c, pam_end() is not called if authentication fails.

In main method of C file "\incubator-ranger\unixauthpam\src\main\c\pamCredValidator.c",
when authentication fails, pam_end() is not called before exit(1),
which result in PAM transaction is not closed.
The pam_end() function terminates a PAM transaction and destroys the
corresponding PAM context, releasing all resources allocated to it.

int main(int ac, char **av, char **ev)
{
char username[64] ;
char password[64] ;
char line[512] ;

int retval;
pam_handle_t *pamh = NULL;

fgets(line,512,stdin) ;
sscanf(line, "LOGIN:%s %s",username,password) ;
conv.appdata_ptr = (char *) password;

retval = pam_start("ranger-remote", username, &conv, &pamh);
if (retval != PAM_SUCCESS)

{ /* why expose this? */ fprintf(stdout, "FAILED: [%s] does not exists.\n", username) ; exit(1); }

retval = pam_authenticate(pamh, 0);
if (retval != PAM_SUCCESS)

{ fprintf(stdout, "FAILED: Password did not match.\n") ; exit(1); }

/* authorize */
retval = pam_acct_mgmt(pamh, 0);
if (retval != PAM_SUCCESS)

{ fprintf(stdout, "FAILED: [%s] is not authorized.\n", username) ; exit(1); }

/* establish the requested credentials */
if ((retval = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS)

{ fprintf(stdout, "FAILED: Error setting credentials for [%s].\n", username) ; exit(1); }

/* not opening a session, as logout has not been implemented as a remote service */
fprintf(stdout, "OK:\n") ;

if (pamh)

{ pam_end(pamh, retval); }

exit(0) ;
}