Description
In main method of C file "\incubator-ranger\unixauthpam\src\main\c\pamCredValidator.c",
when authentication fails, pam_end() is not called before exit(1),
which result in PAM transaction is not closed.
The pam_end() function terminates a PAM transaction and destroys the
corresponding PAM context, releasing all resources allocated to it.
int main(int ac, char **av, char **ev)
{
char username[64] ;
char password[64] ;
char line[512] ;
int retval;
pam_handle_t *pamh = NULL;
fgets(line,512,stdin) ;
sscanf(line, "LOGIN:%s %s",username,password) ;
conv.appdata_ptr = (char *) password;
retval = pam_start("ranger-remote", username, &conv, &pamh);
if (retval != PAM_SUCCESS)
retval = pam_authenticate(pamh, 0);
if (retval != PAM_SUCCESS)
/* authorize */
retval = pam_acct_mgmt(pamh, 0);
if (retval != PAM_SUCCESS)
/* establish the requested credentials */
if ((retval = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS)
/* not opening a session, as logout has not been implemented as a remote service */
fprintf(stdout, "OK:\n") ;
if (pamh)
{ pam_end(pamh, retval); } exit(0) ;
}