From b862bbce71e53a0c68955765003502087a4d0ea6 Mon Sep 17 00:00:00 2001
From: Maximilian Seidler <78690852+PaideiaDilemma@users.noreply.github.com>
Date: Fri, 5 Jul 2024 22:54:40 +0200
Subject: [PATCH] auth: pam fallback log message and always call pam_end after
 pam_authenticate (#399)

* auth: make the fallback to sudo error more descriptive

* auth: always call pam_end after pam_authenticate
---
 src/core/Auth.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/core/Auth.cpp b/src/core/Auth.cpp
index ea3066f..a4ca2f1 100644
--- a/src/core/Auth.cpp
+++ b/src/core/Auth.cpp
@@ -58,7 +58,7 @@ CAuth::CAuth() {
     m_sPamModule                  = *PPAMMODULE;
 
     if (!std::filesystem::exists(std::filesystem::path("/etc/pam.d/") / m_sPamModule)) {
-        Debug::log(ERR, "Pam module \"{}\" not found! Falling back to \"su\"", m_sPamModule);
+        Debug::log(ERR, "Pam module \"/etc/pam.d/{}\" does not exist! Falling back to \"/etc/pam.d/su\"", m_sPamModule);
         m_sPamModule = "su";
     }
 }
@@ -91,6 +91,8 @@ bool CAuth::auth() {
     }
 
     ret = pam_authenticate(handle, 0);
+    pam_end(handle, ret);
+    handle = nullptr;
 
     m_sConversationState.waitingForPamAuth = false;
 
@@ -101,8 +103,6 @@ bool CAuth::auth() {
         return false;
     }
 
-    ret = pam_end(handle, ret);
-
     m_sConversationState.success  = true;
     m_sConversationState.failText = "Successfully authenticated";
     Debug::log(LOG, "auth: authenticated for {}", m_sPamModule);