Merge pull request from GHSA-f489-557v-47jq

Check auth_start_session() result

sesman/libsesman/verify_user_pam.c

@@ -397,8 +397,8 @@ auth_uds(const char *user, enum scp_login_status *errorcode)
 /******************************************************************************/
 
 /* returns error */
-int
-auth_start_session(struct auth_info *auth_info, int display_num)
+static int
+auth_start_session_private(struct auth_info *auth_info, int display_num)
 {
     int error;
     char display[256];
@@ -436,6 +436,26 @@ auth_start_session(struct auth_info *auth_info, int display_num)
     return 0;
 }
 
+/******************************************************************************/
+/**
+ * Main routine to start a session
+ *
+ * Calls the private routine and logs an additional error if the private
+ * routine fails
+ */
+int
+auth_start_session(struct auth_info *auth_info, int display_num)
+{
+    int result = auth_start_session_private(auth_info, display_num);
+    if (result != 0)
+    {
+        LOG(LOG_LEVEL_ERROR,
+            "Can't start PAM session. See PAM logging for more info");
+    }
+
+    return result;
+}
+
 /******************************************************************************/
 /* returns error */
 static int

sesman/libsesman/verify_user_pam_userpass.c

@@ -207,8 +207,8 @@ auth_uds(const char *user, enum scp_login_status *errorcode)
 /******************************************************************************/
 
 /* returns error */
-int
-auth_start_session(struct auth_info *auth_info, int display_num)
+static int
+auth_start_session_private(struct auth_info *auth_info, int display_num)
 {
     int error;
     char display[256];
@@ -246,6 +246,26 @@ auth_start_session(struct auth_info *auth_info, int display_num)
     return 0;
 }
 
+/******************************************************************************/
+/**
+ * Main routine to start a session
+ *
+ * Calls the private routine and logs an additional error if the private
+ * routine fails
+ */
+int
+auth_start_session(struct auth_info *auth_info, int display_num)
+{
+    int result = auth_start_session_private(auth_info, display_num);
+    if (result != 0)
+    {
+        LOG(LOG_LEVEL_ERROR,
+            "Can't start PAM session. See PAM logging for more info");
+    }
+
+    return result;
+}
+
 /******************************************************************************/
 /* returns error */
 static int

sesman/sesexec/session.c

@@ -568,7 +568,12 @@ session_start_wrapped(struct login_info *login_info,
     int window_manager_pid;
     enum scp_screate_status status = E_SCP_SCREATE_GENERAL_ERROR;
 
-    auth_start_session(login_info->auth_info, s->display);
+    if (auth_start_session(login_info->auth_info, s->display) != 0)
+    {
+        // Errors are logged by the auth module, as they are
+        // specific to that module
+        return E_SCP_SCREATE_GENERAL_ERROR;
+    }
 #ifdef USE_BSD_SETLOGIN
     /**
      * Create a new session and process group since the 4.4BSD