module not compliant with Linux-PAM documentation

[AndrewGMorgan]

The man pam_end and Linux-PAM app documentation says that:

...... This argument can be logically OR'd
       with PAM_DATA_SILENT to indicate that the module
       should not treat the call too seriously. It is generally used to
       indicate that the current closing of the library is in a
       fork(2)ed process, and that the parent will take care of cleaning
       up things that exist outside of the current process space (files
       etc.).

Based on bug reports and the issue discussed here+, I'd like to suggest the following patch (or something like it) be considered for inclusion in the pam-krb5 module:

diff --git a/module/context.c b/module/context.c
index 9664483..222b70b 100644
--- a/module/context.c
+++ b/module/context.c
@@ -160,10 +160,15 @@ pamk5_context_free(struct pam_args *args)
  */
 void
 pamk5_context_destroy(pam_handle_t *pamh UNUSED, void *data,
-                      int pam_end_status UNUSED)
+                      int pam_end_status)
 {
     struct context *ctx = (struct context *) data;

+#ifdef __LINUX_PAM__
+    if (pam_end_status == PAM_SUCCESS | PAM_DATA_SILENT)
+       return;
+#endif /* def __LINUX_PAM__ */
+
     if (ctx != NULL)
         context_free(ctx, true);
 }

[rra]

Thank you very much for the report! I had not seen the updated documentation and was still going on the old documentation that said this flag only specified whether to send output messages.