From 00952dd8ee02df92ee6b71c6467de7d74d3250dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E3=82=A2=E3=82=B7=E3=83=A5?=
 <120780645+Kawaii-Ash@users.noreply.github.com>
Date: Sun, 5 May 2024 08:29:05 +0100
Subject: [PATCH] Fix authentication in a few edge cases (#604)

* fix loginConv and auth

* fix potential mem leak with configs

* BIG changes
---
 build.zig.zon |  4 ++--
 src/auth.zig  | 18 ++++++++++++++----
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/build.zig.zon b/build.zig.zon
index 46778e3..0594da1 100644
--- a/build.zig.zon
+++ b/build.zig.zon
@@ -7,8 +7,8 @@
             .hash = "122014e73fd712190e109950837b97f6143f02d7e2b6986e1db70b6f4aadb5ba6a0d",
         },
         .zigini = .{
-            .url = "https://github.com/Kawaii-Ash/zigini/archive/2f598085c8bd8b1acef1add90d116c8dd1895b45.tar.gz",
-            .hash = "12206dc36227c010c879b59ab563512f718ce4cabe570968587a0bbbcde708f64528",
+            .url = "https://github.com/Kawaii-Ash/zigini/archive/ce1f322482099db058f5d9fdd05fbfa255d79723.tar.gz",
+            .hash = "1220e7a99793a0430e0a7c0b938cb3c98321035bc297e21cd0e2413cf740b4923b9f",
         },
     },
     .paths = .{""},
diff --git a/src/auth.zig b/src/auth.zig
index 26de2cf..4b061a5 100644
--- a/src/auth.zig
+++ b/src/auth.zig
@@ -48,7 +48,7 @@ pub fn authenticate(config: Config, desktop: Desktop, login: [:0]const u8, passw
     status = interop.pam.pam_acct_mgmt(handle, 0);
     if (status != interop.pam.PAM_SUCCESS) return pamDiagnose(status);
 
-    status = interop.pam.pam_setcred(handle, 0);
+    status = interop.pam.pam_setcred(handle, interop.pam.PAM_ESTABLISH_CRED);
     if (status != interop.pam.PAM_SUCCESS) return pamDiagnose(status);
 
     status = interop.pam.pam_open_session(handle, 0);
@@ -103,7 +103,7 @@ pub fn authenticate(config: Config, desktop: Desktop, login: [:0]const u8, passw
     status = interop.pam.pam_close_session(handle, 0);
     if (status != 0) return pamDiagnose(status);
 
-    status = interop.pam.pam_setcred(handle, 0);
+    status = interop.pam.pam_setcred(handle, interop.pam.PAM_DELETE_CRED);
     if (status != 0) return pamDiagnose(status);
 
     status = interop.pam.pam_end(handle, status);
@@ -205,6 +205,10 @@ fn loginConv(
     const allocator = std.heap.c_allocator;
     const response = allocator.alloc(interop.pam.pam_response, message_count) catch return interop.pam.PAM_BUF_ERR;
 
+    // Initialise allocated memory to 0
+    // This ensures memory can be freed by pam on success
+    for (response) |*r| r.* = std.mem.zeroes(interop.pam.pam_response);
+
     var username: ?[:0]u8 = null;
     var password: ?[:0]u8 = null;
     var status: c_int = interop.pam.PAM_SUCCESS;
@@ -213,12 +217,18 @@ fn loginConv(
         switch (messages[i].?.msg_style) {
             interop.pam.PAM_PROMPT_ECHO_ON => {
                 const data: [*][*:0]u8 = @ptrCast(@alignCast(appdata_ptr));
-                username = allocator.dupeZ(u8, std.mem.span(data[0])) catch return interop.pam.PAM_BUF_ERR;
+                username = allocator.dupeZ(u8, std.mem.span(data[0])) catch {
+                    status = interop.pam.PAM_BUF_ERR;
+                    break :set_credentials;
+                };
                 response[i].resp = username.?.ptr;
             },
             interop.pam.PAM_PROMPT_ECHO_OFF => {
                 const data: [*][*:0]u8 = @ptrCast(@alignCast(appdata_ptr));
-                password = allocator.dupeZ(u8, std.mem.span(data[1])) catch return interop.pam.PAM_BUF_ERR;
+                password = allocator.dupeZ(u8, std.mem.span(data[1])) catch {
+                    status = interop.pam.PAM_BUF_ERR;
+                    break :set_credentials;
+                };
                 response[i].resp = password.?.ptr;
             },
             interop.pam.PAM_ERROR_MSG => {