-
- debug("Starting up PAM with username \"%.200s\"", pw->pw_name);
-
- pam_retval = pam_start(SSHD_PAM_SERVICE, pw->pw_name, &conv,
- (pam_handle_t**)&pamh);
-
- if (pam_retval != PAM_SUCCESS) {
- fatal("PAM initialisation failed: %.200s",
- PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
- }
-
- fatal_add_cleanup(&pam_cleanup_proc, NULL);
+ extern ServerOptions options;
+ extern u_int utmp_len;
+ const char *rhost;
+
+ debug("Starting up PAM with username \"%.200s\"", user);
+
+ pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &__pamh);
+
+ if (pam_retval != PAM_SUCCESS)
+ fatal("PAM initialisation failed[%d]: %.200s",
+ pam_retval, PAM_STRERROR(__pamh, pam_retval));
+
+ rhost = get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping);
+ debug("PAM setting rhost to \"%.200s\"", rhost);
+
+ pam_retval = pam_set_item(__pamh, PAM_RHOST, rhost);
+ if (pam_retval != PAM_SUCCESS)
+ fatal("PAM set rhost failed[%d]: %.200s", pam_retval,
+ PAM_STRERROR(__pamh, pam_retval));
+#ifdef PAM_TTY_KLUDGE
+ /*
+ * Some PAM modules (e.g. pam_time) require a TTY to operate,
+ * and will fail in various stupid ways if they don't get one.
+ * sshd doesn't set the tty until too late in the auth process and may
+ * not even need one (for tty-less connections)
+ * Kludge: Set a fake PAM_TTY
+ */
+ pam_retval = pam_set_item(__pamh, PAM_TTY, "NODEVssh");
+ if (pam_retval != PAM_SUCCESS)
+ fatal("PAM set tty failed[%d]: %.200s",
+ pam_retval, PAM_STRERROR(__pamh, pam_retval));
+#endif /* PAM_TTY_KLUDGE */
+
+ fatal_add_cleanup(&do_pam_cleanup_proc, NULL);