- (stevesk) Fix compile problem with PAM password change fix

[openssh.git] / auth-pam.c

diff --git a/auth-pam.c b/auth-pam.c
index 4781058b2291ba74105cd48001c645f6cb4a3cd5..ec859d72c146ade5da4eab189990a8da76e44c0f 100644 (file)
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -33,6 +33,8 @@
 #include "canohost.h"
 #include "readpass.h"
 
+extern char *__progname;
+
 RCSID("$Id$");
 
 #define NEW_AUTHTOK_MSG \
@@ -85,7 +87,7 @@ int do_pam_authenticate(int flags)
  * messages with into __pam_msg.  This is used during initial
  * authentication to bypass the normal PAM password prompt.
  *
- * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase(prompt, 1)
+ * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase()
  * and outputs messages to stderr. This mode is used if pam_chauthtok()
  * is called to update expired passwords.
  */
@@ -144,9 +146,9 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg,
                                reply[count].resp_retcode = PAM_SUCCESS;
                                break;
                        case PAM_PROMPT_ECHO_OFF:
-                               reply[count].resp = xstrdup(
-                                   read_passphrase(PAM_MSG_MEMBER(msg, count, 
-                                   msg), 1));
+                               reply[count].resp = 
+                                   read_passphrase(PAM_MSG_MEMBER(msg, count,
+                                       msg), RP_ALLOW_STDIN);
                                reply[count].resp_retcode = PAM_SUCCESS;
                                break;
                        case PAM_ERROR_MSG:
@@ -207,7 +209,7 @@ int auth_pam_password(struct passwd *pw, const char *password)
        /* deny if no user. */
        if (pw == NULL)
                return 0;
-       if (pw->pw_uid == 0 && options.permit_root_login == 2)
+       if (pw->pw_uid == 0 && options.permit_root_login == PERMIT_NO_PASSWD)
                return 0;
        if (*password == '\0' && options.permit_empty_passwd == 0)
                return 0;
@@ -287,14 +289,15 @@ void do_pam_session(char *username, const char *ttyname)
 }
 
 /* Set PAM credentials */
-void do_pam_setcred(void)
+void do_pam_setcred(int init)
 {
        int pam_retval;
 
        do_pam_set_conv(&conv);
 
        debug("PAM establishing creds");
-       pam_retval = pam_setcred(__pamh, PAM_ESTABLISH_CRED);
+       pam_retval = pam_setcred(__pamh, 
+           init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED);
        if (pam_retval != PAM_SUCCESS) {
                if (was_authenticated)
                        fatal("PAM setcred failed[%d]: %.200s",
@@ -345,6 +348,8 @@ void start_pam(const char *user)
 {
        int pam_retval;
        extern ServerOptions options;
+       extern u_int utmp_len;
+       const char *rhost;
 
        debug("Starting up PAM with username \"%.200s\"", user);
 
@@ -354,10 +359,10 @@ void start_pam(const char *user)
                fatal("PAM initialisation failed[%d]: %.200s",
                    pam_retval, PAM_STRERROR(__pamh, pam_retval));
 
-       debug("PAM setting rhost to \"%.200s\"",
-           get_canonical_hostname(options.reverse_mapping_check));
-       pam_retval = pam_set_item(__pamh, PAM_RHOST,
-               get_canonical_hostname(options.reverse_mapping_check));
+       rhost = get_remote_name_or_ip(utmp_len, options.reverse_mapping_check);
+       debug("PAM setting rhost to \"%.200s\"", rhost);
+
+       pam_retval = pam_set_item(__pamh, PAM_RHOST, rhost);
        if (pam_retval != PAM_SUCCESS)
                fatal("PAM set rhost failed[%d]: %.200s", pam_retval,
                    PAM_STRERROR(__pamh, pam_retval));
@@ -369,7 +374,7 @@ void start_pam(const char *user)
         * not even need one (for tty-less connections)
         * Kludge: Set a fake PAM_TTY
         */
-       pam_retval = pam_set_item(__pamh, PAM_TTY, "ssh");
+       pam_retval = pam_set_item(__pamh, PAM_TTY, "NODEVssh");
        if (pam_retval != PAM_SUCCESS)
                fatal("PAM set tty failed[%d]: %.200s",
                    pam_retval, PAM_STRERROR(__pamh, pam_retval));