-/* module-local variables */
-static struct pam_conv conv = {
- do_pam_conversation,
- NULL
-};
-static char *__pam_msg = NULL;
-static pam_handle_t *__pamh = NULL;
-static const char *__pampasswd = NULL;
-
-/* states for do_pam_conversation() */
-enum { INITIAL_LOGIN, OTHER } pamstate = INITIAL_LOGIN;
-/* remember whether pam_acct_mgmt() returned PAM_NEWAUTHTOK_REQD */
-static int password_change_required = 0;
-/* remember whether the last pam_authenticate() succeeded or not */
-static int was_authenticated = 0;
-
-/* Remember what has been initialised */
-static int session_opened = 0;
-static int creds_set = 0;
-
-/* accessor which allows us to switch conversation structs according to
- * the authentication method being used */
-void do_pam_set_conv(struct pam_conv *conv)
+#ifndef USE_POSIX_THREADS
+/*
+ * Simulate threads with processes.
+ */
+
+static int sshpam_thread_status = -1;
+static mysig_t sshpam_oldsig;
+
+static void
+sshpam_sigchld_handler(int sig)
+{
+ if (cleanup_ctxt == NULL)
+ return; /* handler called after PAM cleanup, shouldn't happen */
+ if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0) == -1)
+ return; /* couldn't wait for process */
+ if (WIFSIGNALED(sshpam_thread_status) &&
+ WTERMSIG(sshpam_thread_status) == SIGTERM)
+ return; /* terminated by pthread_cancel */
+ if (!WIFEXITED(sshpam_thread_status))
+ fatal("PAM: authentication thread exited unexpectedly");
+ if (WEXITSTATUS(sshpam_thread_status) != 0)
+ fatal("PAM: authentication thread exited uncleanly");
+}
+
+static void
+pthread_exit(void *value __unused)
+{
+ _exit(0);
+}
+
+static int
+pthread_create(sp_pthread_t *thread, const void *attr __unused,
+ void *(*thread_start)(void *), void *arg)
+{
+ pid_t pid;
+
+ switch ((pid = fork())) {
+ case -1:
+ error("fork(): %s", strerror(errno));
+ return (-1);
+ case 0:
+ thread_start(arg);
+ _exit(1);
+ default:
+ *thread = pid;
+ sshpam_oldsig = signal(SIGCHLD, sshpam_sigchld_handler);
+ return (0);
+ }
+}
+
+static int
+pthread_cancel(sp_pthread_t thread)
+{
+ signal(SIGCHLD, sshpam_oldsig);
+ return (kill(thread, SIGTERM));
+}
+
+static int
+pthread_join(sp_pthread_t thread, void **value __unused)
+{
+ int status;
+
+ if (sshpam_thread_status != -1)
+ return (sshpam_thread_status);
+ signal(SIGCHLD, sshpam_oldsig);
+ waitpid(thread, &status, 0);
+ return (status);
+}
+#endif
+
+
+static pam_handle_t *sshpam_handle = NULL;
+static int sshpam_err = 0;
+static int sshpam_authenticated = 0;
+static int sshpam_session_open = 0;
+static int sshpam_cred_established = 0;
+static int sshpam_account_status = -1;
+static char **sshpam_env = NULL;
+static int *force_pwchange;
+
+/* Some PAM implementations don't implement this */
+#ifndef HAVE_PAM_GETENVLIST
+static char **
+pam_getenvlist(pam_handle_t *pamh)
+{
+ /*
+ * XXX - If necessary, we can still support envrionment passing
+ * for platforms without pam_getenvlist by searching for known
+ * env vars (e.g. KRB5CCNAME) from the PAM environment.
+ */
+ return NULL;
+}
+#endif
+
+void
+pam_password_change_required(int reqd)