for (count = 0; count < num_msg; count++) {
switch ((*msg)[count].msg_style) {
case PAM_PROMPT_ECHO_ON:
- fputs((*msg)[count].msg, stderr);
- fgets(buf, sizeof(buf), stdin);
- reply[count].resp = xstrdup(buf);
- reply[count].resp_retcode = PAM_SUCCESS;
- break;
+ if (pamstate == INITIAL_LOGIN) {
+ free(reply);
+ return PAM_CONV_ERR;
+ } else {
+ fputs((*msg)[count].msg, stderr);
+ fgets(buf, sizeof(buf), stdin);
+ reply[count].resp = xstrdup(buf);
+ reply[count].resp_retcode = PAM_SUCCESS;
+ break;
+ }
case PAM_PROMPT_ECHO_OFF:
if (pamstate == INITIAL_LOGIN) {
if (pampasswd == NULL) {
return PAM_CONV_ERR;
}
reply[count].resp = xstrdup(pampasswd);
- } else
- reply[count].resp = xstrdup(read_passphrase((*msg)[count].msg, 1));
+ } else {
+ reply[count].resp =
+ xstrdup(read_passphrase((*msg)[count].msg, 1));
+ }
reply[count].resp_retcode = PAM_SUCCESS;
break;
case PAM_ERROR_MSG:
}
/* Set PAM credentials */
-void do_pam_setcred()
+void do_pam_setcred(void)
{
int pam_retval;
pam_retval = pam_setcred(pamh, PAM_ESTABLISH_CRED);
if (pam_retval != PAM_SUCCESS) {
fatal("PAM setcred failed[%d]: %.200s",
- pam_setcred, PAM_STRERROR(pamh, pam_retval));
+ pam_retval, PAM_STRERROR(pamh, pam_retval));
}
}
+/* accessor function for file scope static variable */
+int pam_password_change_required(void)
+{
+ return password_change_required;
+}
+
/*
* Have user change authentication token if pam_acct_mgmt() indicated
* it was expired. This needs to be called after an interactive
* session is established and the user's pty is connected to
* stdin/stout/stderr.
*/
-void do_pam_chauthtok()
+void do_pam_chauthtok(void)
{
int pam_retval;