- deraadt@cvs.openbsd.org 2002/07/06 01:00:49

[openssh.git] / auth-pam.c

diff --git a/auth-pam.c b/auth-pam.c
index 0740fcef22139953bfacbc36dcd10845c7b7e155..ae5175272c397226bdb924ed3e10680461475c24 100644 (file)
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -100,9 +100,7 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg,
        char buf[1024];
 
        /* PAM will free this later */
-       reply = malloc(num_msg * sizeof(*reply));
-       if (reply == NULL)
-               return PAM_CONV_ERR;
+       reply = xmalloc(num_msg * sizeof(*reply));
 
        for (count = 0; count < num_msg; count++) {
                if (pamstate == INITIAL_LOGIN) {
@@ -112,11 +110,11 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg,
                         */
                        switch(PAM_MSG_MEMBER(msg, count, msg_style)) {
                        case PAM_PROMPT_ECHO_ON:
-                               free(reply);
+                               xfree(reply);
                                return PAM_CONV_ERR;
                        case PAM_PROMPT_ECHO_OFF:
                                if (__pampasswd == NULL) {
-                                       free(reply);
+                                       xfree(reply);
                                        return PAM_CONV_ERR;
                                }
                                reply[count].resp = xstrdup(__pampasswd);
@@ -124,7 +122,7 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg,
                                break;
                        case PAM_ERROR_MSG:
                        case PAM_TEXT_INFO:
-                               if ((*msg)[count].msg != NULL) {
+                               if (PAM_MSG_MEMBER(msg, count, msg) != NULL) {
                                        message_cat(&__pam_msg, 
                                            PAM_MSG_MEMBER(msg, count, msg));
                                }
@@ -132,7 +130,7 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg,
                                reply[count].resp_retcode = PAM_SUCCESS;
                                break;
                        default:
-                               free(reply);
+                               xfree(reply);
                                return PAM_CONV_ERR;
                        }
                } else {
@@ -161,7 +159,7 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg,
                                reply[count].resp_retcode = PAM_SUCCESS;
                                break;
                        default:
-                               free(reply);
+                               xfree(reply);
                                return PAM_CONV_ERR;
                        }
                }
@@ -249,15 +247,18 @@ int do_pam_account(char *username, char *remote_user)
        }
 
        pam_retval = pam_acct_mgmt(__pamh, 0);
+       debug2("pam_acct_mgmt() = %d", pam_retval);
        switch (pam_retval) {
                case PAM_SUCCESS:
                        /* This is what we want */
                        break;
+#if 0
                case PAM_NEW_AUTHTOK_REQD:
                        message_cat(&__pam_msg, NEW_AUTHTOK_MSG);
                        /* flag that password change is necessary */
                        password_change_required = 1;
                        break;
+#endif
                default:
                        log("PAM rejected by account configuration[%d]: "
                            "%.200s", pam_retval, PAM_STRERROR(__pamh, 
@@ -296,6 +297,9 @@ void do_pam_setcred(int init)
 {
        int pam_retval;
 
+       if (__pamh == NULL)
+               return;
+
        do_pam_set_conv(&conv);
 
        debug("PAM establishing creds");