diff options
author | Damien Miller <djm@mindrot.org> | 2001-02-15 11:51:32 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2001-02-15 11:51:32 +1100 |
commit | 646aa60b41c7630fbc4d30811419df3900743302 (patch) | |
tree | 498f929872d06adfcf6458030476d88ac4039bbe | |
parent | e8b5b04521f33d868ac3301802e3dab1f57588fd (diff) |
- (djm) Clean up PAM namespace. Suggested by Darren Moffat
<Darren.Moffat@eng.sun.com>
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | auth-pam.c | 112 | ||||
-rw-r--r-- | auth-pam.h | 6 | ||||
-rw-r--r-- | auth2-pam.c | 4 | ||||
-rw-r--r-- | session.c | 4 |
5 files changed, 66 insertions, 64 deletions
@@ -1,6 +1,8 @@ | |||
1 | 20010215 | 1 | 20010215 |
2 | - (djm) Move PAM session setup back to before setuid to user. Fixes | 2 | - (djm) Move PAM session setup back to before setuid to user. Fixes |
3 | problems on Solaris-derived PAMs. | 3 | problems on Solaris-derived PAMs. |
4 | - (djm) Clean up PAM namespace. Suggested by Darren Moffat | ||
5 | <Darren.Moffat@eng.sun.com> | ||
4 | 6 | ||
5 | 20010214 | 7 | 20010214 |
6 | - (djm) Don't try to close PAM session or delete credentials if the | 8 | - (djm) Don't try to close PAM session or delete credentials if the |
@@ -3929,4 +3931,4 @@ | |||
3929 | - Wrote replacements for strlcpy and mkdtemp | 3931 | - Wrote replacements for strlcpy and mkdtemp |
3930 | - Released 1.0pre1 | 3932 | - Released 1.0pre1 |
3931 | 3933 | ||
3932 | $Id: ChangeLog,v 1.760 2001/02/15 00:32:15 djm Exp $ | 3934 | $Id: ChangeLog,v 1.761 2001/02/15 00:51:32 djm Exp $ |
diff --git a/auth-pam.c b/auth-pam.c index cdaa97ed4..d123d1d89 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -33,7 +33,7 @@ | |||
33 | #include "canohost.h" | 33 | #include "canohost.h" |
34 | #include "readpass.h" | 34 | #include "readpass.h" |
35 | 35 | ||
36 | RCSID("$Id: auth-pam.c,v 1.28 2001/02/13 13:43:56 djm Exp $"); | 36 | RCSID("$Id: auth-pam.c,v 1.29 2001/02/15 00:51:32 djm Exp $"); |
37 | 37 | ||
38 | #define NEW_AUTHTOK_MSG \ | 38 | #define NEW_AUTHTOK_MSG \ |
39 | "Warning: Your password has expired, please change it now" | 39 | "Warning: Your password has expired, please change it now" |
@@ -46,9 +46,9 @@ static struct pam_conv conv = { | |||
46 | do_pam_conversation, | 46 | do_pam_conversation, |
47 | NULL | 47 | NULL |
48 | }; | 48 | }; |
49 | static char *pam_msg = NULL; | 49 | static char *__pam_msg = NULL; |
50 | static pam_handle_t *pamh = NULL; | 50 | static pam_handle_t *__pamh = NULL; |
51 | static const char *pampasswd = NULL; | 51 | static const char *__pampasswd = NULL; |
52 | 52 | ||
53 | /* states for do_pam_conversation() */ | 53 | /* states for do_pam_conversation() */ |
54 | enum { INITIAL_LOGIN, OTHER } pamstate = INITIAL_LOGIN; | 54 | enum { INITIAL_LOGIN, OTHER } pamstate = INITIAL_LOGIN; |
@@ -57,32 +57,32 @@ static int password_change_required = 0; | |||
57 | /* remember whether the last pam_authenticate() succeeded or not */ | 57 | /* remember whether the last pam_authenticate() succeeded or not */ |
58 | static int was_authenticated = 0; | 58 | static int was_authenticated = 0; |
59 | 59 | ||
60 | /* Remember what has been initialised */ | ||
61 | static int session_opened = 0; | ||
62 | static int creds_set = 0; | ||
63 | |||
60 | /* accessor which allows us to switch conversation structs according to | 64 | /* accessor which allows us to switch conversation structs according to |
61 | * the authentication method being used */ | 65 | * the authentication method being used */ |
62 | void pam_set_conv(struct pam_conv *conv) | 66 | void do_pam_set_conv(struct pam_conv *conv) |
63 | { | 67 | { |
64 | pam_set_item(pamh, PAM_CONV, conv); | 68 | pam_set_item(__pamh, PAM_CONV, conv); |
65 | } | 69 | } |
66 | 70 | ||
67 | /* start an authentication run */ | 71 | /* start an authentication run */ |
68 | int do_pam_authenticate(int flags) | 72 | int do_pam_authenticate(int flags) |
69 | { | 73 | { |
70 | int retval = pam_authenticate(pamh, flags); | 74 | int retval = pam_authenticate(__pamh, flags); |
71 | was_authenticated = (retval == PAM_SUCCESS); | 75 | was_authenticated = (retval == PAM_SUCCESS); |
72 | return retval; | 76 | return retval; |
73 | } | 77 | } |
74 | 78 | ||
75 | /* Remember what has been initialised */ | ||
76 | static int session_opened = 0; | ||
77 | static int creds_set = 0; | ||
78 | |||
79 | /* | 79 | /* |
80 | * PAM conversation function. | 80 | * PAM conversation function. |
81 | * There are two states this can run in. | 81 | * There are two states this can run in. |
82 | * | 82 | * |
83 | * INITIAL_LOGIN mode simply feeds the password from the client into | 83 | * INITIAL_LOGIN mode simply feeds the password from the client into |
84 | * PAM in response to PAM_PROMPT_ECHO_OFF, and collects output | 84 | * PAM in response to PAM_PROMPT_ECHO_OFF, and collects output |
85 | * messages with into pam_msg. This is used during initial | 85 | * messages with into __pam_msg. This is used during initial |
86 | * authentication to bypass the normal PAM password prompt. | 86 | * authentication to bypass the normal PAM password prompt. |
87 | * | 87 | * |
88 | * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase(prompt, 1) | 88 | * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase(prompt, 1) |
@@ -112,17 +112,17 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg, | |||
112 | free(reply); | 112 | free(reply); |
113 | return PAM_CONV_ERR; | 113 | return PAM_CONV_ERR; |
114 | case PAM_PROMPT_ECHO_OFF: | 114 | case PAM_PROMPT_ECHO_OFF: |
115 | if (pampasswd == NULL) { | 115 | if (__pampasswd == NULL) { |
116 | free(reply); | 116 | free(reply); |
117 | return PAM_CONV_ERR; | 117 | return PAM_CONV_ERR; |
118 | } | 118 | } |
119 | reply[count].resp = xstrdup(pampasswd); | 119 | reply[count].resp = xstrdup(__pampasswd); |
120 | reply[count].resp_retcode = PAM_SUCCESS; | 120 | reply[count].resp_retcode = PAM_SUCCESS; |
121 | break; | 121 | break; |
122 | case PAM_ERROR_MSG: | 122 | case PAM_ERROR_MSG: |
123 | case PAM_TEXT_INFO: | 123 | case PAM_TEXT_INFO: |
124 | if ((*msg)[count].msg != NULL) { | 124 | if ((*msg)[count].msg != NULL) { |
125 | message_cat(&pam_msg, | 125 | message_cat(&__pam_msg, |
126 | PAM_MSG_MEMBER(msg, count, msg)); | 126 | PAM_MSG_MEMBER(msg, count, msg)); |
127 | } | 127 | } |
128 | reply[count].resp = xstrdup(""); | 128 | reply[count].resp = xstrdup(""); |
@@ -170,29 +170,29 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg, | |||
170 | } | 170 | } |
171 | 171 | ||
172 | /* Called at exit to cleanly shutdown PAM */ | 172 | /* Called at exit to cleanly shutdown PAM */ |
173 | void pam_cleanup_proc(void *context) | 173 | void do_pam_cleanup_proc(void *context) |
174 | { | 174 | { |
175 | int pam_retval; | 175 | int pam_retval; |
176 | 176 | ||
177 | if (pamh && session_opened) { | 177 | if (__pamh && session_opened) { |
178 | pam_retval = pam_close_session(pamh, 0); | 178 | pam_retval = pam_close_session(__pamh, 0); |
179 | if (pam_retval != PAM_SUCCESS) | 179 | if (pam_retval != PAM_SUCCESS) |
180 | log("Cannot close PAM session[%d]: %.200s", | 180 | log("Cannot close PAM session[%d]: %.200s", |
181 | pam_retval, PAM_STRERROR(pamh, pam_retval)); | 181 | pam_retval, PAM_STRERROR(__pamh, pam_retval)); |
182 | } | 182 | } |
183 | 183 | ||
184 | if (pamh && creds_set) { | 184 | if (__pamh && creds_set) { |
185 | pam_retval = pam_setcred(pamh, PAM_DELETE_CRED); | 185 | pam_retval = pam_setcred(__pamh, PAM_DELETE_CRED); |
186 | if (pam_retval != PAM_SUCCESS) | 186 | if (pam_retval != PAM_SUCCESS) |
187 | debug("Cannot delete credentials[%d]: %.200s", | 187 | debug("Cannot delete credentials[%d]: %.200s", |
188 | pam_retval, PAM_STRERROR(pamh, pam_retval)); | 188 | pam_retval, PAM_STRERROR(__pamh, pam_retval)); |
189 | } | 189 | } |
190 | 190 | ||
191 | if (pamh) { | 191 | if (__pamh) { |
192 | pam_retval = pam_end(pamh, pam_retval); | 192 | pam_retval = pam_end(__pamh, pam_retval); |
193 | if (pam_retval != PAM_SUCCESS) | 193 | if (pam_retval != PAM_SUCCESS) |
194 | log("Cannot release PAM authentication[%d]: %.200s", | 194 | log("Cannot release PAM authentication[%d]: %.200s", |
195 | pam_retval, PAM_STRERROR(pamh, pam_retval)); | 195 | pam_retval, PAM_STRERROR(__pamh, pam_retval)); |
196 | } | 196 | } |
197 | } | 197 | } |
198 | 198 | ||
@@ -202,7 +202,7 @@ int auth_pam_password(struct passwd *pw, const char *password) | |||
202 | extern ServerOptions options; | 202 | extern ServerOptions options; |
203 | int pam_retval; | 203 | int pam_retval; |
204 | 204 | ||
205 | pam_set_conv(&conv); | 205 | do_pam_set_conv(&conv); |
206 | 206 | ||
207 | /* deny if no user. */ | 207 | /* deny if no user. */ |
208 | if (pw == NULL) | 208 | if (pw == NULL) |
@@ -212,7 +212,7 @@ int auth_pam_password(struct passwd *pw, const char *password) | |||
212 | if (*password == '\0' && options.permit_empty_passwd == 0) | 212 | if (*password == '\0' && options.permit_empty_passwd == 0) |
213 | return 0; | 213 | return 0; |
214 | 214 | ||
215 | pampasswd = password; | 215 | __pampasswd = password; |
216 | 216 | ||
217 | pamstate = INITIAL_LOGIN; | 217 | pamstate = INITIAL_LOGIN; |
218 | pam_retval = do_pam_authenticate(0); | 218 | pam_retval = do_pam_authenticate(0); |
@@ -223,7 +223,7 @@ int auth_pam_password(struct passwd *pw, const char *password) | |||
223 | } else { | 223 | } else { |
224 | debug("PAM Password authentication for \"%.100s\" " | 224 | debug("PAM Password authentication for \"%.100s\" " |
225 | "failed[%d]: %s", pw->pw_name, pam_retval, | 225 | "failed[%d]: %s", pw->pw_name, pam_retval, |
226 | PAM_STRERROR(pamh, pam_retval)); | 226 | PAM_STRERROR(__pamh, pam_retval)); |
227 | return 0; | 227 | return 0; |
228 | } | 228 | } |
229 | } | 229 | } |
@@ -233,29 +233,29 @@ int do_pam_account(char *username, char *remote_user) | |||
233 | { | 233 | { |
234 | int pam_retval; | 234 | int pam_retval; |
235 | 235 | ||
236 | pam_set_conv(&conv); | 236 | do_pam_set_conv(&conv); |
237 | 237 | ||
238 | if (remote_user) { | 238 | if (remote_user) { |
239 | debug("PAM setting ruser to \"%.200s\"", remote_user); | 239 | debug("PAM setting ruser to \"%.200s\"", remote_user); |
240 | pam_retval = pam_set_item(pamh, PAM_RUSER, remote_user); | 240 | pam_retval = pam_set_item(__pamh, PAM_RUSER, remote_user); |
241 | if (pam_retval != PAM_SUCCESS) | 241 | if (pam_retval != PAM_SUCCESS) |
242 | fatal("PAM set ruser failed[%d]: %.200s", pam_retval, | 242 | fatal("PAM set ruser failed[%d]: %.200s", pam_retval, |
243 | PAM_STRERROR(pamh, pam_retval)); | 243 | PAM_STRERROR(__pamh, pam_retval)); |
244 | } | 244 | } |
245 | 245 | ||
246 | pam_retval = pam_acct_mgmt(pamh, 0); | 246 | pam_retval = pam_acct_mgmt(__pamh, 0); |
247 | switch (pam_retval) { | 247 | switch (pam_retval) { |
248 | case PAM_SUCCESS: | 248 | case PAM_SUCCESS: |
249 | /* This is what we want */ | 249 | /* This is what we want */ |
250 | break; | 250 | break; |
251 | case PAM_NEW_AUTHTOK_REQD: | 251 | case PAM_NEW_AUTHTOK_REQD: |
252 | message_cat(&pam_msg, NEW_AUTHTOK_MSG); | 252 | message_cat(&__pam_msg, NEW_AUTHTOK_MSG); |
253 | /* flag that password change is necessary */ | 253 | /* flag that password change is necessary */ |
254 | password_change_required = 1; | 254 | password_change_required = 1; |
255 | break; | 255 | break; |
256 | default: | 256 | default: |
257 | log("PAM rejected by account configuration[%d]: " | 257 | log("PAM rejected by account configuration[%d]: " |
258 | "%.200s", pam_retval, PAM_STRERROR(pamh, | 258 | "%.200s", pam_retval, PAM_STRERROR(__pamh, |
259 | pam_retval)); | 259 | pam_retval)); |
260 | return(0); | 260 | return(0); |
261 | } | 261 | } |
@@ -270,16 +270,16 @@ void do_pam_session(char *username, const char *ttyname) | |||
270 | 270 | ||
271 | if (ttyname != NULL) { | 271 | if (ttyname != NULL) { |
272 | debug("PAM setting tty to \"%.200s\"", ttyname); | 272 | debug("PAM setting tty to \"%.200s\"", ttyname); |
273 | pam_retval = pam_set_item(pamh, PAM_TTY, ttyname); | 273 | pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname); |
274 | if (pam_retval != PAM_SUCCESS) | 274 | if (pam_retval != PAM_SUCCESS) |
275 | fatal("PAM set tty failed[%d]: %.200s", | 275 | fatal("PAM set tty failed[%d]: %.200s", |
276 | pam_retval, PAM_STRERROR(pamh, pam_retval)); | 276 | pam_retval, PAM_STRERROR(__pamh, pam_retval)); |
277 | } | 277 | } |
278 | 278 | ||
279 | pam_retval = pam_open_session(pamh, 0); | 279 | pam_retval = pam_open_session(__pamh, 0); |
280 | if (pam_retval != PAM_SUCCESS) | 280 | if (pam_retval != PAM_SUCCESS) |
281 | fatal("PAM session setup failed[%d]: %.200s", | 281 | fatal("PAM session setup failed[%d]: %.200s", |
282 | pam_retval, PAM_STRERROR(pamh, pam_retval)); | 282 | pam_retval, PAM_STRERROR(__pamh, pam_retval)); |
283 | session_opened = 1; | 283 | session_opened = 1; |
284 | } | 284 | } |
285 | 285 | ||
@@ -289,20 +289,20 @@ void do_pam_setcred(void) | |||
289 | int pam_retval; | 289 | int pam_retval; |
290 | 290 | ||
291 | debug("PAM establishing creds"); | 291 | debug("PAM establishing creds"); |
292 | pam_retval = pam_setcred(pamh, PAM_ESTABLISH_CRED); | 292 | pam_retval = pam_setcred(__pamh, PAM_ESTABLISH_CRED); |
293 | if (pam_retval != PAM_SUCCESS) { | 293 | if (pam_retval != PAM_SUCCESS) { |
294 | if (was_authenticated) | 294 | if (was_authenticated) |
295 | fatal("PAM setcred failed[%d]: %.200s", | 295 | fatal("PAM setcred failed[%d]: %.200s", |
296 | pam_retval, PAM_STRERROR(pamh, pam_retval)); | 296 | pam_retval, PAM_STRERROR(__pamh, pam_retval)); |
297 | else | 297 | else |
298 | debug("PAM setcred failed[%d]: %.200s", | 298 | debug("PAM setcred failed[%d]: %.200s", |
299 | pam_retval, PAM_STRERROR(pamh, pam_retval)); | 299 | pam_retval, PAM_STRERROR(__pamh, pam_retval)); |
300 | } else | 300 | } else |
301 | creds_set = 1; | 301 | creds_set = 1; |
302 | } | 302 | } |
303 | 303 | ||
304 | /* accessor function for file scope static variable */ | 304 | /* accessor function for file scope static variable */ |
305 | int pam_password_change_required(void) | 305 | int is_pam_password_change_required(void) |
306 | { | 306 | { |
307 | return password_change_required; | 307 | return password_change_required; |
308 | } | 308 | } |
@@ -321,11 +321,11 @@ void do_pam_chauthtok(void) | |||
321 | pamstate = OTHER; | 321 | pamstate = OTHER; |
322 | /* XXX: should we really loop forever? */ | 322 | /* XXX: should we really loop forever? */ |
323 | do { | 323 | do { |
324 | pam_retval = pam_chauthtok(pamh, | 324 | pam_retval = pam_chauthtok(__pamh, |
325 | PAM_CHANGE_EXPIRED_AUTHTOK); | 325 | PAM_CHANGE_EXPIRED_AUTHTOK); |
326 | if (pam_retval != PAM_SUCCESS) | 326 | if (pam_retval != PAM_SUCCESS) |
327 | log("PAM pam_chauthtok failed[%d]: %.200s", | 327 | log("PAM pam_chauthtok failed[%d]: %.200s", |
328 | pam_retval, PAM_STRERROR(pamh, pam_retval)); | 328 | pam_retval, PAM_STRERROR(__pamh, pam_retval)); |
329 | } while (pam_retval != PAM_SUCCESS); | 329 | } while (pam_retval != PAM_SUCCESS); |
330 | } | 330 | } |
331 | } | 331 | } |
@@ -333,8 +333,8 @@ void do_pam_chauthtok(void) | |||
333 | /* Cleanly shutdown PAM */ | 333 | /* Cleanly shutdown PAM */ |
334 | void finish_pam(void) | 334 | void finish_pam(void) |
335 | { | 335 | { |
336 | pam_cleanup_proc(NULL); | 336 | do_pam_cleanup_proc(NULL); |
337 | fatal_remove_cleanup(&pam_cleanup_proc, NULL); | 337 | fatal_remove_cleanup(&do_pam_cleanup_proc, NULL); |
338 | } | 338 | } |
339 | 339 | ||
340 | /* Start PAM authentication for specified account */ | 340 | /* Start PAM authentication for specified account */ |
@@ -345,19 +345,19 @@ void start_pam(const char *user) | |||
345 | 345 | ||
346 | debug("Starting up PAM with username \"%.200s\"", user); | 346 | debug("Starting up PAM with username \"%.200s\"", user); |
347 | 347 | ||
348 | pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &pamh); | 348 | pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &__pamh); |
349 | 349 | ||
350 | if (pam_retval != PAM_SUCCESS) | 350 | if (pam_retval != PAM_SUCCESS) |
351 | fatal("PAM initialisation failed[%d]: %.200s", | 351 | fatal("PAM initialisation failed[%d]: %.200s", |
352 | pam_retval, PAM_STRERROR(pamh, pam_retval)); | 352 | pam_retval, PAM_STRERROR(__pamh, pam_retval)); |
353 | 353 | ||
354 | debug("PAM setting rhost to \"%.200s\"", | 354 | debug("PAM setting rhost to \"%.200s\"", |
355 | get_canonical_hostname(options.reverse_mapping_check)); | 355 | get_canonical_hostname(options.reverse_mapping_check)); |
356 | pam_retval = pam_set_item(pamh, PAM_RHOST, | 356 | pam_retval = pam_set_item(__pamh, PAM_RHOST, |
357 | get_canonical_hostname(options.reverse_mapping_check)); | 357 | get_canonical_hostname(options.reverse_mapping_check)); |
358 | if (pam_retval != PAM_SUCCESS) | 358 | if (pam_retval != PAM_SUCCESS) |
359 | fatal("PAM set rhost failed[%d]: %.200s", pam_retval, | 359 | fatal("PAM set rhost failed[%d]: %.200s", pam_retval, |
360 | PAM_STRERROR(pamh, pam_retval)); | 360 | PAM_STRERROR(__pamh, pam_retval)); |
361 | #ifdef PAM_TTY_KLUDGE | 361 | #ifdef PAM_TTY_KLUDGE |
362 | /* | 362 | /* |
363 | * Some PAM modules (e.g. pam_time) require a TTY to operate, | 363 | * Some PAM modules (e.g. pam_time) require a TTY to operate, |
@@ -366,20 +366,20 @@ void start_pam(const char *user) | |||
366 | * not even need one (for tty-less connections) | 366 | * not even need one (for tty-less connections) |
367 | * Kludge: Set a fake PAM_TTY | 367 | * Kludge: Set a fake PAM_TTY |
368 | */ | 368 | */ |
369 | pam_retval = pam_set_item(pamh, PAM_TTY, "ssh"); | 369 | pam_retval = pam_set_item(__pamh, PAM_TTY, "ssh"); |
370 | if (pam_retval != PAM_SUCCESS) | 370 | if (pam_retval != PAM_SUCCESS) |
371 | fatal("PAM set tty failed[%d]: %.200s", | 371 | fatal("PAM set tty failed[%d]: %.200s", |
372 | pam_retval, PAM_STRERROR(pamh, pam_retval)); | 372 | pam_retval, PAM_STRERROR(__pamh, pam_retval)); |
373 | #endif /* PAM_TTY_KLUDGE */ | 373 | #endif /* PAM_TTY_KLUDGE */ |
374 | 374 | ||
375 | fatal_add_cleanup(&pam_cleanup_proc, NULL); | 375 | fatal_add_cleanup(&do_pam_cleanup_proc, NULL); |
376 | } | 376 | } |
377 | 377 | ||
378 | /* Return list of PAM enviornment strings */ | 378 | /* Return list of PAM enviornment strings */ |
379 | char **fetch_pam_environment(void) | 379 | char **fetch_pam_environment(void) |
380 | { | 380 | { |
381 | #ifdef HAVE_PAM_GETENVLIST | 381 | #ifdef HAVE_PAM_GETENVLIST |
382 | return(pam_getenvlist(pamh)); | 382 | return(pam_getenvlist(__pamh)); |
383 | #else /* HAVE_PAM_GETENVLIST */ | 383 | #else /* HAVE_PAM_GETENVLIST */ |
384 | return(NULL); | 384 | return(NULL); |
385 | #endif /* HAVE_PAM_GETENVLIST */ | 385 | #endif /* HAVE_PAM_GETENVLIST */ |
@@ -389,8 +389,8 @@ char **fetch_pam_environment(void) | |||
389 | /* or account checking to stderr */ | 389 | /* or account checking to stderr */ |
390 | void print_pam_messages(void) | 390 | void print_pam_messages(void) |
391 | { | 391 | { |
392 | if (pam_msg != NULL) | 392 | if (__pam_msg != NULL) |
393 | fputs(pam_msg, stderr); | 393 | fputs(__pam_msg, stderr); |
394 | } | 394 | } |
395 | 395 | ||
396 | /* Append a message to buffer */ | 396 | /* Append a message to buffer */ |
diff --git a/auth-pam.h b/auth-pam.h index a921ee078..1cf85c0f1 100644 --- a/auth-pam.h +++ b/auth-pam.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: auth-pam.h,v 1.9 2001/02/09 01:55:36 djm Exp $ */ | 1 | /* $Id: auth-pam.h,v 1.10 2001/02/15 00:51:32 djm Exp $ */ |
2 | 2 | ||
3 | #include "includes.h" | 3 | #include "includes.h" |
4 | #ifdef USE_PAM | 4 | #ifdef USE_PAM |
@@ -14,9 +14,9 @@ int do_pam_account(char *username, char *remote_user); | |||
14 | void do_pam_session(char *username, const char *ttyname); | 14 | void do_pam_session(char *username, const char *ttyname); |
15 | void do_pam_setcred(void); | 15 | void do_pam_setcred(void); |
16 | void print_pam_messages(void); | 16 | void print_pam_messages(void); |
17 | int pam_password_change_required(void); | 17 | int is_pam_password_change_required(void); |
18 | void do_pam_chauthtok(void); | 18 | void do_pam_chauthtok(void); |
19 | void pam_set_conv(struct pam_conv *); | 19 | void do_pam_set_conv(struct pam_conv *); |
20 | void message_cat(char **p, const char *a); | 20 | void message_cat(char **p, const char *a); |
21 | 21 | ||
22 | #endif /* USE_PAM */ | 22 | #endif /* USE_PAM */ |
diff --git a/auth2-pam.c b/auth2-pam.c index 24e0e0406..79bd4a813 100644 --- a/auth2-pam.c +++ b/auth2-pam.c | |||
@@ -1,5 +1,5 @@ | |||
1 | #include "includes.h" | 1 | #include "includes.h" |
2 | RCSID("$Id: auth2-pam.c,v 1.8 2001/02/07 01:58:33 djm Exp $"); | 2 | RCSID("$Id: auth2-pam.c,v 1.9 2001/02/15 00:51:32 djm Exp $"); |
3 | 3 | ||
4 | #ifdef USE_PAM | 4 | #ifdef USE_PAM |
5 | #include <security/pam_appl.h> | 5 | #include <security/pam_appl.h> |
@@ -38,7 +38,7 @@ auth2_pam(Authctxt *authctxt) | |||
38 | fatal("auth2_pam: internal error: no user"); | 38 | fatal("auth2_pam: internal error: no user"); |
39 | 39 | ||
40 | conv2.appdata_ptr = authctxt; | 40 | conv2.appdata_ptr = authctxt; |
41 | pam_set_conv(&conv2); | 41 | do_pam_set_conv(&conv2); |
42 | 42 | ||
43 | dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, | 43 | dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, |
44 | &input_userauth_info_response_pam); | 44 | &input_userauth_info_response_pam); |
@@ -719,7 +719,7 @@ do_login(Session *s, const char *command) | |||
719 | * If password change is needed, do it now. | 719 | * If password change is needed, do it now. |
720 | * This needs to occur before the ~/.hushlogin check. | 720 | * This needs to occur before the ~/.hushlogin check. |
721 | */ | 721 | */ |
722 | if (pam_password_change_required()) { | 722 | if (is_pam_password_change_required()) { |
723 | print_pam_messages(); | 723 | print_pam_messages(); |
724 | do_pam_chauthtok(); | 724 | do_pam_chauthtok(); |
725 | } | 725 | } |
@@ -737,7 +737,7 @@ do_login(Session *s, const char *command) | |||
737 | return; | 737 | return; |
738 | 738 | ||
739 | #ifdef USE_PAM | 739 | #ifdef USE_PAM |
740 | if (!pam_password_change_required()) | 740 | if (!is_pam_password_change_required()) |
741 | print_pam_messages(); | 741 | print_pam_messages(); |
742 | #endif /* USE_PAM */ | 742 | #endif /* USE_PAM */ |
743 | #ifdef WITH_AIXAUTHENTICATE | 743 | #ifdef WITH_AIXAUTHENTICATE |