4 files changed, 40 insertions, 13 deletions

diff --git a/ChangeLog b/ChangeLog
index 4c016a32b..eb79657af 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,8 +6,10 @@
      key there. show fingerprint instead of public-key after 
      keygeneration. ok niels@
  - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
- - Added timersum() macro
+ - Added timersub() macro
  - Tidy RCSIDs of bsd-*.c
+ - Added autoconf test and macro to deal with old PAM libraries 
+   pam_strerror definition (one arg vs two).
 
 19991121
  - OpenBSD CVS Changes:
diff --git a/acconfig.h b/acconfig.h
index db7fd18b1..6459c6371 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -54,6 +54,10 @@
 /* Define if you want to allow MD5 passwords */
 #undef HAVE_MD5_PASSWORDS
 
+/* Define if you have an old version of PAM which takes only one argument */
+/* to pam_strerror */
+#undef HAVE_OLD_PAM
+
 /* Data types */
 #undef HAVE_QUAD_T
 #undef HAVE_INTXX_T
@@ -195,3 +199,9 @@ enum
    } while (0)
 
 #endif
+
+#ifdef HAVE_OLD_PAM
+# define PAM_STRERROR(a,b) pam_strerror((b))
+#else
+# define PAM_STRERROR(a,b) pam_strerror((a),(b))
+#endif
diff --git a/configure.in b/configure.in
index 1fe0c30b4..0678fa4c8 100644
--- a/configure.in
+++ b/configure.in
@@ -77,7 +77,7 @@ AC_CHECK_SIZEOF(long int, 4)
 AC_CHECK_SIZEOF(long long int, 8)
 
 dnl More checks for data types
-AC_MSG_CHECKING([For quad_t])
+AC_MSG_CHECKING([for quad_t])
 AC_TRY_COMPILE(
         [#include <sys/types.h>], 
         [quad_t a; a = 1235;], 
@@ -88,7 +88,7 @@ AC_TRY_COMPILE(
         [AC_MSG_RESULT(no)]
 ) 
 
-AC_MSG_CHECKING([For intXX_t types])
+AC_MSG_CHECKING([for intXX_t types])
 AC_TRY_COMPILE(
         [#include <sys/types.h>], 
         [int16_t a; int32_t b; a = 1235; b = 1235;], 
@@ -99,7 +99,7 @@ AC_TRY_COMPILE(
         [AC_MSG_RESULT(no)]
 ) 
 
-AC_MSG_CHECKING([For u_intXX_t types])
+AC_MSG_CHECKING([for u_intXX_t types])
 AC_TRY_COMPILE(
         [#include <sys/types.h>], 
         [u_int16_t c; u_int32_t d; c = 1235; d = 1235;], 
@@ -121,6 +121,21 @@ AC_TRY_COMPILE(
         [AC_MSG_RESULT(no)]
 ) 
 
+dnl Check PAM strerror arguments
+AC_MSG_CHECKING([whether pam_strerror takes only one argument])
+AC_TRY_COMPILE(
+        [
+                #include <stdlib.h>
+                #include <security/pam_appl.h>
+        ], 
+        [(void)pam_strerror((pam_handle_t *)NULL, -1);], 
+        [AC_MSG_RESULT(no)],
+        [
+                AC_DEFINE(HAVE_OLD_PAM)
+                AC_MSG_RESULT(yes)
+        ]
+) 
+
 dnl Check whether use wants to disable the external ssh-askpass
 INSTALL_ASKPASS="yes"
 AC_MSG_CHECKING([whether to enable external ssh-askpass support])
diff --git a/sshd.c b/sshd.c
index 5d8fa6dbe..e87810767 100644
--- a/sshd.c
+++ b/sshd.c
@@ -18,7 +18,7 @@ agent connections.
 */
 
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.27 1999/11/21 07:31:57 damien Exp $");
+RCSID("$Id: sshd.c,v 1.28 1999/11/22 03:27:24 damien Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -221,14 +221,14 @@ void pam_cleanup_proc(void *context)
     if (pam_retval != PAM_SUCCESS)
     {
       log("Cannot close PAM session: %.200s", 
-          pam_strerror((pam_handle_t *)pamh, pam_retval));
+          PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
     }
      
     pam_retval = pam_end((pam_handle_t *)pamh, pam_retval);
     if (pam_retval != PAM_SUCCESS)
     {
       log("Cannot release PAM authentication: %.200s", 
-          pam_strerror((pam_handle_t *)pamh, pam_retval));
+          PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
     }
   }
 }
@@ -244,7 +244,7 @@ void do_pam_account_and_session(char *username, char *remote_user,
     pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RHOST, remote_host);
     if (pam_retval != PAM_SUCCESS)
     {
-      log("PAM set rhost failed: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval));
+      log("PAM set rhost failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
            do_fake_authloop(username);
     }
   }
@@ -255,7 +255,7 @@ void do_pam_account_and_session(char *username, char *remote_user,
     pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RUSER, remote_user);
     if (pam_retval != PAM_SUCCESS)
     {
-      log("PAM set ruser failed: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval));
+      log("PAM set ruser failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
            do_fake_authloop(username);
     }
   }
@@ -263,14 +263,14 @@ void do_pam_account_and_session(char *username, char *remote_user,
   pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0);
   if (pam_retval != PAM_SUCCESS)
   {
-    log("PAM rejected by account configuration: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval));
+    log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
          do_fake_authloop(username);
   }
 
   pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
   if (pam_retval != PAM_SUCCESS)
   {
-    log("PAM session setup failed: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval));
+    log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
          do_fake_authloop(username);
   }
 }
@@ -1206,7 +1206,7 @@ do_authentication(char *user)
 
     pam_retval = pam_start("sshd", pw->pw_name, &conv, (pam_handle_t**)&pamh);
     if (pam_retval != PAM_SUCCESS)
-      fatal("PAM initialisation failed: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval));
+      fatal("PAM initialisation failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 
     fatal_add_cleanup(&pam_cleanup_proc, NULL);
   }
@@ -1456,7 +1456,7 @@ do_authloop(struct passwd *pw)
         }
 
         log("PAM Password authentication for \"%.100s\" failed: %s", 
-            pw->pw_name, pam_strerror((pam_handle_t *)pamh, pam_retval));
+            pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
         break;
 #else /* HAVE_LIBPAM */
         /* Try authentication with the password. */