X-Git-Url: http://git.hungrycats.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;ds=sidebyside;f=driver%2Fpasswd-pam.c;h=d463bc2de068da1e0129e4f012ed53ce2b08ba60;hb=4361b69d3178d7fc98d0388f9a223af6c2651aba;hp=0c60d50869de4bc54254ee7787c30644b6867fb2;hpb=f8cf5ac7b2f53510f80a0eaf286a25298be17bfe;p=xscreensaver

diff --git a/driver/passwd-pam.c b/driver/passwd-pam.c
index 0c60d508..d463bc2d 100644
--- a/driver/passwd-pam.c
+++ b/driver/passwd-pam.c
@@ -1,7 +1,7 @@
 /* passwd-pam.c --- verifying typed passwords with PAM
  * (Pluggable Authentication Modules.)
  * written by Bill Nottingham <notting@redhat.com> (and jwz) for
- * xscreensaver, Copyright (c) 1993-2012 Jamie Zawinski <jwz@jwz.org>
+ * xscreensaver, Copyright (c) 1993-2017 Jamie Zawinski <jwz@jwz.org>
  *
  * Permission to use, copy, modify, distribute, and sell this software and its
  * documentation for any purpose is hereby granted without fee, provided that
@@ -77,9 +77,12 @@ extern void unblock_sigchld (void);
 /* Some time between Red Hat 4.2 and 7.0, the words were transposed 
    in the various PAM_x_CRED macro names.  Yay!
  */
-#ifndef  PAM_REFRESH_CRED
+#if !defined(PAM_REFRESH_CRED) && defined(PAM_CRED_REFRESH)
 # define PAM_REFRESH_CRED PAM_CRED_REFRESH
 #endif
+#if !defined(PAM_REINITIALIZE_CRED) && defined(PAM_CRED_REINITIALIZE)
+# define PAM_REINITIALIZE_CRED PAM_CRED_REINITIALIZE
+#endif
 
 static int pam_conversation (int nmsgs,
                              const struct pam_message **msg,
@@ -181,8 +184,10 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
   pam_handle_t *pamh = 0;
   int status = -1;
   struct pam_conv pc;
+# ifdef HAVE_SIGTIMEDWAIT
   sigset_t set;
   struct timespec timeout;
+# endif /* HAVE_SIGTIMEDWAIT */
 
   pc.conv = &pam_conversation;
   pc.appdata_ptr = (void *) si;
@@ -240,9 +245,12 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
   if (verbose_p)
     fprintf (stderr, "%s:   pam_authenticate (...) ...\n", blurb());
 
+# ifdef HAVE_SIGTIMEDWAIT
   timeout.tv_sec = 0;
   timeout.tv_nsec = 1;
-  set = block_sigchld();
+  set =
+# endif /* HAVE_SIGTIMEDWAIT */
+    block_sigchld();
   status = pam_authenticate (pamh, 0);
 # ifdef HAVE_SIGTIMEDWAIT
   sigtimedwait (&set, NULL, &timeout);
@@ -306,13 +314,17 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
       /* Each time we successfully authenticate, refresh credentials,
          for Kerberos/AFS/DCE/etc.  If this fails, just ignore that
          failure and blunder along; it shouldn't matter.
-
-         Note: this used to be PAM_REFRESH_CRED instead of
-         PAM_REINITIALIZE_CRED, but Jason Heiss <jheiss@ee.washington.edu>
-         says that the Linux PAM library ignores that one, and only refreshes
-         credentials when using PAM_REINITIALIZE_CRED.
        */
+
+#if defined(__linux__)
+      /* Apparently the Linux PAM library ignores PAM_REFRESH_CRED and only
+         refreshes credentials when using PAM_REINITIALIZE_CRED. */
       status2 = pam_setcred (pamh, PAM_REINITIALIZE_CRED);
+#else
+      /* But Solaris requires PAM_REFRESH_CRED or extra prompts appear. */
+      status2 = pam_setcred (pamh, PAM_REFRESH_CRED);
+#endif
+
       if (verbose_p)
         fprintf (stderr, "%s:   pam_setcred (...) ==> %d (%s)\n",
                  blurb(), status2, PAM_STRERROR(pamh, status2));