X-Git-Url: http://git.hungrycats.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=driver%2Fpasswd-pam.c;h=9e6a7194f3150424abfa87cd61dd87f04ee83d91;hb=82c5080773aae5e72ec155327c075775e023d2ee;hp=a02cf81195226879c57d63e8336a2bd2a55f16af;hpb=df7adbee81405e2849728a24b498ad2117784b1f;p=xscreensaver diff --git a/driver/passwd-pam.c b/driver/passwd-pam.c index a02cf811..9e6a7194 100644 --- a/driver/passwd-pam.c +++ b/driver/passwd-pam.c @@ -1,7 +1,7 @@ /* passwd-pam.c --- verifying typed passwords with PAM * (Pluggable Authentication Modules.) * written by Bill Nottingham (and jwz) for - * xscreensaver, Copyright (c) 1993-1998 Jamie Zawinski + * xscreensaver, Copyright (c) 1993-1998, 2000 Jamie Zawinski * * Permission to use, copy, modify, distribute, and sell this software and its * documentation for any purpose is hereby granted without fee, provided that @@ -152,6 +152,7 @@ struct pam_closure { So we get around this by using a global variable instead. Shoot me! (I've been told this is bug 4092227, and is fixed in Solaris 7.) + (I've also been told that it's fixed in Solaris 2.6 by patch 106257-05.) */ static void *suns_pam_implementation_blows = 0; @@ -217,7 +218,17 @@ pam_passwd_valid_p (const char *typed_passwd, Bool verbose_p) fprintf (stderr, "%s: pam_authenticate (...) ==> %d (%s)\n", blurb(), status, PAM_STRERROR(pamh, status)); if (status == PAM_SUCCESS) /* Win! */ - goto DONE; + { + /* Each time we successfully authenticate, refresh credentials, + for Kerberos/AFS/DCE/etc. If this fails, just ignore that + failure and blunder along; it shouldn't matter. + */ + int status2 = pam_setcred (pamh, PAM_REFRESH_CRED); + if (verbose_p) + fprintf (stderr, "%s: pam_setcred (...) ==> %d (%s)\n", + blurb(), status2, PAM_STRERROR(pamh, status2)); + goto DONE; + } /* If that didn't work, set the user to root, and try to authenticate again. */