X-Git-Url: http://git.hungrycats.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=driver%2Fpasswd-pam.c;h=aedd47e294c4e64917b2554a7d32555b3105a3b8;hb=0316d74da7982288abddd34e7a62698eb7f79965;hp=0d14e262313ea8471661d85632d71f78860c110e;hpb=278c59e14c53fd412b734e699bd4f314f766f804;p=xscreensaver diff --git a/driver/passwd-pam.c b/driver/passwd-pam.c index 0d14e262..aedd47e2 100644 --- a/driver/passwd-pam.c +++ b/driver/passwd-pam.c @@ -1,7 +1,7 @@ /* passwd-pam.c --- verifying typed passwords with PAM * (Pluggable Authentication Modules.) * written by Bill Nottingham (and jwz) for - * xscreensaver, Copyright (c) 1993-1998 Jamie Zawinski + * xscreensaver, Copyright (c) 1993-1998, 2000 Jamie Zawinski * * Permission to use, copy, modify, distribute, and sell this software and its * documentation for any purpose is hereby granted without fee, provided that @@ -150,6 +150,8 @@ struct pam_closure { /* On SunOS 5.6, the `pam_conv.appdata_ptr' slot seems to be ignored, and the `closure' argument to pc.conv always comes in as random garbage. So we get around this by using a global variable instead. Shoot me! + + (I've been told this is bug 4092227, and is fixed in Solaris 7.) */ static void *suns_pam_implementation_blows = 0; @@ -215,7 +217,17 @@ pam_passwd_valid_p (const char *typed_passwd, Bool verbose_p) fprintf (stderr, "%s: pam_authenticate (...) ==> %d (%s)\n", blurb(), status, PAM_STRERROR(pamh, status)); if (status == PAM_SUCCESS) /* Win! */ - goto DONE; + { + /* Each time we successfully authenticate, refresh credentials, + for Kerberos/AFS/DCE/etc. If this fails, just ignore that + failure and blunder along; it shouldn't matter. + */ + int status2 = pam_setcred (pamh, PAM_REFRESH_CRED); + if (verbose_p) + fprintf (stderr, "%s: pam_setcred (...) ==> %d (%s)\n", + blurb(), status2, PAM_STRERROR(pamh, status2)); + goto DONE; + } /* If that didn't work, set the user to root, and try to authenticate again. */