X-Git-Url: http://git.hungrycats.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=driver%2Fpasswd-pam.c;h=d6966bdbe618eba3845786a93e18bcd055d0e2f0;hb=40eacb5812ef7c0e3374fb139afbb4f5bc8bbfb5;hp=43f2cbc2cddbaa0ae0d9d6e3815f5ab99a91dc92;hpb=3c58fb6311db49c46f1670922933b27c6ea0c065;p=xscreensaver

diff --git a/driver/passwd-pam.c b/driver/passwd-pam.c
index 43f2cbc2..d6966bdb 100644
--- a/driver/passwd-pam.c
+++ b/driver/passwd-pam.c
@@ -1,7 +1,7 @@
 /* passwd-pam.c --- verifying typed passwords with PAM
  * (Pluggable Authentication Modules.)
  * written by Bill Nottingham <notting@redhat.com> (and jwz) for
- * xscreensaver, Copyright (c) 1993-2001 Jamie Zawinski <jwz@jwz.org>
+ * xscreensaver, Copyright (c) 1993-2002 Jamie Zawinski <jwz@jwz.org>
  *
  * Permission to use, copy, modify, distribute, and sell this software and its
  * documentation for any purpose is hereby granted without fee, provided that
@@ -69,6 +69,13 @@ extern void unblock_sigchld (void);
 #undef countof
 #define countof(x) (sizeof((x))/sizeof(*(x)))
 
+/* Some time between Red Hat 4.2 and 7.0, the words were transposed 
+   in the various PAM_x_CRED macro names.  Yay!
+ */
+#ifndef  PAM_REFRESH_CRED
+# define PAM_REFRESH_CRED PAM_CRED_REFRESH
+#endif
+
 static int pam_conversation (int nmsgs,
                              const struct pam_message **msg,
                              struct pam_response **resp,
@@ -205,11 +212,12 @@ pam_passwd_valid_p (const char *typed_passwd, Bool verbose_p)
      far as PAM is concerned...)
    */
   {
-    const char *tty = ":0.0";
-    status = pam_set_item (pamh, PAM_TTY, strdup(tty));
+    char *tty = strdup (":0.0");
+    status = pam_set_item (pamh, PAM_TTY, tty);
     if (verbose_p)
       fprintf (stderr, "%s:   pam_set_item (p, PAM_TTY, \"%s\") ==> %d (%s)\n",
                blurb(), tty, status, PAM_STRERROR(pamh, status));
+    free (tty);
   }
 
   /* Try to authenticate as the current user.
@@ -246,8 +254,13 @@ pam_passwd_valid_p (const char *typed_passwd, Bool verbose_p)
       /* Each time we successfully authenticate, refresh credentials,
          for Kerberos/AFS/DCE/etc.  If this fails, just ignore that
          failure and blunder along; it shouldn't matter.
+
+         Note: this used to be PAM_REFRESH_CRED instead of
+         PAM_REINITIALIZE_CRED, but Jason Heiss <jheiss@ee.washington.edu>
+         says that the Linux PAM library ignores that one, and only refreshes
+         credentials when using PAM_REINITIALIZE_CRED.
        */
-      int status2 = pam_setcred (pamh, PAM_REFRESH_CRED);
+      int status2 = pam_setcred (pamh, PAM_REINITIALIZE_CRED);
       if (verbose_p)
         fprintf (stderr, "%s:   pam_setcred (...) ==> %d (%s)\n",
                  blurb(), status2, PAM_STRERROR(pamh, status2));
@@ -256,8 +269,10 @@ pam_passwd_valid_p (const char *typed_passwd, Bool verbose_p)
 
   /* If that didn't work, set the user to root, and try to authenticate again.
    */
-  c.user = "root";
-  status = pam_set_item (pamh, PAM_USER, strdup(c.user));
+  if (user) free (user);
+  user = strdup ("root");
+  c.user = user;
+  status = pam_set_item (pamh, PAM_USER, c.user);
   if (verbose_p)
     fprintf (stderr, "%s:   pam_set_item(p, PAM_USER, \"%s\") ==> %d (%s)\n",
              blurb(), c.user, status, PAM_STRERROR(pamh, status));