X-Git-Url: http://git.hungrycats.org/cgi-bin/gitweb.cgi?p=xscreensaver;a=blobdiff_plain;f=driver%2Fpasswd-pam.c;h=a4b132123f7c8ce63078961b80617466efef6a54;hp=7560d1a41ec487175784a56687f81db48495a77b;hb=07faf451b99879183ed7e909e43a0e065be1ee7f;hpb=96bdd7cf6ea60c418a76921acaf0e34d6f5be930

diff --git a/driver/passwd-pam.c b/driver/passwd-pam.c
index 7560d1a4..a4b13212 100644
--- a/driver/passwd-pam.c
+++ b/driver/passwd-pam.c
@@ -89,6 +89,8 @@ struct pam_closure {
   Bool verbose_p;
 };
 
+Bool pam_passwd_valid_p (const char *typed_passwd, Bool verbose_p);
+Bool pam_priv_init (int argc, char **argv, Bool verbose_p);
 
 #ifdef HAVE_PAM_FAIL_DELAY
    /* We handle delays ourself.*/
@@ -246,6 +248,7 @@ pam_passwd_valid_p (const char *typed_passwd, Bool verbose_p)
 
   PAM_NO_DELAY(pamh);
 
+  timeout.tv_sec = 0;
   timeout.tv_nsec = 1;
   set = block_sigchld();
   status = pam_authenticate (pamh, 0);
@@ -257,6 +260,18 @@ pam_passwd_valid_p (const char *typed_passwd, Bool verbose_p)
              blurb(), status, PAM_STRERROR(pamh, status));
   if (status == PAM_SUCCESS)  /* Win! */
     {
+      int status2;
+
+      /* We don't actually care if the account modules fail or succeed,
+       * but we need to run them anyway because certain pam modules
+       * depend on side effects of the account modules getting run.
+       */
+      status2 = pam_acct_mgmt (pamh, 0);
+
+      if (verbose_p)
+        fprintf (stderr, "%s:   pam_acct_mgmt (...) ==> %d (%s)\n",
+                 blurb(), status2, PAM_STRERROR(pamh, status2));
+
       /* Each time we successfully authenticate, refresh credentials,
          for Kerberos/AFS/DCE/etc.  If this fails, just ignore that
          failure and blunder along; it shouldn't matter.
@@ -266,13 +281,14 @@ pam_passwd_valid_p (const char *typed_passwd, Bool verbose_p)
          says that the Linux PAM library ignores that one, and only refreshes
          credentials when using PAM_REINITIALIZE_CRED.
        */
-      int status2 = pam_setcred (pamh, PAM_REINITIALIZE_CRED);
+      status2 = pam_setcred (pamh, PAM_REINITIALIZE_CRED);
       if (verbose_p)
         fprintf (stderr, "%s:   pam_setcred (...) ==> %d (%s)\n",
                  blurb(), status2, PAM_STRERROR(pamh, status2));
       goto DONE;
     }
 
+#ifdef ALLOW_ROOT_PASSWD
   /* If that didn't work, set the user to root, and try to authenticate again.
    */
   if (user) free (user);
@@ -295,6 +311,8 @@ pam_passwd_valid_p (const char *typed_passwd, Bool verbose_p)
     fprintf (stderr, "%s:   pam_authenticate (...) ==> %d (%s)\n",
              blurb(), status, PAM_STRERROR(pamh, status));
 
+#endif /* ALLOW_ROOT_PASSWD */
+
  DONE:
   if (user) free (user);
   if (pamh)
@@ -326,7 +344,11 @@ pam_priv_init (int argc, char **argv, Bool verbose_p)
   const char file2[] = "/etc/pam.conf";
   struct stat st;
 
-  if (stat (dir, &st) == 0 && st.st_mode & S_IFDIR)
+# ifndef S_ISDIR
+#  define S_ISDIR(mode) (((mode) & S_IFMT) == S_IFDIR)
+# endif
+
+  if (stat (dir, &st) == 0 && S_ISDIR(st.st_mode))
     {
       if (stat (file, &st) != 0)
         fprintf (stderr,