Enable style option only if bsd_auth.h is available

[opendoas.git] / libopenbsd / auth_userokay.c

diff --git a/libopenbsd/auth_userokay.c b/libopenbsd/auth_userokay.c
index ab3d5e08fceb9bbd72282e076ab47ca8d7366b98..6a9841b3b198a343103c3e31227822a80585bb3f 100644 (file)
--- a/libopenbsd/auth_userokay.c
+++ b/libopenbsd/auth_userokay.c
@@ -18,18 +18,15 @@
 #include <err.h>
 #include <errno.h>
 #include <pwd.h>
-#include <readpassphrase.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
 #include <security/pam_appl.h>
 
-#include "openbsd.h"
+#include "includes.h"
 
-#define PAM_SERVICE "sudo"
-
-#define __UNUSED __attribute__ ((unused))
+#define PAM_SERVICE_NAME "doas"
 
 static char *
 pam_prompt(const char *msg, int echo_on, int *pam)
@@ -96,17 +93,20 @@ auth_userokay(char *name, char *style, char *type, char *password)
        if (style || type || password)
                errx(1, "auth_userokay(name, NULL, NULL, NULL)!\n");
 
-       ret = pam_start(PAM_SERVICE, name, &conv, &pamh);
+       ret = pam_start(PAM_SERVICE_NAME, name, &conv, &pamh);
        if (ret != PAM_SUCCESS)
                errx(1, "pam_start(\"%s\", \"%s\", ?, ?): failed\n",
-                               PAM_SERVICE, name);
+                               PAM_SERVICE_NAME, name);
 
        auth = pam_authenticate(pamh, 0);
 
+       ret = pam_open_session(pamh, 0);
+       if (ret != PAM_SUCCESS)
+               errx(1, "pam_open_session(): %s\n", pam_strerror(pamh, ret));
+
        ret = pam_close_session(pamh, 0);
        if (ret != PAM_SUCCESS)
                errx(1, "pam_close_session(): %s\n", pam_strerror(pamh, ret));
 
        return auth == PAM_SUCCESS;
 }
-