* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#include "config.h"
+
#include <sys/types.h>
#include <sys/wait.h>
#include <errno.h>
#include <limits.h>
#include <pwd.h>
-#ifdef HAVE_READPASSPHRASE_H
+#ifdef HAVE_READPASSPHRASE
# include <readpassphrase.h>
#else
-# include "readpassphrase.h"
+# include "sys-readpassphrase.h"
#endif
#include <signal.h>
#include <stdio.h>
#include <security/pam_appl.h>
-#include "includes.h"
+#include "openbsd.h"
+#include "doas.h"
+
+#ifndef HOST_NAME_MAX
+#define HOST_NAME_MAX _POSIX_HOST_NAME_MAX
+#endif
#define PAM_SERVICE_NAME "doas"
for (i = 0; i < nmsgs; i++) {
if (rsp[i].resp == NULL)
continue;
- switch (style = msgs[i]->msg_style) {
+ switch (msgs[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
case PAM_PROMPT_ECHO_ON:
explicit_bzero(rsp[i].resp, strlen(rsp[i].resp));
}
rsp[i].resp = NULL;
}
+ free(rsp);
return PAM_CONV_ERR;
}
if (!interactive)
errx(1, "Authorization required");
-#ifndef HOST_NAME_MAX
-#define HOST_NAME_MAX _POSIX_HOST_NAME_MAX
-#endif
/* doas style prompt for pam */
char host[HOST_NAME_MAX + 1];
if (gethostname(host, sizeof(host)))
warn("pam_set_item(?, PAM_USER, \"%s\"): %s", user,
pam_strerror(pamh, ret));
- ret = pam_setcred(pamh, PAM_ESTABLISH_CRED);
+ ret = pam_setcred(pamh, PAM_REINITIALIZE_CRED);
if (ret != PAM_SUCCESS)
- warn("pam_setcred(?, PAM_ESTABLISH_CRED): %s", pam_strerror(pamh, ret));
+ warn("pam_setcred(?, PAM_REINITIALIZE_CRED): %s", pam_strerror(pamh, ret));
else
cred = 1;
projects / opendoas.git / blobdiff