+++ /dev/null
-Index: auth-pam.c
-===================================================================
-RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.c,v
-retrieving revision 1.97
-diff -u -p -r1.97 auth-pam.c
---- auth-pam.c 4 Mar 2004 09:03:54 -0000 1.97
-+++ auth-pam.c 4 Mar 2004 10:53:12 -0000
-@@ -160,7 +160,7 @@ static int sshpam_session_open = 0;
- static int sshpam_cred_established = 0;
- static int sshpam_account_status = -1;
- static char **sshpam_env = NULL;
--static int *force_pwchange;
-+static Authctxt *the_authctxt = NULL;
-
- /* Some PAM implementations don't implement this */
- #ifndef HAVE_PAM_GETENVLIST
-@@ -180,7 +180,9 @@ void
- pam_password_change_required(int reqd)
- {
- debug3("%s %d", __func__, reqd);
-- *force_pwchange = reqd;
-+ if (the_authctxt == NULL)
-+ fatal("%s: PAM authctxt not initialized", __func__);
-+ the_authctxt->force_pwchange = reqd;
- if (reqd) {
- no_port_forwarding_flag |= 2;
- no_agent_forwarding_flag |= 2;
-@@ -339,6 +341,9 @@ sshpam_thread(void *ctxtp)
- sshpam_conv.conv = sshpam_thread_conv;
- sshpam_conv.appdata_ptr = ctxt;
-
-+ if (the_authctxt == NULL)
-+ fatal("%s: PAM authctxt not initialized", __func__);
-+
- buffer_init(&buffer);
- sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
- (const void *)&sshpam_conv);
-@@ -351,7 +356,7 @@ sshpam_thread(void *ctxtp)
- if (compat20) {
- if (!do_pam_account())
- goto auth_fail;
-- if (*force_pwchange) {
-+ if (the_authctxt->force_pwchange) {
- sshpam_err = pam_chauthtok(sshpam_handle,
- PAM_CHANGE_EXPIRED_AUTHTOK);
- if (sshpam_err != PAM_SUCCESS)
-@@ -365,7 +370,7 @@ sshpam_thread(void *ctxtp)
- #ifndef USE_POSIX_THREADS
- /* Export variables set by do_pam_account */
- buffer_put_int(&buffer, sshpam_account_status);
-- buffer_put_int(&buffer, *force_pwchange);
-+ buffer_put_int(&buffer, the_authctxt->force_pwchange);
-
- /* Export any environment strings set in child */
- for(i = 0; environ[i] != NULL; i++)
-@@ -446,11 +451,11 @@ sshpam_cleanup(void)
- }
-
- static int
--sshpam_init(const char *user)
-+sshpam_init(Authctxt *authctxt)
- {
- extern u_int utmp_len;
- extern char *__progname;
-- const char *pam_rhost, *pam_user;
-+ const char *pam_rhost, *pam_user, *user = authctxt->user;
-
- if (sshpam_handle != NULL) {
- /* We already have a PAM context; check if the user matches */
-@@ -464,6 +469,8 @@ sshpam_init(const char *user)
- debug("PAM: initializing for \"%s\"", user);
- sshpam_err =
- pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle);
-+ the_authctxt = authctxt;
-+
- if (sshpam_err != PAM_SUCCESS) {
- pam_end(sshpam_handle, sshpam_err);
- sshpam_handle = NULL;
-@@ -506,7 +513,7 @@ sshpam_init_ctx(Authctxt *authctxt)
- return NULL;
-
- /* Initialize PAM */
-- if (sshpam_init(authctxt->user) == -1) {
-+ if (sshpam_init(authctxt) == -1) {
- error("PAM: initialization failed");
- return (NULL);
- }
-@@ -514,8 +521,6 @@ sshpam_init_ctx(Authctxt *authctxt)
- ctxt = xmalloc(sizeof *ctxt);
- memset(ctxt, 0, sizeof(*ctxt));
-
-- force_pwchange = &(authctxt->force_pwchange);
--
- /* Start the authentication thread */
- if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) {
- error("PAM: failed create sockets: %s", strerror(errno));
-@@ -674,12 +679,12 @@ KbdintDevice mm_sshpam_device = {
- * This replaces auth-pam.c
- */
- void
--start_pam(const char *user)
-+start_pam(Authctxt *authctxt)
- {
- if (!options.use_pam)
- fatal("PAM: initialisation requested when UsePAM=no");
-
-- if (sshpam_init(user) == -1)
-+ if (sshpam_init(authctxt) == -1)
- fatal("PAM: initialisation failed");
- }
-
-Index: auth-pam.h
-===================================================================
-RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.h,v
-retrieving revision 1.24
-diff -u -p -r1.24 auth-pam.h
---- auth-pam.h 10 Feb 2004 02:23:29 -0000 1.24
-+++ auth-pam.h 1 Mar 2004 07:32:06 -0000
-@@ -31,7 +31,7 @@
- # define SSHD_PAM_SERVICE __progname
- #endif
-
--void start_pam(const char *);
-+void start_pam(Authctxt *);
- void finish_pam(void);
- u_int do_pam_account(void);
- void do_pam_session(void);
-Index: auth1.c
-===================================================================
-RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth1.c,v
-retrieving revision 1.96
-diff -u -p -r1.96 auth1.c
---- auth1.c 22 Nov 2003 03:15:30 -0000 1.96
-+++ auth1.c 1 Mar 2004 07:32:06 -0000
-@@ -307,7 +307,7 @@ do_authentication(Authctxt *authctxt)
-
- #ifdef USE_PAM
- if (options.use_pam)
-- PRIVSEP(start_pam(user));
-+ PRIVSEP(start_pam(authctxt));
- #endif
-
- /*
-Index: auth2.c
-===================================================================
-RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth2.c,v
-retrieving revision 1.126
-diff -u -p -r1.126 auth2.c
---- auth2.c 17 Nov 2003 10:13:41 -0000 1.126
-+++ auth2.c 1 Mar 2004 07:32:06 -0000
-@@ -150,24 +150,24 @@ input_userauth_request(int type, u_int32
- if (authctxt->attempt++ == 0) {
- /* setup auth context */
- authctxt->pw = PRIVSEP(getpwnamallow(user));
-+ authctxt->user = xstrdup(user);
- if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
- authctxt->valid = 1;
- debug2("input_userauth_request: setting up authctxt for %s", user);
- #ifdef USE_PAM
- if (options.use_pam)
-- PRIVSEP(start_pam(authctxt->pw->pw_name));
-+ PRIVSEP(start_pam(authctxt));
- #endif
- } else {
- logit("input_userauth_request: illegal user %s", user);
- authctxt->pw = fakepw();
- #ifdef USE_PAM
- if (options.use_pam)
-- PRIVSEP(start_pam(user));
-+ PRIVSEP(start_pam(authctxt));
- #endif
- }
- setproctitle("%s%s", authctxt->pw ? user : "unknown",
- use_privsep ? " [net]" : "");
-- authctxt->user = xstrdup(user);
- authctxt->service = xstrdup(service);
- authctxt->style = style ? xstrdup(style) : NULL;
- if (use_privsep)
-Index: monitor.c
-===================================================================
-RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/monitor.c,v
-retrieving revision 1.64
-diff -u -p -r1.64 monitor.c
---- monitor.c 6 Feb 2004 05:40:27 -0000 1.64
-+++ monitor.c 4 Mar 2004 09:44:54 -0000
-@@ -782,16 +782,10 @@ mm_answer_skeyrespond(int socket, Buffer
- int
- mm_answer_pam_start(int socket, Buffer *m)
- {
-- char *user;
--
- if (!options.use_pam)
- fatal("UsePAM not set, but ended up in %s anyway", __func__);
-
-- user = buffer_get_string(m, NULL);
--
-- start_pam(user);
--
-- xfree(user);
-+ start_pam(authctxt);
-
- monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1);
-
-Index: monitor_wrap.c
-===================================================================
-RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/monitor_wrap.c,v
-retrieving revision 1.40
-diff -u -p -r1.40 monitor_wrap.c
---- monitor_wrap.c 21 Nov 2003 12:56:47 -0000 1.40
-+++ monitor_wrap.c 4 Mar 2004 10:06:58 -0000
-@@ -686,7 +686,7 @@ mm_session_pty_cleanup2(Session *s)
-
- #ifdef USE_PAM
- void
--mm_start_pam(char *user)
-+mm_start_pam(Authctxt *authctxt)
- {
- Buffer m;
-
-@@ -695,8 +695,6 @@ mm_start_pam(char *user)
- fatal("UsePAM=no, but ended up in %s anyway", __func__);
-
- buffer_init(&m);
-- buffer_put_cstring(&m, user);
--
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m);
-
- buffer_free(&m);
-Index: monitor_wrap.h
-===================================================================
-RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/monitor_wrap.h,v
-retrieving revision 1.17
-diff -u -p -r1.17 monitor_wrap.h
---- monitor_wrap.h 17 Nov 2003 11:18:22 -0000 1.17
-+++ monitor_wrap.h 4 Mar 2004 09:55:57 -0000
-@@ -66,7 +66,7 @@ OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt
- #endif
-
- #ifdef USE_PAM
--void mm_start_pam(char *);
-+void mm_start_pam(struct Authctxt *);
- u_int mm_do_pam_account(void);
- void *mm_sshpam_init_ctx(struct Authctxt *);
- int mm_sshpam_query(void *, char **, char **, u_int *, char ***, u_int **);