Ver.1.4.28: Fix error in PAM authentication.

diff --git a/opengate/doc/Changes.html b/opengate/doc/Changes.html
index c1b6378..3a872f7 100644 (file)
--- a/opengate/doc/Changes.html
+++ b/opengate/doc/Changes.html
@@ -618,6 +618,11 @@ Ver.1.4.27 at 2008.3.3</DT>
 <DD>\r
 Fix error in setting the default pam service name. Fix previous fix.\r
 </DD>\r
+<DT>\r
+Ver.1.4.28 at 2008.3.8</DT>\r
+<DD>\r
+Fix error in pam authentication.\r
+</DD>\r
 \r
 </DL>\r
 <b>Please see CVS in SourceForge.net to check the file difference between versions.</b>\r

diff --git a/opengate/opengatesrv/auth-pam.c b/opengate/opengatesrv/auth-pam.c
index 0db4b7c..bebca02 100644 (file)
--- a/opengate/opengatesrv/auth-pam.c
+++ b/opengate/opengatesrv/auth-pam.c
@@ -72,6 +72,12 @@ int authPam(char *userid, char *passwd)
   pamConv.conv=pamCallback;
   pamConv.appdata_ptr=&userInfo;
   
+  /* root privilege is needed to control PAM */
+  if(seteuid(0)!=0){
+    err_msg("ERR at %s#%d: cannot add root privilege ",
+           __FILE__,__LINE__);
+  } 
+
   /* PAM start */
   retval = pam_start(serviceName, userid, &pamConv, &pamh);
   
@@ -96,7 +102,12 @@ int authPam(char *userid, char *passwd)
     err_msg("ERR at %s#%d: failed to release authenticator",__FILE__,__LINE__);
   }
   
+  /* remove root privilege */
+  seteuid(getuid()); 
+
+  /* clear password */
   userInfo.password = NULL;
+
   return ( retval == PAM_SUCCESS ? ACCEPT:DENY );       /* indicate success */
 }