1 files changed, 11 insertions, 15 deletions

diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c
index fce6bce1..4eccff8e 100644
--- a/modules/pam_unix/pam_unix_auth.c
+++ b/modules/pam_unix/pam_unix_auth.c
@@ -1,7 +1,9 @@
 /*
+ * pam_unix authentication management
+ *
  * Copyright Alexander O. Yuriev, 1996.  All rights reserved.
  * NIS+ support by Thorsten Kukuk <kukuk@weber.uni-paderborn.de>
- * Copyright Jan Rêkorajski, 1999.  All rights reserved.
+ * Copyright Jan Rękorajski, 1999.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -48,11 +50,6 @@
 #include <sys/stat.h>
 #include <syslog.h>
 
-/* indicate the following groups are defined */
-
-#define PAM_SM_AUTH
-
-#define _PAM_EXTERN_FUNCTIONS
 #include <security/_pam_macros.h>
 #include <security/pam_modules.h>
 #include <security/pam_ext.h>
@@ -74,8 +71,6 @@
  *      onto a normal UNIX authentication
  */
 
-#define _UNIX_AUTHTOK  "-UN*X-PASS"
-
 #define AUTH_RETURN						\
 do {									\
 	D(("recording return code for next time [%d]",		\
@@ -98,7 +93,7 @@ setcred_free (pam_handle_t *pamh UNUSED, void *ptr, int err UNUSED)
 int
 pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
-	unsigned int ctrl;
+	unsigned long long ctrl;
 	int retval, *ret_data = NULL;
 	const char *name;
 	const char *p;
@@ -126,21 +121,22 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
 		 * '+' or '-' as the first character of a user name. Don't
 		 * allow this characters here.
 		 */
-		if (name == NULL || name[0] == '-' || name[0] == '+') {
-			pam_syslog(pamh, LOG_ERR, "bad username [%s]", name);
+		if (name[0] == '-' || name[0] == '+') {
+			pam_syslog(pamh, LOG_NOTICE, "bad username [%s]", name);
 			retval = PAM_USER_UNKNOWN;
 			AUTH_RETURN;
 		}
 		if (on(UNIX_DEBUG, ctrl))
-			D(("username [%s] obtained", name));
+			pam_syslog(pamh, LOG_DEBUG, "username [%s] obtained", name);
 	} else {
-		D(("trouble reading username"));
 		if (retval == PAM_CONV_AGAIN) {
 			D(("pam_get_user/conv() function is not ready yet"));
 			/* it is safe to resume this function so we translate this
 			 * retval to the value that indicates we're happy to resume.
 			 */
 			retval = PAM_INCOMPLETE;
+		} else if (on(UNIX_DEBUG, ctrl)) {
+			pam_syslog(pamh, LOG_DEBUG, "could not obtain username");
 		}
 		AUTH_RETURN;
 	}
@@ -148,7 +144,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
 	/* if this user does not have a password... */
 
 	if (_unix_blankpasswd(pamh, ctrl, name)) {
-		D(("user '%s' has blank passwd", name));
+		pam_syslog(pamh, LOG_DEBUG, "user [%s] has blank password; authenticated without it", name);
 		name = NULL;
 		retval = PAM_SUCCESS;
 		AUTH_RETURN;
@@ -196,7 +192,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags,
 {
 	int retval;
 	const void *pretval = NULL;
-	unsigned int ctrl;
+	unsigned long long ctrl;
 
 	D(("called."));