Bug 192

Summary: monitor.c:545: undefined reference to `auth_password with USE_PAM on
Product: Portable OpenSSH Reporter: Kent Engström <kent>
Component: sshdAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED FIXED    
Severity: major    
Priority: P2    
Version: -current   
Hardware: ix86   
OS: Linux   

Description Kent Engström 2002-03-28 03:35:56 AEDT 
gcc -o sshd sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o 
auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o 
auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o 
loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o 
auth-skey.o auth-bsdauth.o monitor_mm.o monitor.o -L. -Lopenbsd-compat/ 
-L/local/pkg/openssl/lib  -lssh -lopenbsd-compat -lwrap -lpam -ldl -lutil 
-lz -lnsl -lcrypto
monitor.o: In function `mm_answer_authpassword':
/local/pkg/openssh/src/openssh/monitor.c:545: undefined reference to 
`auth_password'

But auth_password is defined in auth-passwd.c, and the whole file is
surrounded by 

#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
Comment 1 Ben Lindstrom 2002-03-28 04:04:13 AEDT 
If I understand the PAM code (none of the PRIVSEP code has been made to work 
with it right now) one should never called auth_password()  they should
be calling auth_pam_password()..

So in mm_answer_authpassword() function it should look something like this 
(untested, and unsure if any other PAM tweaks are needed), but I won't commit 
anything until someone says ya or na for it being correct.

         passwd = buffer_get_string(m, &plen);
         /* Only authenticate if the context is valid */
+#ifdef USE_PAM
+        /* Do PAM auth with password */
+        authenticated = authctxt->valid && auth_pam_password
+             (authctxt>pw,passwd);
+#else
        authenticated = authctxt->valid && auth_password(authctxt, passwd);
+#endif
        memset(passwd, 0, strlen(passwd));
        xfree(passwd);
Comment 2 Ben Lindstrom 2002-03-28 04:11:35 AEDT 
<grumble> Now I know why I don't cut and past into the comments normally.

the correct line is:
authenticated = authctxt->valid && auth_pam_password(authctxt->pw,passwd);
Comment 3 Kevin Steves 2002-03-31 06:47:43 AEST 
i will look at this.
privsep needs PAM integration, but first
let's get --with-pam working with no privsep in use.
Comment 4 Kevin Steves 2002-04-02 04:07:06 AEST 
 - (stevesk) [monitor.c] PAM should work again; will *not* work with
   UsePrivilegeSeparation=yes.
Comment 5 Damien Miller 2004-04-14 12:24:18 AEST 
Mass change of RESOLVED bugs to CLOSED