Vendor import of OpenPAM Dianthus.

svn path=/vendor/openpam/dist/; revision=114536
2003-05-02 15:08:06 +00:00 · 2003-05-02 15:08:06 +00:00 · 4cb68ea5f3 · 2020-12-20 02:59:44 +00:00
commit 4cb68ea5f3
parent 63303d4131
51 changed files with 106 additions and 77 deletions
--- a/contrib/openpam/HISTORY
+++ b/contrib/openpam/HISTORY
@ -1,3 +1,20 @@
+OpenPAM Dianthus						2003-05-02
+
+ - BUGFIX: Initialize some potentially uninitialized variables.
+
+ - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
+
+ - BUGFIX: In pam_getenv(), return a pointer to the stored variable
+   instead of a freshly allocated copy.
+
+ - ENHANCE: Detect recursion in openpam_borrow_cred()
+
+ - ENHANCE: Make borrowing one's own credentials a no-op.
+
+ - ENHANCE: Further improve debugging support.
+
+ - ENHANCE: Clean up some variable names.
+============================================================================
 OpenPAM Daffodil						2003-01-06

 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
@ -206,4 +223,4 @@ OpenPAM	Calamite						2002-02-09

 First (beta) release.
 ============================================================================
-$P4: //depot/projects/openpam/HISTORY#17 $
+$P4: //depot/projects/openpam/HISTORY#18 $
--- a/contrib/openpam/README
+++ b/contrib/openpam/README
@ -22,6 +22,6 @@ These are some of OpenPAM's features:
     /usr/local/etc/pam.d/ and /usr/local/etc/pam.conf, in that order;
     this will be made configurable in a future release.

-Please direct bug reports and inquiries to openpam@thinksec.com.
+Please direct bug reports and inquiries to des@freebsd.org.

-$P4: //depot/projects/openpam/README#4 $
+$P4: //depot/projects/openpam/README#5 $
--- a/contrib/openpam/RELNOTES
+++ b/contrib/openpam/RELNOTES
@ -1,16 +1,13 @@

-		  Release notes for OpenPAM Daffodil
+		  Release notes for OpenPAM Dianthus
 		  ==================================

-This is a bugfix release.  The previous release, Cyclamen, was rushed
-out without sufficient testing, and contained a number of small but
-serious errors.
+This is a maintenance release incorporating a number of minor patches
+accumulated since the previous release.

 This release corresponds to the code used in FreeBSD-CURRENT as of the
-release date.  It has also been successfully built on NetBSD 1.6, and
-should build with minimal or no changes on OpenBSD.  Work is underway
-to port OpenPAM to MacOS 10.2.  It has not been tested on any other
-operating system.
+release date.  It may or may not build on other platforms; previous
+releases have been built on NetBSD and (with partial success) MacOS X.

 The library itself is complete.  Documentation exists in the form of
 man pages for the library functions.  These man pages are generated by
@ -27,4 +24,6 @@ NOTE: to the person who sent me MacOS patches in July 2002: I have
 lost your name and email address.  Please contact me so I can give you
 proper credit for your contribution.

-$P4: //depot/projects/openpam/RELNOTES#14 $
+Please direct bug reports and inquiries to des@freebsd.org.
+
+$P4: //depot/projects/openpam/RELNOTES#15 $
--- a/contrib/openpam/doc/man/openpam.3
+++ b/contrib/openpam/doc/man/openpam.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt OPENPAM 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/openpam_borrow_cred.3
+++ b/contrib/openpam/doc/man/openpam_borrow_cred.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt OPENPAM_BORROW_CRED 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/openpam_free_data.3
+++ b/contrib/openpam/doc/man/openpam_free_data.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt OPENPAM_FREE_DATA 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/openpam_get_option.3
+++ b/contrib/openpam/doc/man/openpam_get_option.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt OPENPAM_GET_OPTION 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/openpam_log.3
+++ b/contrib/openpam/doc/man/openpam_log.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt OPENPAM_LOG 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/openpam_nullconv.3
+++ b/contrib/openpam/doc/man/openpam_nullconv.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt OPENPAM_NULLCONV 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/openpam_restore_cred.3
+++ b/contrib/openpam/doc/man/openpam_restore_cred.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt OPENPAM_RESTORE_CRED 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/openpam_set_option.3
+++ b/contrib/openpam/doc/man/openpam_set_option.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt OPENPAM_SET_OPTION 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/openpam_ttyconv.3
+++ b/contrib/openpam/doc/man/openpam_ttyconv.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt OPENPAM_TTYCONV 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam.3
+++ b/contrib/openpam/doc/man/pam.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM 3
 .Os
 .Sh NAME
@ -75,7 +75,7 @@
 .Fn pam_get_item "pam_handle_t *pamh" "int item_type" "const void **item"
 .Ft int
 .Fn pam_get_user "pam_handle_t *pamh" "const char **user" "const char *prompt"
-.Ft char *
+.Ft const char *
 .Fn pam_getenv "pam_handle_t *pamh" "const char *name"
 .Ft char **
 .Fn pam_getenvlist "pam_handle_t *pamh"
--- a/contrib/openpam/doc/man/pam_acct_mgmt.3
+++ b/contrib/openpam/doc/man/pam_acct_mgmt.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_ACCT_MGMT 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_authenticate.3
+++ b/contrib/openpam/doc/man/pam_authenticate.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_AUTHENTICATE 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_chauthtok.3
+++ b/contrib/openpam/doc/man/pam_chauthtok.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_CHAUTHTOK 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_close_session.3
+++ b/contrib/openpam/doc/man/pam_close_session.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_CLOSE_SESSION 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_end.3
+++ b/contrib/openpam/doc/man/pam_end.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_END 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_error.3
+++ b/contrib/openpam/doc/man/pam_error.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_ERROR 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_get_authtok.3
+++ b/contrib/openpam/doc/man/pam_get_authtok.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_GET_AUTHTOK 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_get_data.3
+++ b/contrib/openpam/doc/man/pam_get_data.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_GET_DATA 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_get_item.3
+++ b/contrib/openpam/doc/man/pam_get_item.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_GET_ITEM 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_get_user.3
+++ b/contrib/openpam/doc/man/pam_get_user.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_GET_USER 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_getenv.3
+++ b/contrib/openpam/doc/man/pam_getenv.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_GETENV 3
 .Os
 .Sh NAME
@ -44,7 +44,7 @@
 .Sh SYNOPSIS
 .In sys/types.h
 .In security/pam_appl.h
-.Ft char *
+.Ft const char *
 .Fn pam_getenv "pam_handle_t *pamh" "const char *name"
 .Sh DESCRIPTION
 The
--- a/contrib/openpam/doc/man/pam_getenvlist.3
+++ b/contrib/openpam/doc/man/pam_getenvlist.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_GETENVLIST 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_info.3
+++ b/contrib/openpam/doc/man/pam_info.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_INFO 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_open_session.3
+++ b/contrib/openpam/doc/man/pam_open_session.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_OPEN_SESSION 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_prompt.3
+++ b/contrib/openpam/doc/man/pam_prompt.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_PROMPT 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_putenv.3
+++ b/contrib/openpam/doc/man/pam_putenv.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_PUTENV 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_set_data.3
+++ b/contrib/openpam/doc/man/pam_set_data.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_SET_DATA 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_set_item.3
+++ b/contrib/openpam/doc/man/pam_set_item.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_SET_ITEM 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_setcred.3
+++ b/contrib/openpam/doc/man/pam_setcred.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_SETCRED 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_setenv.3
+++ b/contrib/openpam/doc/man/pam_setenv.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_SETENV 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_sm_acct_mgmt.3
+++ b/contrib/openpam/doc/man/pam_sm_acct_mgmt.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_SM_ACCT_MGMT 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_sm_authenticate.3
+++ b/contrib/openpam/doc/man/pam_sm_authenticate.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_SM_AUTHENTICATE 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_sm_chauthtok.3
+++ b/contrib/openpam/doc/man/pam_sm_chauthtok.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_SM_CHAUTHTOK 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_sm_close_session.3
+++ b/contrib/openpam/doc/man/pam_sm_close_session.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_SM_CLOSE_SESSION 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_sm_open_session.3
+++ b/contrib/openpam/doc/man/pam_sm_open_session.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_SM_OPEN_SESSION 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_sm_setcred.3
+++ b/contrib/openpam/doc/man/pam_sm_setcred.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_SM_SETCRED 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_start.3
+++ b/contrib/openpam/doc/man/pam_start.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_START 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_strerror.3
+++ b/contrib/openpam/doc/man/pam_strerror.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_STRERROR 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_verror.3
+++ b/contrib/openpam/doc/man/pam_verror.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_VERROR 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_vinfo.3
+++ b/contrib/openpam/doc/man/pam_vinfo.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_VINFO 3
 .Os
 .Sh NAME
--- a/contrib/openpam/doc/man/pam_vprompt.3
+++ b/contrib/openpam/doc/man/pam_vprompt.3
@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd January 6, 2003
+.Dd May 2, 2003
 .Dt PAM_VPROMPT 3
 .Os
 .Sh NAME
--- a/contrib/openpam/include/security/openpam_version.h
+++ b/contrib/openpam/include/security/openpam_version.h
@ -31,14 +31,14 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- * $P4: //depot/projects/openpam/include/security/openpam_version.h#6 $
+ * $P4: //depot/projects/openpam/include/security/openpam_version.h#7 $
 */

 #ifndef _OPENPAM_VERSION_H_INCLUDED
 #define _OPENPAM_VERSION_H_INCLUDED

 #define _OPENPAM
-#define _OPENPAM_VERSION	20020630
-#define _OPENPAM_RELEASE	"Citronella"
+#define _OPENPAM_VERSION	20030502
+#define _OPENPAM_RELEASE	"Dianthus"

 #endif
--- a/contrib/openpam/include/security/pam_appl.h
+++ b/contrib/openpam/include/security/pam_appl.h
@ -31,7 +31,7 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- * $P4: //depot/projects/openpam/include/security/pam_appl.h#10 $
+ * $P4: //depot/projects/openpam/include/security/pam_appl.h#11 $
 */

 #ifndef _PAM_APPL_H_INCLUDED
@ -83,7 +83,7 @@ pam_get_user(pam_handle_t *_pamh,
 	const char **_user,
 	const char *_prompt);

-char *
+const char *
 pam_getenv(pam_handle_t *_pamh,
 	const char *_name);

--- a/contrib/openpam/include/security/pam_constants.h
+++ b/contrib/openpam/include/security/pam_constants.h
@ -31,7 +31,7 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- * $P4: //depot/projects/openpam/include/security/pam_constants.h#19 $
+ * $P4: //depot/projects/openpam/include/security/pam_constants.h#20 $
 */

 #ifndef _PAM_CONSTANTS_H_INCLUDED
@ -97,7 +97,8 @@ enum {
 * XSSO 5.4
 */
 enum {
-	PAM_SILENT			= 0x80000000,
+	/* some compilers promote 0x8000000 to long */
+	PAM_SILENT			= (-0x7fffffff - 1),
 	PAM_DISALLOW_NULL_AUTHTOK	= 0x1,
 	PAM_ESTABLISH_CRED		= 0x1,
 	PAM_DELETE_CRED			= 0x2,
--- a/contrib/openpam/lib/openpam_dispatch.c
+++ b/contrib/openpam/lib/openpam_dispatch.c
@ -31,7 +31,7 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#18 $
+ * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#19 $
 */

 #include <sys/param.h>
@ -59,6 +59,9 @@ openpam_dispatch(pam_handle_t *pamh,
 {
 	pam_chain_t *chain;
 	int err, fail, r;
+#ifdef DEBUG
+	int debug;
+#endif

 	ENTER();
 	if (pamh == NULL)
@ -96,8 +99,6 @@ openpam_dispatch(pam_handle_t *pamh,

 	/* execute */
 	for (err = fail = 0; chain != NULL; chain = chain->next) {
-		openpam_log(PAM_LOG_DEBUG, "calling %s() in %s",
-		    _pam_sm_func_name[primitive], chain->module->path);
 		if (chain->module->func[primitive] == NULL) {
 			openpam_log(PAM_LOG_ERROR, "%s: no %s()",
 			    chain->module->path, _pam_sm_func_name[primitive]);
@ -105,12 +106,23 @@ openpam_dispatch(pam_handle_t *pamh,
 		} else {
 			pamh->primitive = primitive;
 			pamh->current = chain;
+#ifdef DEBUG
+			debug = (openpam_get_option(pamh, "debug") != NULL);
+			if (debug)
+				++_openpam_debug;
+			openpam_log(PAM_LOG_DEBUG, "calling %s() in %s",
+			    _pam_sm_func_name[primitive], chain->module->path);
+#endif
 			r = (chain->module->func[primitive])(pamh, flags,
 			    chain->optc, (const char **)chain->optv);
 			pamh->current = NULL;
+#ifdef DEBUG
 			openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
 			    chain->module->path, _pam_sm_func_name[primitive],
 			    pam_strerror(pamh, r));
+			if (debug)
+				--_openpam_debug;
+#endif
 		}

 		if (r == PAM_IGNORE)
--- a/contrib/openpam/lib/openpam_impl.h
+++ b/contrib/openpam/lib/openpam_impl.h
@ -31,7 +31,7 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- * $P4: //depot/projects/openpam/lib/openpam_impl.h#20 $
+ * $P4: //depot/projects/openpam/lib/openpam_impl.h#21 $
 */

 #ifndef _OPENPAM_IMPL_H_INCLUDED
@ -44,6 +44,8 @@ extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES];
 extern const char *_pam_err_name[PAM_NUM_ERRORS];
 extern const char *_pam_item_name[PAM_NUM_ITEMS];

+extern int _openpam_debug;
+
 /*
 * Control flags
 */
--- a/contrib/openpam/lib/openpam_log.c
+++ b/contrib/openpam/lib/openpam_log.c
@ -31,7 +31,7 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- * $P4: //depot/projects/openpam/lib/openpam_log.c#17 $
+ * $P4: //depot/projects/openpam/lib/openpam_log.c#18 $
 */

 #include <ctype.h>
@ -45,6 +45,8 @@

 #include "openpam_impl.h"

+int _openpam_debug = 0;
+
 #if defined(openpam_log)

 /*
@ -62,12 +64,10 @@ _openpam_log(int level, const char *func, const char *fmt, ...)

 	switch (level) {
 	case PAM_LOG_DEBUG:
-#ifndef DEBUG
-		return;
-#else
+		if (!_openpam_debug)
+			return;
 		priority = LOG_DEBUG;
 		break;
-#endif
 	case PAM_LOG_VERBOSE:
 		priority = LOG_INFO;
 		break;
@ -108,12 +108,10 @@ openpam_log(int level, const char *fmt, ...)

 	switch (level) {
 	case PAM_LOG_DEBUG:
-#ifndef DEBUG
-		return;
-#else
+		if (!_openpam_debug)
+			return;
 		priority = LOG_DEBUG;
 		break;
-#endif
 	case PAM_LOG_VERBOSE:
 		priority = LOG_INFO;
 		break;
--- a/contrib/openpam/lib/pam_getenv.c
+++ b/contrib/openpam/lib/pam_getenv.c
@ -31,7 +31,7 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- * $P4: //depot/projects/openpam/lib/pam_getenv.c#12 $
+ * $P4: //depot/projects/openpam/lib/pam_getenv.c#13 $
 */

 #include <stdlib.h>
@ -48,7 +48,7 @@
 * Retrieve the value of a PAM environment variable
 */

-char *
+const char *
 pam_getenv(pam_handle_t *pamh,
 	const char *name)
 {