Index: Linux-PAM/modules/pam_unix/pam_unix_auth.c
===================================================================
RCS file: /afs/sipb/project/debian/cvs/pam/Linux-PAM/modules/pam_unix/pam_unix_auth.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 pam_unix_auth.c
--- Linux-PAM/modules/pam_unix/pam_unix_auth.c	29 Apr 2001 04:17:37 -0000	1.1.1.1
+++ Linux-PAM/modules/pam_unix/pam_unix_auth.c	19 May 2002 00:42:59 -0000
@@ -81,17 +81,26 @@
 #define _UNIX_AUTHTOK  "-UN*X-PASS"
 
 #define AUTH_RETURN						\
-{								\
+do {								\
 	if (on(UNIX_LIKE_AUTH, ctrl) && ret_data) {		\
 		D(("recording return code for next time [%d]",	\
 					retval));		\
+		*ret_data = retval;				\
 		pam_set_data(pamh, "unix_setcred_return",	\
-				(void *) retval, NULL);	        \
+		             (void *) ret_data, setcred_free);	\
 	}							\
 	D(("done. [%s]", pam_strerror(pamh, retval)));		\
 	return retval;						\
+} while (0)
+
+
+static void setcred_free (pam_handle_t * pamh, void *ptr, int err)
+{
+	if (ptr)
+		free (ptr);
 }
 
+
 PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
 				   ,int argc, const char **argv)
 {
@@ -105,7 +114,8 @@
 
 	/* Get a few bytes so we can pass our return value to
 	   pam_sm_setcred(). */
-	ret_data = malloc(sizeof(int));
+	if (on(UNIX_LIKE_AUTH, ctrl))
+		ret_data = malloc(sizeof(int));
 
 	/* get the user'name' */
 
@@ -120,7 +130,7 @@
 		if (name == NULL || !isalnum(*name)) {
 			_log_err(LOG_ERR, pamh, "bad username [%s]", name);
 			retval = PAM_USER_UNKNOWN;
-			AUTH_RETURN
+			AUTH_RETURN;
 		}
 		if (retval == PAM_SUCCESS && on(UNIX_DEBUG, ctrl))
 			D(("username [%s] obtained", name));
@@ -133,7 +143,7 @@
 			 */
 			retval = PAM_INCOMPLETE;
 		}
-		AUTH_RETURN
+		AUTH_RETURN;
 	}
 
 	/* if this user does not have a password... */
@@ -142,7 +152,7 @@
 		D(("user '%s' has blank passwd", name));
 		name = NULL;
 		retval = PAM_SUCCESS;
-		AUTH_RETURN
+		AUTH_RETURN;
 	}
 	/* get this user's authentication token */
 
@@ -161,7 +171,7 @@
 			retval = PAM_INCOMPLETE;
 		}
 		name = NULL;
-		AUTH_RETURN
+		AUTH_RETURN;
 	}
 	D(("user=%s, password=[%s]", name, p));
 
@@ -169,7 +179,7 @@
 	retval = _unix_verify_password(pamh, name, p, ctrl);
 	name = p = NULL;
 
-	AUTH_RETURN
+	AUTH_RETURN;
 }
 
 
@@ -185,29 +195,23 @@
 PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags
 			      ,int argc, const char **argv)
 {
-	unsigned int ctrl;
 	int retval;
+	int *pretval = NULL;
 
 	D(("called."));
 
-	/* FIXME: it shouldn't be necessary to parse the arguments again. The
-	   only argument we need is UNIX_LIKE_AUTH: if it was set,
-	   pam_get_data will succeed. If it wasn't, it will fail, and we
-	   return PAM_SUCCESS.  -SRL */
-	ctrl = _set_ctrl(pamh, flags, NULL, argc, argv);
 	retval = PAM_SUCCESS;
 
-	if (on(UNIX_LIKE_AUTH, ctrl)) {
-		int *pretval = NULL;
-
-		D(("recovering return code from auth call"));
-		pam_get_data(pamh, "unix_setcred_return", (const void **) pretval);
-		if(pretval) {
-			retval = *pretval;
-			free(pretval);
-			D(("recovered data indicates that old retval was %d", retval));
-		}
+	D(("recovering return code from auth call"));
+	/* We will only find something here if UNIX_LIKE_AUTH is set -- 
+	   don't worry about an explicit check of argv. */
+	pam_get_data(pamh, "unix_setcred_return", (const void **) &pretval);
+	if(pretval) {
+		retval = *pretval;
+		pam_set_data(pamh, "unix_setcred_return", NULL, NULL);
+		D(("recovered data indicates that old retval was %d", retval));
 	}
+
 	return retval;
 }