Use getpwnam_r().

lib/libpam/modules/pam_chroot/pam_chroot.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_chroot.c,v 1.2 2004/12/12 08:18:43 christos Exp $	*/
+/*	$NetBSD: pam_chroot.c,v 1.3 2005/03/31 15:11:54 thorpej Exp $	*/
 
 /*-
  * Copyright (c) 2003 Networks Associates Technology, Inc.
@@ -38,7 +38,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_chroot/pam_chroot.c,v 1.3 2003/04/30 00:40:24 des Exp $");
 #else
-__RCSID("$NetBSD: pam_chroot.c,v 1.2 2004/12/12 08:18:43 christos Exp $");
+__RCSID("$NetBSD: pam_chroot.c,v 1.3 2005/03/31 15:11:54 thorpej Exp $");
 #endif
 
 #include <sys/param.h>
@@ -59,11 +59,13 @@ pam_sm_open_session(pam_handle_t *pamh, int flags __unused,
     int argc __unused, const char *argv[] __unused)
 {
 	const char *dir, *end, *cwd, *user;
-	struct passwd *pwd;
+	struct passwd *pwd, pwres;
 	char buf[PATH_MAX];
+	char pwbuf[1024];
 
 	if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS ||
-	    user == NULL || (pwd = getpwnam(user)) == NULL)
+	    user == NULL ||
+	    getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0)
 		return (PAM_SESSION_ERR);
 	if (pwd->pw_uid == 0 && !openpam_get_option(pamh, "also_root"))
 		return (PAM_SUCCESS);

lib/libpam/modules/pam_ftpusers/pam_ftpusers.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_ftpusers.c,v 1.2 2004/12/12 08:18:44 christos Exp $	*/
+/*	$NetBSD: pam_ftpusers.c,v 1.3 2005/03/31 15:11:54 thorpej Exp $	*/
 
 /*-
  * Copyright (c) 2001 Networks Associates Technology, Inc.
@@ -38,7 +38,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ftpusers/pam_ftpusers.c,v 1.1 2002/05/08 00:30:10 des Exp $");
 #else
-__RCSID("$NetBSD: pam_ftpusers.c,v 1.2 2004/12/12 08:18:44 christos Exp $");
+__RCSID("$NetBSD: pam_ftpusers.c,v 1.3 2005/03/31 15:11:54 thorpej Exp $");
 #endif
 
 #include <ctype.h>
@@ -60,18 +60,20 @@ PAM_EXTERN int
 pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
     int argc __unused, const char *argv[] __unused)
 {
-	struct passwd *pwd;
+	struct passwd *pwd, pwres;
 	struct group *grp;
 	const char *user;
 	int pam_err, found, allow;
 	char *line, *name, **mem;
 	size_t len, ulen;
 	FILE *f;
+	char pwbuf[1024];
 
 	pam_err = pam_get_user(pamh, &user, NULL);
 	if (pam_err != PAM_SUCCESS)
 		return (pam_err);
-	if (user == NULL || (pwd = getpwnam(user)) == NULL)
+	if (user == NULL ||
+	    getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0)
 		return (PAM_SERVICE_ERR);
 
 	found = 0;

lib/libpam/modules/pam_group/pam_group.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_group.c,v 1.5 2005/03/05 20:33:40 christos Exp $	*/
+/*	$NetBSD: pam_group.c,v 1.6 2005/03/31 15:11:54 thorpej Exp $	*/
 
 /*-
  * Copyright (c) 2003 Networks Associates Technology, Inc.
@@ -38,7 +38,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_group/pam_group.c,v 1.4 2003/12/11 13:55:15 des Exp $");
 #else
-__RCSID("$NetBSD: pam_group.c,v 1.5 2005/03/05 20:33:40 christos Exp $");
+__RCSID("$NetBSD: pam_group.c,v 1.6 2005/03/31 15:11:54 thorpej Exp $");
 #endif
 
 #include <sys/types.h>
@@ -69,14 +69,16 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	const char *group, *user;
 	const void *ruser;
 	char *const *list;
-	struct passwd *pwd;
+	struct passwd *pwd, pwres;
 	struct group *grp;
 	int pam_err;
 	char *promptresp = NULL;
+	char pwbuf[1024];
 
 	/* get target account */
 	if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS ||
-	    user == NULL || (pwd = getpwnam(user)) == NULL)
+	    user == NULL ||
+	    getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0)
 		return (PAM_AUTH_ERR);
 	if (pwd->pw_uid != 0 && openpam_get_option(pamh, "root_only"))
 		return (PAM_IGNORE);

lib/libpam/modules/pam_krb5/pam_krb5.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_krb5.c,v 1.6 2005/02/26 18:25:28 thorpej Exp $	*/
+/*	$NetBSD: pam_krb5.c,v 1.7 2005/03/31 15:11:54 thorpej Exp $	*/
 
 /*-
  * This pam_krb5 module contains code that is:
@@ -53,7 +53,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_krb5/pam_krb5.c,v 1.22 2005/01/24 16:49:50 rwatson Exp $");
 #else
-__RCSID("$NetBSD: pam_krb5.c,v 1.6 2005/02/26 18:25:28 thorpej Exp $");
+__RCSID("$NetBSD: pam_krb5.c,v 1.7 2005/03/31 15:11:54 thorpej Exp $");
 #endif
 
 #include <sys/types.h>
@@ -110,13 +110,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	krb5_principal princ;
 	krb5_ccache ccache;
 	krb5_get_init_creds_opt opts;
-	struct passwd *pwd;
+	struct passwd *pwd, pwres;
 	int retval;
 	void *ccache_data;
 	const char *user, *pass;
 	const void *sourceuser, *service;
 	char *principal, *princ_name, *ccache_name, luser[32], *srvdup;
 	char password_prompt[80];
+	char pwbuf[1024];
 
 	retval = pam_get_user(pamh, &user, USER_PROMPT);
 	if (retval != PAM_SUCCESS)
@@ -223,13 +224,12 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 		PAM_LOG("PAM_USER Redone");
 	}
 
-	pwd = getpwnam(user);
-	if (pwd == NULL) {
+	if (getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0) {
 		retval = PAM_USER_UNKNOWN;
 		goto cleanup2;
 	}
 
-	PAM_LOG("Done getpwnam()");
+	PAM_LOG("Done getpwnam_r()");
 
 	/* Get a TGT */
 	memset(&creds, 0, sizeof(krb5_creds));
@@ -349,12 +349,13 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
 	krb5_creds creds;
 	krb5_ccache ccache_temp, ccache_perm;
 	krb5_cc_cursor cursor;
-	struct passwd *pwd = NULL;
+	struct passwd *pwd = NULL, pwres;
 	int retval;
 	const char *cache_name, *q;
 	const void *user;
 	void *cache_data;
 	char *cache_name_buf = NULL, *p;
+	char pwbuf[1024];
 
 	uid_t euid;
 	gid_t egid;
@@ -412,13 +413,12 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
 	}
 
 	/* Get the uid. This should exist. */
-	pwd = getpwnam(user);
-	if (pwd == NULL) {
+	if (getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0) {
 		retval = PAM_USER_UNKNOWN;
 		goto cleanup3;
 	}
 
-	PAM_LOG("Done getpwnam()");
+	PAM_LOG("Done getpwnam_r()");
 
 	/* Avoid following a symlink as root */
 	if (setegid(pwd->pw_gid)) {

lib/libpam/modules/pam_lastlog/pam_lastlog.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_lastlog.c,v 1.6 2005/03/05 20:32:41 christos Exp $	*/
+/*	$NetBSD: pam_lastlog.c,v 1.7 2005/03/31 15:11:54 thorpej Exp $	*/
 
 /*-
  * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
@@ -47,7 +47,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_lastlog/pam_lastlog.c,v 1.20 2004/01/26 19:28:37 des Exp $");
 #else
-__RCSID("$NetBSD: pam_lastlog.c,v 1.6 2005/03/05 20:32:41 christos Exp $");
+__RCSID("$NetBSD: pam_lastlog.c,v 1.7 2005/03/31 15:11:54 thorpej Exp $");
 #endif
 
 #include <sys/param.h>
@@ -97,18 +97,20 @@ PAM_EXTERN int
 pam_sm_open_session(pam_handle_t *pamh, int flags,
     int argc __unused, const char *argv[] __unused)
 {
-	struct passwd *pwd;
+	struct passwd *pwd, pwres;
 	struct timeval now;
 	const char *user, *rhost, *tty, *nuser;
 	const void *vrhost, *vtty, *vss, *vnuser;
 	const struct sockaddr_storage *ss;
 	int pam_err;
+	char pwbuf[1024];
 
 	pam_err = pam_get_user(pamh, &user, NULL);
 	if (pam_err != PAM_SUCCESS)
 		return pam_err;
 
-	if (user == NULL || (pwd = getpwnam(user)) == NULL)
+	if (user == NULL ||
+	    getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0)
 		return PAM_SERVICE_ERR;
 
 	PAM_LOG("Got user: %s", user);

lib/libpam/modules/pam_nologin/pam_nologin.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_nologin.c,v 1.3 2005/01/23 09:45:02 manu Exp $	*/
+/*	$NetBSD: pam_nologin.c,v 1.4 2005/03/31 15:11:54 thorpej Exp $	*/
 
 /*-
  * Copyright 2001 Mark R V Murray
@@ -40,7 +40,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_nologin/pam_nologin.c,v 1.10 2002/04/12 22:27:21 des Exp $");
 #else
-__RCSID("$NetBSD: pam_nologin.c,v 1.3 2005/01/23 09:45:02 manu Exp $");
+__RCSID("$NetBSD: pam_nologin.c,v 1.4 2005/03/31 15:11:54 thorpej Exp $");
 #endif
 
 
@@ -70,13 +70,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
     int argc __unused, const char *argv[] __unused)
 {
 	login_cap_t *lc;
-	struct passwd *pwd;
+	struct passwd *pwd, pwres;
 	struct stat st;
 	int retval, fd;
 	int ignorenologin = 0;
 	int rootlogin = 0;
 	const char *user, *nologin;
 	char *mtmp;
+	char pwbuf[1024];
 
 	if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
 		return retval;
@@ -91,7 +92,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	 * Do not allow login of unexisting users, so that a directory
 	 * failure will not cause the nologin capability to be ignored.
 	 */
-	if ((pwd = getpwnam(user)) == NULL) {
+	if (getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0) {
 		return PAM_USER_UNKNOWN;
 	} else {
 		if (pwd->pw_uid == 0)

lib/libpam/modules/pam_radius/pam_radius.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_radius.c,v 1.2 2004/12/12 08:18:46 christos Exp $	*/
+/*	$NetBSD: pam_radius.c,v 1.3 2005/03/31 15:11:54 thorpej Exp $	*/
 
 /*-
  * Copyright 1998 Juniper Networks, Inc.
@@ -40,7 +40,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_radius/pam_radius.c,v 1.22 2004/06/25 12:32:45 kan Exp $");
 #else
-__RCSID("$NetBSD: pam_radius.c,v 1.2 2004/12/12 08:18:46 christos Exp $");
+__RCSID("$NetBSD: pam_radius.c,v 1.3 2005/03/31 15:11:54 thorpej Exp $");
 #endif
 
 #include <sys/param.h>
@@ -253,6 +253,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	struct rad_handle *radh;
 	const char *user, *pass;
 	const void *tmpuser;
+	struct passwd *pwd, pwres;
+	char pwbuf[1024];
 	const char *conf_file, *template_user, *nas_id, *nas_ipaddr;
 	int retval;
 	int e;
@@ -320,7 +322,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 				retval = pam_get_item(pamh, PAM_USER, &tmpuser);
 				if (retval != PAM_SUCCESS)
 					return (retval);
-				if (getpwnam(tmpuser) == NULL) {
+				if (getpwnam_r(tmpuser, &pwres, pwbuf,
+					       sizeof(pwbuf), &pwd) != 0) {
 					pam_set_item(pamh, PAM_USER,
 					    template_user);
 					PAM_LOG("Using template user");

lib/libpam/modules/pam_rhosts/pam_rhosts.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_rhosts.c,v 1.2 2004/12/12 08:18:47 christos Exp $	*/
+/*	$NetBSD: pam_rhosts.c,v 1.3 2005/03/31 15:11:54 thorpej Exp $	*/
 
 /*-
  * Copyright (c) 2002 Danny Braniss
@@ -40,7 +40,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_rhosts/pam_rhosts.c,v 1.3 2003/12/11 13:55:16 des Exp $");
 #else
-__RCSID("$NetBSD: pam_rhosts.c,v 1.2 2004/12/12 08:18:47 christos Exp $");
+__RCSID("$NetBSD: pam_rhosts.c,v 1.3 2005/03/31 15:11:54 thorpej Exp $");
 #endif
 
 #include <pwd.h>
@@ -59,16 +59,17 @@ PAM_EXTERN int
 pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
     int argc __unused, const char *argv[] __unused)
 {
-	struct passwd *pw;
+	struct passwd *pw, pwres;
 	const char *user;
 	const void *ruser, *rhost;
 	int err, superuser;
+	char pwbuf[1024];
 
 	err = pam_get_user(pamh, &user, NULL);
 	if (err != PAM_SUCCESS)
 		return (err);
 
-	if ((pw = getpwnam(user)) == NULL)
+	if (getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pw) != 0)
 		return (PAM_USER_UNKNOWN);
 	if (pw->pw_uid == 0 &&
 	    openpam_get_option(pamh, OPT_ALLOW_ROOT) == NULL)

lib/libpam/modules/pam_securetty/pam_securetty.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_securetty.c,v 1.2 2004/12/12 08:18:47 christos Exp $	*/
+/*	$NetBSD: pam_securetty.c,v 1.3 2005/03/31 15:11:54 thorpej Exp $	*/
 
 /*-
  * Copyright (c) 2001 Mark R V Murray
@@ -40,7 +40,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_securetty/pam_securetty.c,v 1.13 2004/02/10 10:13:21 des Exp $");
 #else
-__RCSID("$NetBSD: pam_securetty.c,v 1.2 2004/12/12 08:18:47 christos Exp $");
+__RCSID("$NetBSD: pam_securetty.c,v 1.3 2005/03/31 15:11:54 thorpej Exp $");
 #endif
 
 #include <sys/types.h>
@@ -61,16 +61,18 @@ PAM_EXTERN int
 pam_sm_acct_mgmt(pam_handle_t *pamh __unused, int flags __unused,
     int argc __unused, const char *argv[] __unused)
 {
-	struct passwd *pwd;
+	struct passwd *pwd, pwres;
 	struct ttyent *ty;
 	const char *user;
 	const void *tty;
 	int pam_err;
+	char pwbuf[1024];
 
 	pam_err = pam_get_user(pamh, &user, NULL);
 	if (pam_err != PAM_SUCCESS)
 		return (pam_err);
-	if (user == NULL || (pwd = getpwnam(user)) == NULL)
+	if (user == NULL ||
+	    getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0)
 		return (PAM_SERVICE_ERR);
 
 	PAM_LOG("Got user: %s", user);

lib/libpam/modules/pam_self/pam_self.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_self.c,v 1.2 2004/12/12 08:18:47 christos Exp $	*/
+/*	$NetBSD: pam_self.c,v 1.3 2005/03/31 15:11:54 thorpej Exp $	*/
 
 /*-
  * Copyright (c) 2001 Mark R V Murray
@@ -40,7 +40,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_self/pam_self.c,v 1.9 2002/04/12 22:27:24 des Exp $");
 #else
-__RCSID("$NetBSD: pam_self.c,v 1.2 2004/12/12 08:18:47 christos Exp $");
+__RCSID("$NetBSD: pam_self.c,v 1.3 2005/03/31 15:11:54 thorpej Exp $");
 #endif
 
 #define _BSD_SOURCE
@@ -61,15 +61,17 @@ PAM_EXTERN int
 pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
     int argc __unused, const char *argv[] __unused)
 {
-	struct passwd *pwd;
+	struct passwd *pwd, pwres;
 	const char *luser;
 	int pam_err;
 	uid_t uid;
+	char pwbuf[1024];
 
 	pam_err = pam_get_user(pamh, &luser, NULL);
 	if (pam_err != PAM_SUCCESS)
 		return (pam_err);
-	if (luser == NULL || (pwd = getpwnam(luser)) == NULL)
+	if (luser == NULL ||
+	    getpwnam_r(luser, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0)
 		return (PAM_AUTH_ERR);
 
 	uid = getuid();

lib/libpam/modules/pam_ssh/pam_ssh.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_ssh.c,v 1.9 2005/03/17 01:14:40 christos Exp $	*/
+/*	$NetBSD: pam_ssh.c,v 1.10 2005/03/31 15:11:54 thorpej Exp $	*/
 
 /*-
  * Copyright (c) 2003 Networks Associates Technology, Inc.
@@ -38,7 +38,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.c,v 1.40 2004/02/10 10:13:21 des Exp $");
 #else
-__RCSID("$NetBSD: pam_ssh.c,v 1.9 2005/03/17 01:14:40 christos Exp $");
+__RCSID("$NetBSD: pam_ssh.c,v 1.10 2005/03/31 15:11:54 thorpej Exp $");
 #endif
 
 #include <sys/param.h>
@@ -141,9 +141,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
     int argc __unused, const char *argv[] __unused)
 {
 	const char **kfn, *passphrase, *user;
-	struct passwd *pwd;
+	struct passwd *pwd, pwres;
 	struct pam_ssh_key *psk;
 	int nkeys, pam_err, pass;
+	char pwbuf[1024];
 
 	/* PEM is not loaded by default */
 	OpenSSL_add_all_algorithms();
@@ -152,8 +153,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	pam_err = pam_get_user(pamh, &user, NULL);
 	if (pam_err != PAM_SUCCESS)
 		return (pam_err);
-	pwd = getpwnam(user);
-	if (pwd == NULL)
+	if (getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0)
 		return (PAM_USER_UNKNOWN);
 	if (pwd->pw_dir == NULL)
 		return (PAM_AUTH_ERR);
@@ -399,10 +399,11 @@ PAM_EXTERN int
 pam_sm_open_session(pam_handle_t *pamh, int flags __unused,
     int argc __unused, const char *argv[] __unused)
 {
-	struct passwd *pwd;
+	struct passwd *pwd, pwres;
 	const char *user;
 	void *data;
 	int pam_err = PAM_SUCCESS;
+	char pwbuf[1024];
 
 	/* no keys, no work */
 	if (pam_get_data(pamh, pam_ssh_have_keys, &data) != PAM_SUCCESS &&
@@ -413,8 +414,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags __unused,
 	pam_err = pam_get_user(pamh, &user, NULL);
 	if (pam_err != PAM_SUCCESS)
 		return (pam_err);
-	pwd = getpwnam(user);
-	if (pwd == NULL)
+	if (getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0)
 		return (PAM_USER_UNKNOWN);
 
 	/* start the agent */

lib/libpam/modules/pam_unix/pam_unix.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_unix.c,v 1.6 2005/03/17 01:13:59 christos Exp $	*/
+/*	$NetBSD: pam_unix.c,v 1.7 2005/03/31 15:11:54 thorpej Exp $	*/
 
 /*-
  * Copyright 1998 Juniper Networks, Inc.
@@ -40,7 +40,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_unix/pam_unix.c,v 1.49 2004/02/10 10:13:21 des Exp $");
 #else
-__RCSID("$NetBSD: pam_unix.c,v 1.6 2005/03/17 01:13:59 christos Exp $");
+__RCSID("$NetBSD: pam_unix.c,v 1.7 2005/03/31 15:11:54 thorpej Exp $");
 #endif
 
 
@@ -85,18 +85,20 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
     int argc __unused, const char *argv[] __unused)
 {
 	login_cap_t *lc;
-	struct passwd *pwd;
+	struct passwd *pwd, pwres;
 	int retval;
 	const char *pass, *user, *realpw;
+	char pwbuf[1024];
 
 	if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
-		pwd = getpwnam(getlogin());
+		(void) getpwnam_r(getlogin(), &pwres, pwbuf, sizeof(pwbuf),
+				  &pwd);
 	} else {
 		retval = pam_get_user(pamh, &user, NULL);
 		if (retval != PAM_SUCCESS)
 			return (retval);
 		PAM_LOG("Got user: %s", user);
-		pwd = getpwnam(user);
+		(void) getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd);
 	}
 
 	if (pwd != NULL) {
@@ -143,18 +145,20 @@ PAM_EXTERN int
 pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
     int argc __unused, const char *argv[] __unused)
 {
-	struct passwd *pwd;
+	struct passwd *pwd, pwres;
 	struct timeval now;
 	login_cap_t *lc;
 	time_t warntime;
 	int retval;
 	const char *user;
+	char pwbuf[1024];
 
 	retval = pam_get_user(pamh, &user, NULL);
 	if (retval != PAM_SUCCESS)
 		return (retval);
 
-	if (user == NULL || (pwd = getpwnam(user)) == NULL)
+	if (user == NULL ||
+	    getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0)
 		return (PAM_SERVICE_ERR);
 
 	PAM_LOG("Got user: %s", user);
@@ -403,25 +407,26 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 	const char *user, *passwd_db, *new_pass, *old_pass, *p;
 	int retval, tries, min_pw_len = 0, pw_expiry = 0;
 	char salt[_PASSWORD_LEN+1];
+	char old_pwbuf[1024];
 #ifdef YP
 	char *domain;
 	int r;
 #endif
 
 	if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF))
-		pwd = getpwnam(getlogin());
+		(void) getpwnam_r(getlogin(), &old_pwd, old_pwbuf,
+				  sizeof(old_pwbuf), &pwd);
 	else {
 		retval = pam_get_user(pamh, &user, NULL);
 		if (retval != PAM_SUCCESS)
 			return (retval);
-		pwd = getpwnam(user);
+		(void) getpwnam_r(user, &old_pwd, old_pwbuf,
+				  sizeof(old_pwbuf), &pwd);
 	}
 
 	if (pwd == NULL)
 		return (PAM_AUTHTOK_RECOVERY_ERR);
 
-	old_pwd = *pwd;
-
 	PAM_LOG("Got user: %s", user);
 
 	/*