$OpenBSD: patch-sockd_auth_password_c,v 1.1 2007/09/18 22:15:11 jakob Exp $
--- sockd/auth_password.c.orig	Wed Jun  8 08:34:54 2005
+++ sockd/auth_password.c	Tue Sep 18 17:27:00 2007
@@ -57,29 +57,33 @@ passwordcheck(name, clearpassword, emsg,
 	struct passwd *pw;
 	char *salt, *password;
 	uid_t euid;
+	int retval = -1; /* default return value */
 
 	socks_seteuid(&euid, sockscf.uid.privileged);
 	pw = socks_getpwnam(name);
-	socks_reseteuid(sockscf.uid.privileged, euid);
 
 	if (pw == NULL) {
 		snprintfn(emsg, emsglen, "system username/password failed");
-		return -1;
+		retval = -1;
 	}
 
-	if (clearpassword != NULL) {
+	else if (clearpassword != NULL) {
 		salt		= pw->pw_passwd;
 		password = pw->pw_passwd;
 
 		if (strcmp(crypt(clearpassword, salt), password) == 0)
-			return 0;
+			retval = 0;
 		else {
 			snprintfn(emsg, emsglen, "system password userauthentication failed");
-			return -1;
+			retval = -1;
 		}
 	}
 	else
-		return 0;
+		retval = 0;
 
-	return -1;
+	/* reset after checking pw because on OpenBSD pw->pw_passwd
+	   resets to stars after euid is no longer 0 */
+	socks_reseteuid(sockscf.uid.privileged, euid);
+
+	return retval;
 }
