chfn, chsh: new file pamfail.h for error printing

Signed-off-by: Sami Kerola <kerolasa@iki.fi>

include/Makefile.am

@@ -22,6 +22,7 @@ dist_noinst_HEADERS = \
 	md5.h \
 	minix.h \
 	nls.h \
+	pamfail.h \
 	path.h \
 	pathnames.h \
 	procutils.h \

include/pamfail.h

@@ -0,0 +1,16 @@
+#ifndef UTIL_LINUX_PAMFAIL_H
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+#include "c.h"
+
+static inline int
+pam_fail_check(pam_handle_t *pamh, int retcode)
+{
+	if (retcode == PAM_SUCCESS)
+		return 0;
+	warnx("%s", pam_strerror(pamh, retcode));
+	pam_end(pamh, retcode);
+	return 1;
+}
+
+#endif /* UTIL_LINUX_PAMFAIL_H */

login-utils/chfn.c

@@ -34,6 +34,7 @@
 #include <getopt.h>
 #include <stdbool.h>
 
+#include "pamfail.h"
 #include "islocal.h"
 #include "setpwnam.h"
 #include "strutils.h"
@@ -48,21 +49,6 @@
 #include "selinux_utils.h"
 #endif
 
-#ifdef REQUIRE_PASSWORD
-#include <security/pam_appl.h>
-#include <security/pam_misc.h>
-
-#define PAM_FAIL_CHECK(_ph, _rc) \
-    do { \
-	if ((_rc) != PAM_SUCCESS) { \
-	    fprintf(stderr, "\n%s\n", pam_strerror((_ph), (_rc))); \
-	    pam_end((_ph), (_rc)); \
-	    exit(EXIT_FAILURE); \
-	} \
-    } while(0)
-
-#endif /* REQUIRE_PASSWORD */
-
 static char buf[1024];
 
 struct finfo {
@@ -177,20 +163,22 @@ int main (int argc, char **argv) {
 	int retcode;
 
 	retcode = pam_start("chfn", oldf.username, &conv, &pamh);
-	if(retcode != PAM_SUCCESS)
-	    errx(EXIT_FAILURE, _("PAM failure, aborting: %s"),
-		    pam_strerror(pamh, retcode));
+	if (pam_fail_check(pamh, retcode))
+            exit(EXIT_FAILURE);
 
 	retcode = pam_authenticate(pamh, 0);
-	PAM_FAIL_CHECK(pamh, retcode);
+	if (pam_fail_check(pamh, retcode))
+            exit(EXIT_FAILURE);
 
 	retcode = pam_acct_mgmt(pamh, 0);
 	if (retcode == PAM_NEW_AUTHTOK_REQD)
 	    retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
-	PAM_FAIL_CHECK(pamh, retcode);
+	if (pam_fail_check(pamh, retcode))
+	    exit(EXIT_FAILURE);
 
 	retcode = pam_setcred(pamh, 0);
-	PAM_FAIL_CHECK(pamh, retcode);
+	if (pam_fail_check(pamh, retcode))
+	    exit(EXIT_FAILURE);
 
 	pam_end(pamh, 0);
 	/* no need to establish a session; this isn't a session-oriented

login-utils/chsh.c

@@ -33,6 +33,7 @@
 #include <getopt.h>
 #include <stdbool.h>
 
+#include "pamfail.h"
 #include "c.h"
 #include "islocal.h"
 #include "setpwnam.h"
@@ -41,21 +42,6 @@
 #include "pathnames.h"
 #include "xalloc.h"
 
-#ifdef REQUIRE_PASSWORD
-#include <security/pam_appl.h>
-#include <security/pam_misc.h>
-
-#define PAM_FAIL_CHECK(_ph, _rc) \
-    do { \
-	if ((_rc) != PAM_SUCCESS) { \
-	    fprintf(stderr, "\n%s\n", pam_strerror((_ph), (_rc))); \
-	    pam_end((_ph), (_rc)); \
-	    exit(EXIT_FAILURE); \
-	} \
-    } while(0)
-
-#endif /* REQUIRE_PASSWORD */
-
 #ifdef HAVE_LIBSELINUX
 #include <selinux/selinux.h>
 #include <selinux/av_permissions.h>
@@ -163,20 +149,22 @@ main (int argc, char *argv[]) {
 	int retcode;
 
 	retcode = pam_start("chsh", pw->pw_name, &conv, &pamh);
-	if(retcode != PAM_SUCCESS)
-	    errx(EXIT_FAILURE, _("PAM failure, aborting: %s"),
-		    pam_strerror(pamh, retcode));
+	if (pam_fail_check(pamh, retcode))
+	    exit(EXIT_FAILURE);
 
 	retcode = pam_authenticate(pamh, 0);
-	PAM_FAIL_CHECK(pamh, retcode);
+	if (pam_fail_check(pamh, retcode))
+	    exit(EXIT_FAILURE);
 
 	retcode = pam_acct_mgmt(pamh, 0);
 	if (retcode == PAM_NEW_AUTHTOK_REQD)
 	    retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
-	PAM_FAIL_CHECK(pamh, retcode);
+	if (pam_fail_check(pamh, retcode))
+	    exit(EXIT_FAILURE);
 
 	retcode = pam_setcred(pamh, 0);
-	PAM_FAIL_CHECK(pamh, retcode);
+	if (pam_fail_check(pamh, retcode))
+	    exit(EXIT_FAILURE);
 
 	pam_end(pamh, 0);
 	/* no need to establish a session; this isn't a session-oriented