diff --git a/include/Makefile.am b/include/Makefile.am index 64a620f8a..237840ab2 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -22,6 +22,7 @@ dist_noinst_HEADERS = \ md5.h \ minix.h \ nls.h \ + pamfail.h \ path.h \ pathnames.h \ procutils.h \ diff --git a/include/pamfail.h b/include/pamfail.h new file mode 100644 index 000000000..8008ce395 --- /dev/null +++ b/include/pamfail.h @@ -0,0 +1,16 @@ +#ifndef UTIL_LINUX_PAMFAIL_H +#include +#include +#include "c.h" + +static inline int +pam_fail_check(pam_handle_t *pamh, int retcode) +{ + if (retcode == PAM_SUCCESS) + return 0; + warnx("%s", pam_strerror(pamh, retcode)); + pam_end(pamh, retcode); + return 1; +} + +#endif /* UTIL_LINUX_PAMFAIL_H */ diff --git a/login-utils/chfn.c b/login-utils/chfn.c index 1ddd5864b..7e87999d5 100644 --- a/login-utils/chfn.c +++ b/login-utils/chfn.c @@ -34,6 +34,7 @@ #include #include +#include "pamfail.h" #include "islocal.h" #include "setpwnam.h" #include "strutils.h" @@ -48,21 +49,6 @@ #include "selinux_utils.h" #endif -#ifdef REQUIRE_PASSWORD -#include -#include - -#define PAM_FAIL_CHECK(_ph, _rc) \ - do { \ - if ((_rc) != PAM_SUCCESS) { \ - fprintf(stderr, "\n%s\n", pam_strerror((_ph), (_rc))); \ - pam_end((_ph), (_rc)); \ - exit(EXIT_FAILURE); \ - } \ - } while(0) - -#endif /* REQUIRE_PASSWORD */ - static char buf[1024]; struct finfo { @@ -177,20 +163,22 @@ int main (int argc, char **argv) { int retcode; retcode = pam_start("chfn", oldf.username, &conv, &pamh); - if(retcode != PAM_SUCCESS) - errx(EXIT_FAILURE, _("PAM failure, aborting: %s"), - pam_strerror(pamh, retcode)); + if (pam_fail_check(pamh, retcode)) + exit(EXIT_FAILURE); retcode = pam_authenticate(pamh, 0); - PAM_FAIL_CHECK(pamh, retcode); + if (pam_fail_check(pamh, retcode)) + exit(EXIT_FAILURE); retcode = pam_acct_mgmt(pamh, 0); if (retcode == PAM_NEW_AUTHTOK_REQD) retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); - PAM_FAIL_CHECK(pamh, retcode); + if (pam_fail_check(pamh, retcode)) + exit(EXIT_FAILURE); retcode = pam_setcred(pamh, 0); - PAM_FAIL_CHECK(pamh, retcode); + if (pam_fail_check(pamh, retcode)) + exit(EXIT_FAILURE); pam_end(pamh, 0); /* no need to establish a session; this isn't a session-oriented diff --git a/login-utils/chsh.c b/login-utils/chsh.c index bca161fb3..f6a5c9fa1 100644 --- a/login-utils/chsh.c +++ b/login-utils/chsh.c @@ -33,6 +33,7 @@ #include #include +#include "pamfail.h" #include "c.h" #include "islocal.h" #include "setpwnam.h" @@ -41,21 +42,6 @@ #include "pathnames.h" #include "xalloc.h" -#ifdef REQUIRE_PASSWORD -#include -#include - -#define PAM_FAIL_CHECK(_ph, _rc) \ - do { \ - if ((_rc) != PAM_SUCCESS) { \ - fprintf(stderr, "\n%s\n", pam_strerror((_ph), (_rc))); \ - pam_end((_ph), (_rc)); \ - exit(EXIT_FAILURE); \ - } \ - } while(0) - -#endif /* REQUIRE_PASSWORD */ - #ifdef HAVE_LIBSELINUX #include #include @@ -163,20 +149,22 @@ main (int argc, char *argv[]) { int retcode; retcode = pam_start("chsh", pw->pw_name, &conv, &pamh); - if(retcode != PAM_SUCCESS) - errx(EXIT_FAILURE, _("PAM failure, aborting: %s"), - pam_strerror(pamh, retcode)); + if (pam_fail_check(pamh, retcode)) + exit(EXIT_FAILURE); retcode = pam_authenticate(pamh, 0); - PAM_FAIL_CHECK(pamh, retcode); + if (pam_fail_check(pamh, retcode)) + exit(EXIT_FAILURE); retcode = pam_acct_mgmt(pamh, 0); if (retcode == PAM_NEW_AUTHTOK_REQD) retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); - PAM_FAIL_CHECK(pamh, retcode); + if (pam_fail_check(pamh, retcode)) + exit(EXIT_FAILURE); retcode = pam_setcred(pamh, 0); - PAM_FAIL_CHECK(pamh, retcode); + if (pam_fail_check(pamh, retcode)) + exit(EXIT_FAILURE); pam_end(pamh, 0); /* no need to establish a session; this isn't a session-oriented