chfn, chsh: new file pamfail.h for error printing
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
This commit is contained in:
parent
7299ca031d
commit
57b35f3ba7
|
@ -22,6 +22,7 @@ dist_noinst_HEADERS = \
|
|||
md5.h \
|
||||
minix.h \
|
||||
nls.h \
|
||||
pamfail.h \
|
||||
path.h \
|
||||
pathnames.h \
|
||||
procutils.h \
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
#ifndef UTIL_LINUX_PAMFAIL_H
|
||||
#include <security/pam_appl.h>
|
||||
#include <security/pam_misc.h>
|
||||
#include "c.h"
|
||||
|
||||
static inline int
|
||||
pam_fail_check(pam_handle_t *pamh, int retcode)
|
||||
{
|
||||
if (retcode == PAM_SUCCESS)
|
||||
return 0;
|
||||
warnx("%s", pam_strerror(pamh, retcode));
|
||||
pam_end(pamh, retcode);
|
||||
return 1;
|
||||
}
|
||||
|
||||
#endif /* UTIL_LINUX_PAMFAIL_H */
|
|
@ -34,6 +34,7 @@
|
|||
#include <getopt.h>
|
||||
#include <stdbool.h>
|
||||
|
||||
#include "pamfail.h"
|
||||
#include "islocal.h"
|
||||
#include "setpwnam.h"
|
||||
#include "strutils.h"
|
||||
|
@ -48,21 +49,6 @@
|
|||
#include "selinux_utils.h"
|
||||
#endif
|
||||
|
||||
#ifdef REQUIRE_PASSWORD
|
||||
#include <security/pam_appl.h>
|
||||
#include <security/pam_misc.h>
|
||||
|
||||
#define PAM_FAIL_CHECK(_ph, _rc) \
|
||||
do { \
|
||||
if ((_rc) != PAM_SUCCESS) { \
|
||||
fprintf(stderr, "\n%s\n", pam_strerror((_ph), (_rc))); \
|
||||
pam_end((_ph), (_rc)); \
|
||||
exit(EXIT_FAILURE); \
|
||||
} \
|
||||
} while(0)
|
||||
|
||||
#endif /* REQUIRE_PASSWORD */
|
||||
|
||||
static char buf[1024];
|
||||
|
||||
struct finfo {
|
||||
|
@ -177,20 +163,22 @@ int main (int argc, char **argv) {
|
|||
int retcode;
|
||||
|
||||
retcode = pam_start("chfn", oldf.username, &conv, &pamh);
|
||||
if(retcode != PAM_SUCCESS)
|
||||
errx(EXIT_FAILURE, _("PAM failure, aborting: %s"),
|
||||
pam_strerror(pamh, retcode));
|
||||
if (pam_fail_check(pamh, retcode))
|
||||
exit(EXIT_FAILURE);
|
||||
|
||||
retcode = pam_authenticate(pamh, 0);
|
||||
PAM_FAIL_CHECK(pamh, retcode);
|
||||
if (pam_fail_check(pamh, retcode))
|
||||
exit(EXIT_FAILURE);
|
||||
|
||||
retcode = pam_acct_mgmt(pamh, 0);
|
||||
if (retcode == PAM_NEW_AUTHTOK_REQD)
|
||||
retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
|
||||
PAM_FAIL_CHECK(pamh, retcode);
|
||||
if (pam_fail_check(pamh, retcode))
|
||||
exit(EXIT_FAILURE);
|
||||
|
||||
retcode = pam_setcred(pamh, 0);
|
||||
PAM_FAIL_CHECK(pamh, retcode);
|
||||
if (pam_fail_check(pamh, retcode))
|
||||
exit(EXIT_FAILURE);
|
||||
|
||||
pam_end(pamh, 0);
|
||||
/* no need to establish a session; this isn't a session-oriented
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
#include <getopt.h>
|
||||
#include <stdbool.h>
|
||||
|
||||
#include "pamfail.h"
|
||||
#include "c.h"
|
||||
#include "islocal.h"
|
||||
#include "setpwnam.h"
|
||||
|
@ -41,21 +42,6 @@
|
|||
#include "pathnames.h"
|
||||
#include "xalloc.h"
|
||||
|
||||
#ifdef REQUIRE_PASSWORD
|
||||
#include <security/pam_appl.h>
|
||||
#include <security/pam_misc.h>
|
||||
|
||||
#define PAM_FAIL_CHECK(_ph, _rc) \
|
||||
do { \
|
||||
if ((_rc) != PAM_SUCCESS) { \
|
||||
fprintf(stderr, "\n%s\n", pam_strerror((_ph), (_rc))); \
|
||||
pam_end((_ph), (_rc)); \
|
||||
exit(EXIT_FAILURE); \
|
||||
} \
|
||||
} while(0)
|
||||
|
||||
#endif /* REQUIRE_PASSWORD */
|
||||
|
||||
#ifdef HAVE_LIBSELINUX
|
||||
#include <selinux/selinux.h>
|
||||
#include <selinux/av_permissions.h>
|
||||
|
@ -163,20 +149,22 @@ main (int argc, char *argv[]) {
|
|||
int retcode;
|
||||
|
||||
retcode = pam_start("chsh", pw->pw_name, &conv, &pamh);
|
||||
if(retcode != PAM_SUCCESS)
|
||||
errx(EXIT_FAILURE, _("PAM failure, aborting: %s"),
|
||||
pam_strerror(pamh, retcode));
|
||||
if (pam_fail_check(pamh, retcode))
|
||||
exit(EXIT_FAILURE);
|
||||
|
||||
retcode = pam_authenticate(pamh, 0);
|
||||
PAM_FAIL_CHECK(pamh, retcode);
|
||||
if (pam_fail_check(pamh, retcode))
|
||||
exit(EXIT_FAILURE);
|
||||
|
||||
retcode = pam_acct_mgmt(pamh, 0);
|
||||
if (retcode == PAM_NEW_AUTHTOK_REQD)
|
||||
retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
|
||||
PAM_FAIL_CHECK(pamh, retcode);
|
||||
if (pam_fail_check(pamh, retcode))
|
||||
exit(EXIT_FAILURE);
|
||||
|
||||
retcode = pam_setcred(pamh, 0);
|
||||
PAM_FAIL_CHECK(pamh, retcode);
|
||||
if (pam_fail_check(pamh, retcode))
|
||||
exit(EXIT_FAILURE);
|
||||
|
||||
pam_end(pamh, 0);
|
||||
/* no need to establish a session; this isn't a session-oriented
|
||||
|
|
Loading…
Reference in New Issue