chfn, chsh: new file pamfail.h for error printing

Signed-off-by: Sami Kerola <kerolasa@iki.fi>

1 files changed, 9 insertions, 21 deletions

diff --git a/login-utils/chsh.c b/login-utils/chsh.c
index bca161fb3..f6a5c9fa1 100644
--- a/login-utils/chsh.c
+++ b/login-utils/chsh.c
@@ -33,6 +33,7 @@
 #include <getopt.h>
 #include <stdbool.h>
 
+#include "pamfail.h"
 #include "c.h"
 #include "islocal.h"
 #include "setpwnam.h"
@@ -41,21 +42,6 @@
 #include "pathnames.h"
 #include "xalloc.h"
 
-#ifdef REQUIRE_PASSWORD
-#include <security/pam_appl.h>
-#include <security/pam_misc.h>
-
-#define PAM_FAIL_CHECK(_ph, _rc) \
-    do { \
-	if ((_rc) != PAM_SUCCESS) { \
-	    fprintf(stderr, "\n%s\n", pam_strerror((_ph), (_rc))); \
-	    pam_end((_ph), (_rc)); \
-	    exit(EXIT_FAILURE); \
-	} \
-    } while(0)
-
-#endif /* REQUIRE_PASSWORD */
-
 #ifdef HAVE_LIBSELINUX
 #include <selinux/selinux.h>
 #include <selinux/av_permissions.h>
@@ -163,20 +149,22 @@ main (int argc, char *argv[]) {
 	int retcode;
 
 	retcode = pam_start("chsh", pw->pw_name, &conv, &pamh);
-	if(retcode != PAM_SUCCESS)
-	    errx(EXIT_FAILURE, _("PAM failure, aborting: %s"),
-		    pam_strerror(pamh, retcode));
+	if (pam_fail_check(pamh, retcode))
+	    exit(EXIT_FAILURE);
 
 	retcode = pam_authenticate(pamh, 0);
-	PAM_FAIL_CHECK(pamh, retcode);
+	if (pam_fail_check(pamh, retcode))
+	    exit(EXIT_FAILURE);
 
 	retcode = pam_acct_mgmt(pamh, 0);
 	if (retcode == PAM_NEW_AUTHTOK_REQD)
 	    retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
-	PAM_FAIL_CHECK(pamh, retcode);
+	if (pam_fail_check(pamh, retcode))
+	    exit(EXIT_FAILURE);
 
 	retcode = pam_setcred(pamh, 0);
-	PAM_FAIL_CHECK(pamh, retcode);
+	if (pam_fail_check(pamh, retcode))
+	    exit(EXIT_FAILURE);
 
 	pam_end(pamh, 0);
 	/* no need to establish a session; this isn't a session-oriented