diff options
| author | Cody Maloney | 2013-02-07 07:22:20 +0100 |
|---|---|---|
| committer | Karel Zak | 2013-02-13 09:37:15 +0100 |
| commit | 6adb1ef279537875495d10f7c74f35101dd335fd (patch) | |
| tree | 0c3680cdc91be62969d805c03591c0dd5ec9ffb3 /login-utils/libuser.c | |
| parent | chsh-chfn: Move pam auth to its own function, factoring out common code (diff) | |
| download | kernel-qcow2-util-linux-6adb1ef279537875495d10f7c74f35101dd335fd.tar.gz kernel-qcow2-util-linux-6adb1ef279537875495d10f7c74f35101dd335fd.tar.xz kernel-qcow2-util-linux-6adb1ef279537875495d10f7c74f35101dd335fd.zip | |
chsh: Add libuser support
This is based directly on lchsh which is a part of libuser. libuser.{c,h}
exist because exactly the same code is needed for both chsh and chfn.
[kzak@redhat.com: cleanup err() usage]
Signed-off-by: Cody Maloney <cmaloney@theoreticalchaos.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'login-utils/libuser.c')
| -rw-r--r-- | login-utils/libuser.c | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/login-utils/libuser.c b/login-utils/libuser.c new file mode 100644 index 000000000..53c7ac9e2 --- /dev/null +++ b/login-utils/libuser.c @@ -0,0 +1,71 @@ +/* + * libuser.c -- Utilize libuser to set a user attribute + * (c) 2012 by Cody Maloney <cmaloney@theoreticalchaos.com> + * + * this program is free software. you can redistribute it and + * modify it under the terms of the gnu general public license. + * there is no warranty. + * + */ + +#include "libuser.h" + +#include <grp.h> +#include <libuser/user.h> +#include <unistd.h> + +#include "auth.h" +#include "c.h" +#include "nls.h" + +static int auth_lu(const char *service_name, struct lu_context *ctx, uid_t uid, + const char *username); + +static int auth_lu(const char *service_name, struct lu_context *ctx, uid_t uid, + const char *username) { + if(!lu_uses_elevated_privileges(ctx)) { + /* Drop privileges */ + if (setegid(getgid()) == -1) + err(EXIT_FAILURE, _("Couldn't drop group privileges")); + if (seteuid(getuid()) == -1) + err(EXIT_FAILURE, _("Couldn't drop group privileges")); + return TRUE; + } + + return auth_pam(service_name, uid, username); +} + +int set_value_libuser(const char *service_name, const char *username, uid_t uid, + const char *attr, const char *val) { + struct lu_context *ctx; + struct lu_error *error = NULL; + struct lu_ent *ent; + + ctx = lu_start(username, lu_user, NULL, NULL, lu_prompt_console_quiet, + NULL, &error); + if (ctx == NULL) + errx(EXIT_FAILURE, _("libuser initialization failed: %s."), + lu_strerror(error)); + + if(!auth_lu(service_name, ctx, uid, username)) { + errno = EACCES; + err(EXIT_FAILURE, _("changing user attribute failed")); + } + + /* Look up the user's record. */ + ent = lu_ent_new(); + if (lu_user_lookup_name(ctx, username, ent, &error) == FALSE) { + lu_end(ctx); + errx(EXIT_FAILURE, _("user \"%s\" does not exist."), username); + } + + lu_ent_set_string(ent, attr, val); + if (!lu_user_modify(ctx, ent, &error)) { + lu_ent_free(ent); + lu_end(ctx); + errx(EXIT_FAILURE, _("user attribute not changed: %s"), lu_strerror(error)); + } + lu_ent_free(ent); + lu_end(ctx); + return TRUE; +} |