diff options
| author | Ludwig Nussel | 2012-06-01 14:51:19 +0200 |
|---|---|---|
| committer | Karel Zak | 2012-06-05 15:16:27 +0200 |
| commit | e824086bbd2d7a4f989d55062e1245007efcde6f (patch) | |
| tree | 0f2c09c021ee23483627b20925fff29ae88c0b37 /login-utils/su.c | |
| parent | su: introduce xsetenv globally (diff) | |
| download | kernel-qcow2-util-linux-e824086bbd2d7a4f989d55062e1245007efcde6f.tar.gz kernel-qcow2-util-linux-e824086bbd2d7a4f989d55062e1245007efcde6f.tar.xz kernel-qcow2-util-linux-e824086bbd2d7a4f989d55062e1245007efcde6f.zip | |
su: replace PAM_BAIL_P macro with better solution
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
Diffstat (limited to 'login-utils/su.c')
| -rw-r--r-- | login-utils/su.c | 56 |
1 files changed, 28 insertions, 28 deletions
diff --git a/login-utils/su.c b/login-utils/su.c index cdaf31e7d..cabf116d4 100644 --- a/login-utils/su.c +++ b/login-utils/su.c @@ -68,6 +68,8 @@ enum #define PAM_SERVICE_NAME "su" #define PAM_SERVICE_NAME_L "su-l" +#define is_pam_failure(_rc) ((_rc) != PAM_SUCCESS) + #include "logindefs.h" /* The shell to run if none is given in the user's passwd entry. */ @@ -148,13 +150,6 @@ static struct pam_conv conv = NULL }; -# define PAM_BAIL_P(a) \ - if (retval) \ - { \ - pam_end (pamh, retval); \ - a; \ - } - static void cleanup_pam (int retcode) { @@ -199,7 +194,7 @@ create_watching_parent (void) int retval; retval = pam_open_session (pamh, 0); - if (retval != PAM_SUCCESS) + if (is_pam_failure(retval)) { cleanup_pam (retval); error (EXIT_FAILURE, 0, _("cannot not open session: %s"), @@ -305,8 +300,8 @@ create_watching_parent (void) exit (status); } -static bool -correct_password (const struct passwd *pw) +static void +authenticate (const struct passwd *pw) { const struct passwd *lpw; const char *cp; @@ -314,7 +309,8 @@ correct_password (const struct passwd *pw) retval = pam_start (simulate_login ? PAM_SERVICE_NAME_L : PAM_SERVICE_NAME, pw->pw_name, &conv, &pamh); - PAM_BAIL_P (return false); + if (is_pam_failure(retval)) + goto done; if (isatty (0) && (cp = ttyname (0)) != NULL) { @@ -325,7 +321,8 @@ correct_password (const struct passwd *pw) else tty = cp; retval = pam_set_item (pamh, PAM_TTY, tty); - PAM_BAIL_P (return false); + if (is_pam_failure(retval)) + goto done; } # if 0 /* Manpage discourages use of getlogin. */ cp = getlogin (); @@ -335,20 +332,32 @@ correct_password (const struct passwd *pw) if (lpw && lpw->pw_name) { retval = pam_set_item (pamh, PAM_RUSER, (const void *) lpw->pw_name); - PAM_BAIL_P (return false); + if (is_pam_failure(retval)) + goto done; } + retval = pam_authenticate (pamh, 0); - PAM_BAIL_P (return false); + if (is_pam_failure(retval)) + goto done; + retval = pam_acct_mgmt (pamh, 0); if (retval == PAM_NEW_AUTHTOK_REQD) { /* Password has expired. Offer option to change it. */ retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK); - PAM_BAIL_P (return false); } - PAM_BAIL_P (return false); - /* Must be authenticated if this point was reached. */ - return true; + +done: + + log_su (pw, !is_pam_failure(retval)); + + if (is_pam_failure(retval)) + { + const char *msg = pam_strerror(pamh, retval); + pam_end(pamh, retval); + sleep (getlogindefs_num ("FAIL_DELAY", 1)); + error (EXIT_FAILURE, 0, "%s", msg?msg:_("incorrect password")); + } } /* Add or clear /sbin and /usr/sbin for the su command @@ -760,16 +769,7 @@ main (int argc, char **argv) : DEFAULT_SHELL); endpwent (); - if (!correct_password (pw)) - { - log_su (pw, false); - sleep (getlogindefs_num ("FAIL_DELAY", 1)); - error (EXIT_FAILURE, 0, _("incorrect password")); - } - else - { - log_su (pw, true); - } + authenticate (pw); if (request_same_session || !command || !pw->pw_uid) same_session = 1; |