summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/Makefile.am1
-rw-r--r--include/pamfail.h16
-rw-r--r--login-utils/chfn.c30
-rw-r--r--login-utils/chsh.c30
4 files changed, 35 insertions, 42 deletions
diff --git a/include/Makefile.am b/include/Makefile.am
index 64a620f8a..237840ab2 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -22,6 +22,7 @@ dist_noinst_HEADERS = \
md5.h \
minix.h \
nls.h \
+ pamfail.h \
path.h \
pathnames.h \
procutils.h \
diff --git a/include/pamfail.h b/include/pamfail.h
new file mode 100644
index 000000000..8008ce395
--- /dev/null
+++ b/include/pamfail.h
@@ -0,0 +1,16 @@
+#ifndef UTIL_LINUX_PAMFAIL_H
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+#include "c.h"
+
+static inline int
+pam_fail_check(pam_handle_t *pamh, int retcode)
+{
+ if (retcode == PAM_SUCCESS)
+ return 0;
+ warnx("%s", pam_strerror(pamh, retcode));
+ pam_end(pamh, retcode);
+ return 1;
+}
+
+#endif /* UTIL_LINUX_PAMFAIL_H */
diff --git a/login-utils/chfn.c b/login-utils/chfn.c
index 1ddd5864b..7e87999d5 100644
--- a/login-utils/chfn.c
+++ b/login-utils/chfn.c
@@ -34,6 +34,7 @@
#include <getopt.h>
#include <stdbool.h>
+#include "pamfail.h"
#include "islocal.h"
#include "setpwnam.h"
#include "strutils.h"
@@ -48,21 +49,6 @@
#include "selinux_utils.h"
#endif
-#ifdef REQUIRE_PASSWORD
-#include <security/pam_appl.h>
-#include <security/pam_misc.h>
-
-#define PAM_FAIL_CHECK(_ph, _rc) \
- do { \
- if ((_rc) != PAM_SUCCESS) { \
- fprintf(stderr, "\n%s\n", pam_strerror((_ph), (_rc))); \
- pam_end((_ph), (_rc)); \
- exit(EXIT_FAILURE); \
- } \
- } while(0)
-
-#endif /* REQUIRE_PASSWORD */
-
static char buf[1024];
struct finfo {
@@ -177,20 +163,22 @@ int main (int argc, char **argv) {
int retcode;
retcode = pam_start("chfn", oldf.username, &conv, &pamh);
- if(retcode != PAM_SUCCESS)
- errx(EXIT_FAILURE, _("PAM failure, aborting: %s"),
- pam_strerror(pamh, retcode));
+ if (pam_fail_check(pamh, retcode))
+ exit(EXIT_FAILURE);
retcode = pam_authenticate(pamh, 0);
- PAM_FAIL_CHECK(pamh, retcode);
+ if (pam_fail_check(pamh, retcode))
+ exit(EXIT_FAILURE);
retcode = pam_acct_mgmt(pamh, 0);
if (retcode == PAM_NEW_AUTHTOK_REQD)
retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
- PAM_FAIL_CHECK(pamh, retcode);
+ if (pam_fail_check(pamh, retcode))
+ exit(EXIT_FAILURE);
retcode = pam_setcred(pamh, 0);
- PAM_FAIL_CHECK(pamh, retcode);
+ if (pam_fail_check(pamh, retcode))
+ exit(EXIT_FAILURE);
pam_end(pamh, 0);
/* no need to establish a session; this isn't a session-oriented
diff --git a/login-utils/chsh.c b/login-utils/chsh.c
index bca161fb3..f6a5c9fa1 100644
--- a/login-utils/chsh.c
+++ b/login-utils/chsh.c
@@ -33,6 +33,7 @@
#include <getopt.h>
#include <stdbool.h>
+#include "pamfail.h"
#include "c.h"
#include "islocal.h"
#include "setpwnam.h"
@@ -41,21 +42,6 @@
#include "pathnames.h"
#include "xalloc.h"
-#ifdef REQUIRE_PASSWORD
-#include <security/pam_appl.h>
-#include <security/pam_misc.h>
-
-#define PAM_FAIL_CHECK(_ph, _rc) \
- do { \
- if ((_rc) != PAM_SUCCESS) { \
- fprintf(stderr, "\n%s\n", pam_strerror((_ph), (_rc))); \
- pam_end((_ph), (_rc)); \
- exit(EXIT_FAILURE); \
- } \
- } while(0)
-
-#endif /* REQUIRE_PASSWORD */
-
#ifdef HAVE_LIBSELINUX
#include <selinux/selinux.h>
#include <selinux/av_permissions.h>
@@ -163,20 +149,22 @@ main (int argc, char *argv[]) {
int retcode;
retcode = pam_start("chsh", pw->pw_name, &conv, &pamh);
- if(retcode != PAM_SUCCESS)
- errx(EXIT_FAILURE, _("PAM failure, aborting: %s"),
- pam_strerror(pamh, retcode));
+ if (pam_fail_check(pamh, retcode))
+ exit(EXIT_FAILURE);
retcode = pam_authenticate(pamh, 0);
- PAM_FAIL_CHECK(pamh, retcode);
+ if (pam_fail_check(pamh, retcode))
+ exit(EXIT_FAILURE);
retcode = pam_acct_mgmt(pamh, 0);
if (retcode == PAM_NEW_AUTHTOK_REQD)
retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
- PAM_FAIL_CHECK(pamh, retcode);
+ if (pam_fail_check(pamh, retcode))
+ exit(EXIT_FAILURE);
retcode = pam_setcred(pamh, 0);
- PAM_FAIL_CHECK(pamh, retcode);
+ if (pam_fail_check(pamh, retcode))
+ exit(EXIT_FAILURE);
pam_end(pamh, 0);
/* no need to establish a session; this isn't a session-oriented
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-07-13 21:04:07 +0200