From d91ad6ab3c925ad88c9df80dd78818b5aa2d14df Mon Sep 17 00:00:00 2001 From: Cody Maloney Date: Wed, 6 Feb 2013 23:22:19 -0700 Subject: chsh-chfn: Move pam auth to its own function, factoring out common code This makes it easier to add support for libuser, which needs the same PAM authentication. Also removes duplicate code between chsh and chfn. Signed-off-by: Cody Maloney --- login-utils/auth.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 login-utils/auth.c (limited to 'login-utils/auth.c') diff --git a/login-utils/auth.c b/login-utils/auth.c new file mode 100644 index 000000000..373bd22c1 --- /dev/null +++ b/login-utils/auth.c @@ -0,0 +1,47 @@ +/* + * auth.c -- PAM authorization code, common between chsh and chfn + * (c) 2012 by Cody Maloney + * + * this program is free software. you can redistribute it and + * modify it under the terms of the gnu general public license. + * there is no warranty. + * + */ + +#include "auth.h" + +#include "pamfail.h" + +int auth_pam(const char *service_name, uid_t uid, const char *username) { +#ifdef REQUIRE_PASSWORD + if (uid != 0) { + pam_handle_t *pamh = NULL; + struct pam_conv conv = { misc_conv, NULL }; + int retcode; + + retcode = pam_start(service_name, username, &conv, &pamh); + if (pam_fail_check(pamh, retcode)) + return FALSE; + + retcode = pam_authenticate(pamh, 0); + if (pam_fail_check(pamh, retcode)) + return FALSE; + + retcode = pam_acct_mgmt(pamh, 0); + if (retcode == PAM_NEW_AUTHTOK_REQD) + retcode = + pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); + if (pam_fail_check(pamh, retcode)) + return FALSE; + + retcode = pam_setcred(pamh, 0); + if (pam_fail_check(pamh, retcode)) + return FALSE; + + pam_end(pamh, 0); + /* no need to establish a session; this isn't a + * session-oriented activity... */ + } + return TRUE; +#endif /* REQUIRE_PASSWORD */ +} -- cgit v1.2.3-55-g7522