+2008-09-06 Nicolas François <nicolas.francois@centraliens.net>
+
+ * src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,
+ src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
+ src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
+ src/chsh.c: Simplify the PAM error handling. Do not keep the pamh
+ handle, but terminate the PAM transaction as soon as possible if
+ there are no PAM session opened.
+
2008-09-06 Nicolas François <nicolas.francois@centraliens.net>
* src/newgrp.c, src/userdel.c, src/grpck.c, src/gpasswd.c,
static long inactdays;
static long expdays;
-#ifdef USE_PAM
-static pam_handle_t *pamh = NULL;
-#endif
-
#define EPOCH "1969-12-31"
/* local function prototypes */
}
#endif
-#ifdef USE_PAM
- if (NULL != pamh) {
- /* If there is a PAM error, pam_end will be called by the
- * caller.
- * We always end the pam transaction with PAM_SUCCESS here.
- */
- (void) pam_end (pamh, PAM_SUCCESS);
- }
-#endif
-
exit (code);
}
static void check_perms (void)
{
#ifdef USE_PAM
+ pam_handle_t *pamh = NULL;
struct passwd *pampw;
int retval;
#endif
}
#ifdef USE_PAM
- retval = PAM_SUCCESS;
-
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (NULL == pampw) {
retval = PAM_USER_UNKNOWN;
- }
-
- if (PAM_SUCCESS == retval) {
+ } else {
retval = pam_start ("chage", pampw->pw_name, &conv, &pamh);
}
if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0);
- if (PAM_SUCCESS != retval) {
- (void) pam_end (pamh, retval);
- }
}
if (PAM_SUCCESS == retval) {
retval = pam_acct_mgmt (pamh, 0);
- if (PAM_SUCCESS != retval) {
- (void) pam_end (pamh, retval);
- }
}
+ if (NULL != pamh) {
+ (void) pam_end (pamh, retval);
+ }
if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
- pamh = NULL;
fail_exit (E_NOPERM);
}
#endif /* USE_PAM */
SYSLOG ((LOG_INFO, "changed password expiry for %s", user_name));
-#ifdef USE_PAM
- (void) pam_end (pamh, PAM_SUCCESS);
-#endif /* USE_PAM */
-
closelog ();
exit (E_SUCCESS);
}
static bool wflg = false; /* -w - set work phone number */
static bool hflg = false; /* -h - set home phone number */
static bool oflg = false; /* -o - set other information */
-#ifdef USE_PAM
-static pam_handle_t *pamh = NULL;
-#endif
static bool pw_locked = false;
/*
static void check_perms (const struct passwd *pw)
{
#ifdef USE_PAM
+ pam_handle_t *pamh = NULL;
int retval;
struct passwd *pampw;
#endif
}
#else /* !USE_PAM */
- retval = PAM_SUCCESS;
-
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
- if (pampw == NULL) {
+ if (NULL == pampw) {
retval = PAM_USER_UNKNOWN;
- }
-
- if (retval == PAM_SUCCESS) {
+ } else {
retval = pam_start ("chfn", pampw->pw_name, &conv, &pamh);
}
- if (retval == PAM_SUCCESS) {
+ if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0);
- if (retval != PAM_SUCCESS) {
- pam_end (pamh, retval);
- }
}
- if (retval == PAM_SUCCESS) {
+ if (PAM_SUCCESS == retval) {
retval = pam_acct_mgmt (pamh, 0);
- if (retval != PAM_SUCCESS) {
- pam_end (pamh, retval);
- }
}
- if (retval != PAM_SUCCESS) {
+ if (NULL != pamh) {
+ (void) pam_end (pamh, retval);
+ }
+ if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
exit (E_NOPERM);
}
nscd_flush_cache ("passwd");
-#ifdef USE_PAM
- (void) pam_end (pamh, PAM_SUCCESS);
-#endif /* USE_PAM */
-
closelog ();
exit (E_SUCCESS);
}
#endif
static bool gr_locked = false;
-#ifdef USE_PAM
-static pam_handle_t *pamh = NULL;
-#endif
-
/* local function prototypes */
static void fail_exit (int code);
static void usage (void);
static void check_perms (void)
{
#ifdef USE_PAM
- int retval = PAM_SUCCESS;
+ pam_handle_t *pamh = NULL;
+ int retval;
struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (NULL == pampw) {
retval = PAM_USER_UNKNOWN;
- }
-
- if (PAM_SUCCESS == retval) {
+ } else {
retval = pam_start ("chgpasswd", pampw->pw_name, &conv, &pamh);
}
retval = pam_acct_mgmt (pamh, 0);
}
- if (PAM_SUCCESS != retval) {
+ if (NULL != pamh) {
(void) pam_end (pamh, retval);
+ }
+ if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
exit (1);
}
nscd_flush_cache ("group");
-#ifdef USE_PAM
- (void) pam_end (pamh, PAM_SUCCESS);
-#endif /* USE_PAM */
-
return (0);
}
static bool pw_locked = false;
static bool spw_locked = false;
-#ifdef USE_PAM
-static pam_handle_t *pamh = NULL;
-#endif
-
/* local function prototypes */
static void fail_exit (int code);
static void usage (void);
static void check_perms (void)
{
#ifdef USE_PAM
- int retval = PAM_SUCCESS;
+ pam_handle_t *pamh = NULL;
+ int retval;
struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (NULL == pampw) {
retval = PAM_USER_UNKNOWN;
- }
-
- if (PAM_SUCCESS == retval) {
+ } else {
retval = pam_start ("chpasswd", pampw->pw_name, &conv, &pamh);
}
retval = pam_acct_mgmt (pamh, 0);
}
- if (PAM_SUCCESS != retval) {
+ if (NULL != pamh) {
(void) pam_end (pamh, retval);
+ }
+ if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
exit (1);
}
nscd_flush_cache ("passwd");
-#ifdef USE_PAM
- (void) pam_end (pamh, PAM_SUCCESS);
-#endif /* USE_PAM */
-
return (0);
}
static char loginsh[BUFSIZ]; /* Name of new login shell */
/* command line options */
static bool sflg = false; /* -s - set shell from command line */
-#ifdef USE_PAM
-static pam_handle_t *pamh = NULL;
-#endif
static bool pw_locked = false;
/* external identifiers */
static void check_perms (const struct passwd *pw)
{
#ifdef USE_PAM
+ pam_handle_t *pamh = NULL;
int retval;
struct passwd *pampw;
#endif
}
#else /* !USE_PAM */
- retval = PAM_SUCCESS;
-
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (NULL == pampw) {
retval = PAM_USER_UNKNOWN;
- }
-
- if (PAM_SUCCESS == retval) {
+ } else {
retval = pam_start ("chsh", pampw->pw_name, &conv, &pamh);
}
retval = pam_acct_mgmt (pamh, 0);
}
- if (PAM_SUCCESS != retval) {
+ if (NULL != pamh) {
(void) pam_end (pamh, retval);
+ }
+ if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
exit (E_NOPERM);
}
nscd_flush_cache ("passwd");
-#ifdef USE_PAM
- (void) pam_end (pamh, PAM_SUCCESS);
-#endif /* USE_PAM */
-
closelog ();
exit (E_SUCCESS);
}
#endif
static bool gr_locked = false;
-
-#ifdef USE_PAM
-static pam_handle_t *pamh = NULL;
-#endif
-
/* local function prototypes */
static void usage (void);
static void new_grent (struct group *grent);
}
#endif
-#ifdef USE_PAM
- if (NULL != pamh) {
- /* If there is a PAM error, fail_exit is not called.
- * We always end the pam transaction with PAM_SUCCESS here.
- */
- (void) pam_end (pamh, PAM_SUCCESS);
- }
-#endif
exit (code);
}
static void check_perms (void)
{
#ifdef USE_PAM
- int retval = PAM_SUCCESS;
+ pam_handle_t *pamh = NULL;
+ int retval;
struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
- if (pampw == NULL) {
+ if (NULL == pampw) {
retval = PAM_USER_UNKNOWN;
+ } else {
+ retval = pam_start ("groupadd", pampw->pw_name, &conv, &pamh);
}
- if (retval == PAM_SUCCESS) {
- retval = pam_start ("groupadd", pampw->pw_name,
- &conv, &pamh);
- }
-
- if (retval == PAM_SUCCESS) {
+ if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0);
- if (retval != PAM_SUCCESS) {
- (void) pam_end (pamh, retval);
- }
}
- if (retval == PAM_SUCCESS) {
+ if (PAM_SUCCESS == retval) {
retval = pam_acct_mgmt (pamh, 0);
- if (retval != PAM_SUCCESS) {
- (void) pam_end (pamh, retval);
- }
}
- if (retval != PAM_SUCCESS) {
+ if (NULL != pamh) {
+ (void) pam_end (pamh, retval);
+ }
+ if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
exit (1);
}
nscd_flush_cache ("group");
-#ifdef USE_PAM
- (void) pam_end (pamh, PAM_SUCCESS);
-#endif /* USE_PAM */
-
exit (E_SUCCESS);
/* NOT REACHED */
}
OPENLOG ("groupdel");
#ifdef USE_PAM
- retval = PAM_SUCCESS;
-
{
struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (pampw == NULL) {
retval = PAM_USER_UNKNOWN;
- }
-
- if (PAM_SUCCESS == retval) {
+ } else {
retval = pam_start ("groupdel", pampw->pw_name,
&conv, &pamh);
}
retval = pam_acct_mgmt (pamh, 0);
}
- if (PAM_SUCCESS != retval) {
+ if (NULL != pamh) {
(void) pam_end (pamh, retval);
+ }
+ if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
exit (1);
}
nscd_flush_cache ("group");
-#ifdef USE_PAM
- (void) pam_end (pamh, PAM_SUCCESS);
-#endif /* USE_PAM */
-
return E_SUCCESS;
}
if (!list) {
#ifdef USE_PAM
pam_handle_t *pamh = NULL;
- int retval = PAM_SUCCESS;
+ int retval;
struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
retval = pam_acct_mgmt (pamh, 0);
}
- (void) pam_end (pamh, retval);
+ if (NULL != pamh) {
+ (void) pam_end (pamh, retval);
+ }
if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
fail_exit (1);
OPENLOG ("groupmod");
#ifdef USE_PAM
- retval = PAM_SUCCESS;
-
{
struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
- if (pampw == NULL) {
+ if (NULL == pamh) {
retval = PAM_USER_UNKNOWN;
- }
-
- if (PAM_SUCCESS == retval) {
+ } else {
retval = pam_start ("groupmod", pampw->pw_name,
&conv, &pamh);
}
retval = pam_acct_mgmt (pamh, 0);
}
- if (PAM_SUCCESS != retval) {
+ if (NULL != pamh) {
(void) pam_end (pamh, retval);
+ }
+ if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
fail_exit (1);
}
nscd_flush_cache ("group");
-#ifdef USE_PAM
- (void) pam_end (pamh, PAM_SUCCESS);
-#endif /* USE_PAM */
exit (E_SUCCESS);
/* NOT REACHED */
}
static bool gr_locked = false;
static bool spw_locked = false;
-#ifdef USE_PAM
-static pam_handle_t *pamh = NULL;
-#endif
-
/* local function prototypes */
static void usage (void);
static void fail_exit (int);
static void check_perms (void)
{
#ifdef USE_PAM
- int retval = PAM_SUCCESS;
+ pam_handle_t *pamh = NULL;
+ int retval;
struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (NULL == pampw) {
retval = PAM_USER_UNKNOWN;
- }
-
- if (PAM_SUCCESS == retval) {
+ } else {
retval = pam_start ("newusers", pampw->pw_name, &conv, &pamh);
}
retval = pam_acct_mgmt (pamh, 0);
}
- if (PAM_SUCCESS != retval) {
+ if (NULL != pamh) {
(void) pam_end (pamh, retval);
+ }
+ if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
fail_exit (1);
}
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
-#ifdef USE_PAM
- (void) pam_end (pamh, PAM_SUCCESS);
-#endif /* USE_PAM */
-
return 0;
}
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (pampw == NULL) {
retval = PAM_USER_UNKNOWN;
- }
-
- if (PAM_SUCCESS == retval) {
+ } else {
retval = pam_start ("useradd", pampw->pw_name,
&conv, &pamh);
}
retval = pam_acct_mgmt (pamh, 0);
}
- if (PAM_SUCCESS != retval) {
+ if (NULL != pamh) {
(void) pam_end (pamh, retval);
+ }
+ if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
fail_exit (1);
}
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
-#ifdef USE_PAM
- (void) pam_end (pamh, PAM_SUCCESS);
-#endif /* USE_PAM */
-
return E_SUCCESS;
}
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (pampw == NULL) {
retval = PAM_USER_UNKNOWN;
- }
-
- if (retval == PAM_SUCCESS) {
+ } else {
retval = pam_start ("userdel", pampw->pw_name,
&conv, &pamh);
}
retval = pam_acct_mgmt (pamh, 0);
}
- if (PAM_SUCCESS != retval) {
+ if (NULL != pamh) {
(void) pam_end (pamh, retval);
+ }
+ if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
exit (E_PW_UPDATE);
}
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
-#ifdef USE_PAM
- (void) pam_end (pamh, PAM_SUCCESS);
-#endif /* USE_PAM */
exit ((0 != errors) ? E_HOMEDIR : E_SUCCESS);
/* NOT REACHED */
}
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (pampw == NULL) {
retval = PAM_USER_UNKNOWN;
- }
-
- if (PAM_SUCCESS == retval) {
+ } else {
retval = pam_start ("usermod", pampw->pw_name,
&conv, &pamh);
}
retval = pam_acct_mgmt (pamh, 0);
}
- if (PAM_SUCCESS != retval) {
+ if (NULL != pamh) {
(void) pam_end (pamh, retval);
+ }
+ if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
exit (1);
}
user_gid, gflg ? user_newgid : user_gid);
}
-#ifdef USE_PAM
- (void) pam_end (pamh, PAM_SUCCESS);
-#endif /* USE_PAM */
-
exit (E_SUCCESS);
/* NOT REACHED */
}
projects / shadow / commitdiff