* src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,
src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c, src/chsh.c: Simplify the PAM error handling. Do not keep the pamh handle, but terminate the PAM transaction as soon as possible if there are no PAM session opened.
This commit is contained in:
nekral-guest
35
src/chage.c
35
src/chage.c
@@ -83,10 +83,6 @@ static long warndays;
|
||||
static long inactdays;
|
||||
static long expdays;
|
||||
|
||||
#ifdef USE_PAM
|
||||
static pam_handle_t *pamh = NULL;
|
||||
#endif
|
||||
|
||||
#define EPOCH "1969-12-31"
|
||||
|
||||
/* local function prototypes */
|
||||
@@ -132,16 +128,6 @@ static void fail_exit (int code)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef USE_PAM
|
||||
if (NULL != pamh) {
|
||||
/* If there is a PAM error, pam_end will be called by the
|
||||
* caller.
|
||||
* We always end the pam transaction with PAM_SUCCESS here.
|
||||
*/
|
||||
(void) pam_end (pamh, PAM_SUCCESS);
|
||||
}
|
||||
#endif
|
||||
|
||||
exit (code);
|
||||
}
|
||||
|
||||
@@ -499,6 +485,7 @@ static void check_flags (int argc, int opt_index)
|
||||
static void check_perms (void)
|
||||
{
|
||||
#ifdef USE_PAM
|
||||
pam_handle_t *pamh = NULL;
|
||||
struct passwd *pampw;
|
||||
int retval;
|
||||
#endif
|
||||
@@ -515,34 +502,26 @@ static void check_perms (void)
|
||||
}
|
||||
|
||||
#ifdef USE_PAM
|
||||
retval = PAM_SUCCESS;
|
||||
|
||||
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
|
||||
if (NULL == pampw) {
|
||||
retval = PAM_USER_UNKNOWN;
|
||||
}
|
||||
|
||||
if (PAM_SUCCESS == retval) {
|
||||
} else {
|
||||
retval = pam_start ("chage", pampw->pw_name, &conv, &pamh);
|
||||
}
|
||||
|
||||
if (PAM_SUCCESS == retval) {
|
||||
retval = pam_authenticate (pamh, 0);
|
||||
if (PAM_SUCCESS != retval) {
|
||||
(void) pam_end (pamh, retval);
|
||||
}
|
||||
}
|
||||
|
||||
if (PAM_SUCCESS == retval) {
|
||||
retval = pam_acct_mgmt (pamh, 0);
|
||||
if (PAM_SUCCESS != retval) {
|
||||
(void) pam_end (pamh, retval);
|
||||
}
|
||||
}
|
||||
|
||||
if (NULL != pamh) {
|
||||
(void) pam_end (pamh, retval);
|
||||
}
|
||||
if (PAM_SUCCESS != retval) {
|
||||
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
|
||||
pamh = NULL;
|
||||
fail_exit (E_NOPERM);
|
||||
}
|
||||
#endif /* USE_PAM */
|
||||
@@ -912,10 +891,6 @@ int main (int argc, char **argv)
|
||||
|
||||
SYSLOG ((LOG_INFO, "changed password expiry for %s", user_name));
|
||||
|
||||
#ifdef USE_PAM
|
||||
(void) pam_end (pamh, PAM_SUCCESS);
|
||||
#endif /* USE_PAM */
|
||||
|
||||
closelog ();
|
||||
exit (E_SUCCESS);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user