* src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,

src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
	src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
	src/chsh.c: Simplify the PAM error handling. Do not keep the pamh
	handle, but terminate the PAM transaction as soon as possible if
	there are no PAM session opened.

src/groupmod.c

@@ -702,16 +702,12 @@ int main (int argc, char **argv)
 	OPENLOG ("groupmod");
 
 #ifdef USE_PAM
-	retval = PAM_SUCCESS;
-
 	{
 		struct passwd *pampw;
 		pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
-		if (pampw == NULL) {
+		if (NULL == pamh) {
 			retval = PAM_USER_UNKNOWN;
-		}
-
-		if (PAM_SUCCESS == retval) {
+		} else {
 			retval = pam_start ("groupmod", pampw->pw_name,
 					    &conv, &pamh);
 		}
@@ -725,8 +721,10 @@ int main (int argc, char **argv)
 		retval = pam_acct_mgmt (pamh, 0);
 	}
 
-	if (PAM_SUCCESS != retval) {
+	if (NULL != pamh) {
 		(void) pam_end (pamh, retval);
+	}
+	if (PAM_SUCCESS != retval) {
 		fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
 		fail_exit (1);
 	}
@@ -810,9 +808,6 @@ int main (int argc, char **argv)
 
 	nscd_flush_cache ("group");
 
-#ifdef USE_PAM
-	(void) pam_end (pamh, PAM_SUCCESS);
-#endif				/* USE_PAM */
 	exit (E_SUCCESS);
 	/* NOT REACHED */
 }