* src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,

src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
	src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
	src/chsh.c: Simplify the PAM error handling. Do not keep the pamh
	handle, but terminate the PAM transaction as soon as possible if
	there are no PAM session opened.
This commit is contained in:
nekral-guest 2008-09-06 13:28:02 +00:00
parent ee4e367ea8
commit 18fc4505d3
14 changed files with 82 additions and 182 deletions

View File

@ -1,3 +1,12 @@
2008-09-06 Nicolas François <nicolas.francois@centraliens.net>
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,
src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
src/chsh.c: Simplify the PAM error handling. Do not keep the pamh
handle, but terminate the PAM transaction as soon as possible if
there are no PAM session opened.
2008-09-06 Nicolas François <nicolas.francois@centraliens.net>
* src/newgrp.c, src/userdel.c, src/grpck.c, src/gpasswd.c,

View File

@ -83,10 +83,6 @@ static long warndays;
static long inactdays;
static long expdays;
#ifdef USE_PAM
static pam_handle_t *pamh = NULL;
#endif
#define EPOCH "1969-12-31"
/* local function prototypes */
@ -132,16 +128,6 @@ static void fail_exit (int code)
}
#endif
#ifdef USE_PAM
if (NULL != pamh) {
/* If there is a PAM error, pam_end will be called by the
* caller.
* We always end the pam transaction with PAM_SUCCESS here.
*/
(void) pam_end (pamh, PAM_SUCCESS);
}
#endif
exit (code);
}
@ -499,6 +485,7 @@ static void check_flags (int argc, int opt_index)
static void check_perms (void)
{
#ifdef USE_PAM
pam_handle_t *pamh = NULL;
struct passwd *pampw;
int retval;
#endif
@ -515,34 +502,26 @@ static void check_perms (void)
}
#ifdef USE_PAM
retval = PAM_SUCCESS;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (NULL == pampw) {
retval = PAM_USER_UNKNOWN;
}
if (PAM_SUCCESS == retval) {
} else {
retval = pam_start ("chage", pampw->pw_name, &conv, &pamh);
}
if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0);
if (PAM_SUCCESS != retval) {
(void) pam_end (pamh, retval);
}
}
if (PAM_SUCCESS == retval) {
retval = pam_acct_mgmt (pamh, 0);
if (PAM_SUCCESS != retval) {
(void) pam_end (pamh, retval);
}
}
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
pamh = NULL;
fail_exit (E_NOPERM);
}
#endif /* USE_PAM */
@ -912,10 +891,6 @@ int main (int argc, char **argv)
SYSLOG ((LOG_INFO, "changed password expiry for %s", user_name));
#ifdef USE_PAM
(void) pam_end (pamh, PAM_SUCCESS);
#endif /* USE_PAM */
closelog ();
exit (E_SUCCESS);
}

View File

@ -69,9 +69,6 @@ static bool rflg = false; /* -r - set room number */
static bool wflg = false; /* -w - set work phone number */
static bool hflg = false; /* -h - set home phone number */
static bool oflg = false; /* -o - set other information */
#ifdef USE_PAM
static pam_handle_t *pamh = NULL;
#endif
static bool pw_locked = false;
/*
@ -338,6 +335,7 @@ static void process_flags (int argc, char **argv)
static void check_perms (const struct passwd *pw)
{
#ifdef USE_PAM
pam_handle_t *pamh = NULL;
int retval;
struct passwd *pampw;
#endif
@ -377,32 +375,25 @@ static void check_perms (const struct passwd *pw)
}
#else /* !USE_PAM */
retval = PAM_SUCCESS;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (pampw == NULL) {
if (NULL == pampw) {
retval = PAM_USER_UNKNOWN;
}
if (retval == PAM_SUCCESS) {
} else {
retval = pam_start ("chfn", pampw->pw_name, &conv, &pamh);
}
if (retval == PAM_SUCCESS) {
if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0);
if (retval != PAM_SUCCESS) {
pam_end (pamh, retval);
}
}
if (retval == PAM_SUCCESS) {
if (PAM_SUCCESS == retval) {
retval = pam_acct_mgmt (pamh, 0);
if (retval != PAM_SUCCESS) {
pam_end (pamh, retval);
}
}
if (retval != PAM_SUCCESS) {
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
exit (E_NOPERM);
}
@ -725,10 +716,6 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd");
#ifdef USE_PAM
(void) pam_end (pamh, PAM_SUCCESS);
#endif /* USE_PAM */
closelog ();
exit (E_SUCCESS);
}

View File

@ -68,10 +68,6 @@ static bool sgr_locked = false;
#endif
static bool gr_locked = false;
#ifdef USE_PAM
static pam_handle_t *pamh = NULL;
#endif
/* local function prototypes */
static void fail_exit (int code);
static void usage (void);
@ -251,15 +247,14 @@ static void check_flags (void)
static void check_perms (void)
{
#ifdef USE_PAM
int retval = PAM_SUCCESS;
pam_handle_t *pamh = NULL;
int retval;
struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (NULL == pampw) {
retval = PAM_USER_UNKNOWN;
}
if (PAM_SUCCESS == retval) {
} else {
retval = pam_start ("chgpasswd", pampw->pw_name, &conv, &pamh);
}
@ -271,8 +266,10 @@ static void check_perms (void)
retval = pam_acct_mgmt (pamh, 0);
}
if (PAM_SUCCESS != retval) {
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
exit (1);
}
@ -528,10 +525,6 @@ int main (int argc, char **argv)
nscd_flush_cache ("group");
#ifdef USE_PAM
(void) pam_end (pamh, PAM_SUCCESS);
#endif /* USE_PAM */
return (0);
}

View File

@ -64,10 +64,6 @@ static bool is_shadow_pwd;
static bool pw_locked = false;
static bool spw_locked = false;
#ifdef USE_PAM
static pam_handle_t *pamh = NULL;
#endif
/* local function prototypes */
static void fail_exit (int code);
static void usage (void);
@ -245,15 +241,14 @@ static void check_flags (void)
static void check_perms (void)
{
#ifdef USE_PAM
int retval = PAM_SUCCESS;
pam_handle_t *pamh = NULL;
int retval;
struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (NULL == pampw) {
retval = PAM_USER_UNKNOWN;
}
if (PAM_SUCCESS == retval) {
} else {
retval = pam_start ("chpasswd", pampw->pw_name, &conv, &pamh);
}
@ -265,8 +260,10 @@ static void check_perms (void)
retval = pam_acct_mgmt (pamh, 0);
}
if (PAM_SUCCESS != retval) {
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
exit (1);
}
@ -513,10 +510,6 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd");
#ifdef USE_PAM
(void) pam_end (pamh, PAM_SUCCESS);
#endif /* USE_PAM */
return (0);
}

View File

@ -64,9 +64,6 @@ static bool amroot; /* Real UID is root */
static char loginsh[BUFSIZ]; /* Name of new login shell */
/* command line options */
static bool sflg = false; /* -s - set shell from command line */
#ifdef USE_PAM
static pam_handle_t *pamh = NULL;
#endif
static bool pw_locked = false;
/* external identifiers */
@ -251,6 +248,7 @@ static void process_flags (int argc, char **argv)
static void check_perms (const struct passwd *pw)
{
#ifdef USE_PAM
pam_handle_t *pamh = NULL;
int retval;
struct passwd *pampw;
#endif
@ -306,14 +304,10 @@ static void check_perms (const struct passwd *pw)
}
#else /* !USE_PAM */
retval = PAM_SUCCESS;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (NULL == pampw) {
retval = PAM_USER_UNKNOWN;
}
if (PAM_SUCCESS == retval) {
} else {
retval = pam_start ("chsh", pampw->pw_name, &conv, &pamh);
}
@ -325,8 +319,10 @@ static void check_perms (const struct passwd *pw)
retval = pam_acct_mgmt (pamh, 0);
}
if (PAM_SUCCESS != retval) {
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
exit (E_NOPERM);
}
@ -544,10 +540,6 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd");
#ifdef USE_PAM
(void) pam_end (pamh, PAM_SUCCESS);
#endif /* USE_PAM */
closelog ();
exit (E_SUCCESS);
}

View File

@ -87,11 +87,6 @@ static bool sgr_locked = false;
#endif
static bool gr_locked = false;
#ifdef USE_PAM
static pam_handle_t *pamh = NULL;
#endif
/* local function prototypes */
static void usage (void);
static void new_grent (struct group *grent);
@ -400,14 +395,6 @@ static void fail_exit (int code)
}
#endif
#ifdef USE_PAM
if (NULL != pamh) {
/* If there is a PAM error, fail_exit is not called.
* We always end the pam transaction with PAM_SUCCESS here.
*/
(void) pam_end (pamh, PAM_SUCCESS);
}
#endif
exit (code);
}
@ -579,34 +566,29 @@ static void check_flags (void)
static void check_perms (void)
{
#ifdef USE_PAM
int retval = PAM_SUCCESS;
pam_handle_t *pamh = NULL;
int retval;
struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (pampw == NULL) {
if (NULL == pampw) {
retval = PAM_USER_UNKNOWN;
} else {
retval = pam_start ("groupadd", pampw->pw_name, &conv, &pamh);
}
if (retval == PAM_SUCCESS) {
retval = pam_start ("groupadd", pampw->pw_name,
&conv, &pamh);
}
if (retval == PAM_SUCCESS) {
if (PAM_SUCCESS == retval) {
retval = pam_authenticate (pamh, 0);
if (retval != PAM_SUCCESS) {
(void) pam_end (pamh, retval);
}
}
if (retval == PAM_SUCCESS) {
if (PAM_SUCCESS == retval) {
retval = pam_acct_mgmt (pamh, 0);
if (retval != PAM_SUCCESS) {
(void) pam_end (pamh, retval);
}
}
if (retval != PAM_SUCCESS) {
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
exit (1);
}
@ -661,10 +643,6 @@ int main (int argc, char **argv)
nscd_flush_cache ("group");
#ifdef USE_PAM
(void) pam_end (pamh, PAM_SUCCESS);
#endif /* USE_PAM */
exit (E_SUCCESS);
/* NOT REACHED */
}

View File

@ -337,16 +337,12 @@ int main (int argc, char **argv)
OPENLOG ("groupdel");
#ifdef USE_PAM
retval = PAM_SUCCESS;
{
struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (pampw == NULL) {
retval = PAM_USER_UNKNOWN;
}
if (PAM_SUCCESS == retval) {
} else {
retval = pam_start ("groupdel", pampw->pw_name,
&conv, &pamh);
}
@ -360,8 +356,10 @@ int main (int argc, char **argv)
retval = pam_acct_mgmt (pamh, 0);
}
if (PAM_SUCCESS != retval) {
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
exit (1);
}
@ -435,10 +433,6 @@ int main (int argc, char **argv)
nscd_flush_cache ("group");
#ifdef USE_PAM
(void) pam_end (pamh, PAM_SUCCESS);
#endif /* USE_PAM */
return E_SUCCESS;
}

View File

@ -440,7 +440,7 @@ static void check_perms (void)
if (!list) {
#ifdef USE_PAM
pam_handle_t *pamh = NULL;
int retval = PAM_SUCCESS;
int retval;
struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
@ -459,7 +459,9 @@ static void check_perms (void)
retval = pam_acct_mgmt (pamh, 0);
}
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
fail_exit (1);

View File

@ -702,16 +702,12 @@ int main (int argc, char **argv)
OPENLOG ("groupmod");
#ifdef USE_PAM
retval = PAM_SUCCESS;
{
struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (pampw == NULL) {
if (NULL == pamh) {
retval = PAM_USER_UNKNOWN;
}
if (PAM_SUCCESS == retval) {
} else {
retval = pam_start ("groupmod", pampw->pw_name,
&conv, &pamh);
}
@ -725,8 +721,10 @@ int main (int argc, char **argv)
retval = pam_acct_mgmt (pamh, 0);
}
if (PAM_SUCCESS != retval) {
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
fail_exit (1);
}
@ -810,9 +808,6 @@ int main (int argc, char **argv)
nscd_flush_cache ("group");
#ifdef USE_PAM
(void) pam_end (pamh, PAM_SUCCESS);
#endif /* USE_PAM */
exit (E_SUCCESS);
/* NOT REACHED */
}

View File

@ -83,10 +83,6 @@ static bool pw_locked = false;
static bool gr_locked = false;
static bool spw_locked = false;
#ifdef USE_PAM
static pam_handle_t *pamh = NULL;
#endif
/* local function prototypes */
static void usage (void);
static void fail_exit (int);
@ -566,15 +562,14 @@ static void check_flags (void)
static void check_perms (void)
{
#ifdef USE_PAM
int retval = PAM_SUCCESS;
pam_handle_t *pamh = NULL;
int retval;
struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (NULL == pampw) {
retval = PAM_USER_UNKNOWN;
}
if (PAM_SUCCESS == retval) {
} else {
retval = pam_start ("newusers", pampw->pw_name, &conv, &pamh);
}
@ -586,8 +581,10 @@ static void check_perms (void)
retval = pam_acct_mgmt (pamh, 0);
}
if (PAM_SUCCESS != retval) {
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
fail_exit (1);
}
@ -945,10 +942,6 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
#ifdef USE_PAM
(void) pam_end (pamh, PAM_SUCCESS);
#endif /* USE_PAM */
return 0;
}

View File

@ -1793,9 +1793,7 @@ int main (int argc, char **argv)
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (pampw == NULL) {
retval = PAM_USER_UNKNOWN;
}
if (PAM_SUCCESS == retval) {
} else {
retval = pam_start ("useradd", pampw->pw_name,
&conv, &pamh);
}
@ -1809,8 +1807,10 @@ int main (int argc, char **argv)
retval = pam_acct_mgmt (pamh, 0);
}
if (PAM_SUCCESS != retval) {
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
fail_exit (1);
}
@ -1952,10 +1952,6 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
#ifdef USE_PAM
(void) pam_end (pamh, PAM_SUCCESS);
#endif /* USE_PAM */
return E_SUCCESS;
}

View File

@ -838,9 +838,7 @@ int main (int argc, char **argv)
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (pampw == NULL) {
retval = PAM_USER_UNKNOWN;
}
if (retval == PAM_SUCCESS) {
} else {
retval = pam_start ("userdel", pampw->pw_name,
&conv, &pamh);
}
@ -854,8 +852,10 @@ int main (int argc, char **argv)
retval = pam_acct_mgmt (pamh, 0);
}
if (PAM_SUCCESS != retval) {
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
exit (E_PW_UPDATE);
}
@ -1000,9 +1000,6 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
#ifdef USE_PAM
(void) pam_end (pamh, PAM_SUCCESS);
#endif /* USE_PAM */
exit ((0 != errors) ? E_HOMEDIR : E_SUCCESS);
/* NOT REACHED */
}

View File

@ -1659,9 +1659,7 @@ int main (int argc, char **argv)
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (pampw == NULL) {
retval = PAM_USER_UNKNOWN;
}
if (PAM_SUCCESS == retval) {
} else {
retval = pam_start ("usermod", pampw->pw_name,
&conv, &pamh);
}
@ -1675,8 +1673,10 @@ int main (int argc, char **argv)
retval = pam_acct_mgmt (pamh, 0);
}
if (PAM_SUCCESS != retval) {
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
if (PAM_SUCCESS != retval) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
exit (1);
}
@ -1722,10 +1722,6 @@ int main (int argc, char **argv)
user_gid, gflg ? user_newgid : user_gid);
}
#ifdef USE_PAM
(void) pam_end (pamh, PAM_SUCCESS);
#endif /* USE_PAM */
exit (E_SUCCESS);
/* NOT REACHED */
}