projects / thirdparty / util-linux.git / blame
| Commit | Line | Data |
|---|---|---|
| d91ad6ab CM |
1 | /* |
| 2 | * auth.c -- PAM authorization code, common between chsh and chfn | |
| 3 | * (c) 2012 by Cody Maloney <cmaloney@theoreticalchaos.com> | |
| 4 | * | |
| 5 | * this program is free software. you can redistribute it and | |
| 6 | * modify it under the terms of the gnu general public license. | |
| 7 | * there is no warranty. | |
| 8 | * | |
| 9 | */ | |
| d91ad6ab | 10 | #include "auth.h" |
| d91ad6ab CM |
11 | #include "pamfail.h" |
| 12 | ||
| d86918b6 KZ |
13 | int auth_pam(const char *service_name, uid_t uid, const char *username) |
| 14 | { | |
| d91ad6ab CM |
15 | if (uid != 0) { |
| 16 | pam_handle_t *pamh = NULL; | |
| fe2c9909 | 17 | #ifdef HAVE_SECURITY_PAM_MISC_H |
| d91ad6ab | 18 | struct pam_conv conv = { misc_conv, NULL }; |
| fe2c9909 WJ |
19 | #elif defined(HAVE_SECURITY_OPENPAM_H) |
| 20 | struct pam_conv conv = { openpam_ttyconv, NULL }; | |
| 21 | #endif | |
| d91ad6ab CM |
22 | int retcode; |
| 23 | ||
| 24 | retcode = pam_start(service_name, username, &conv, &pamh); | |
| 25 | if (pam_fail_check(pamh, retcode)) | |
| 26 | return FALSE; | |
| 27 | ||
| 28 | retcode = pam_authenticate(pamh, 0); | |
| 29 | if (pam_fail_check(pamh, retcode)) | |
| 30 | return FALSE; | |
| 31 | ||
| 32 | retcode = pam_acct_mgmt(pamh, 0); | |
| 33 | if (retcode == PAM_NEW_AUTHTOK_REQD) | |
| 34 | retcode = | |
| 35 | pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); | |
| 36 | if (pam_fail_check(pamh, retcode)) | |
| 37 | return FALSE; | |
| 38 | ||
| 39 | retcode = pam_setcred(pamh, 0); | |
| 40 | if (pam_fail_check(pamh, retcode)) | |
| 41 | return FALSE; | |
| 42 | ||
| 43 | pam_end(pamh, 0); | |
| 44 | /* no need to establish a session; this isn't a | |
| 45 | * session-oriented activity... */ | |
| 46 | } | |
| 47 | return TRUE; | |
| d91ad6ab | 48 | } |