]>
Commit | Line | Data |
---|---|---|
d91ad6ab CM |
1 | /* |
2 | * auth.c -- PAM authorization code, common between chsh and chfn | |
3 | * (c) 2012 by Cody Maloney <cmaloney@theoreticalchaos.com> | |
4 | * | |
5 | * this program is free software. you can redistribute it and | |
6 | * modify it under the terms of the gnu general public license. | |
7 | * there is no warranty. | |
8 | * | |
9 | */ | |
d91ad6ab | 10 | #include "auth.h" |
d91ad6ab CM |
11 | #include "pamfail.h" |
12 | ||
d86918b6 KZ |
13 | int auth_pam(const char *service_name, uid_t uid, const char *username) |
14 | { | |
d91ad6ab CM |
15 | if (uid != 0) { |
16 | pam_handle_t *pamh = NULL; | |
fe2c9909 | 17 | #ifdef HAVE_SECURITY_PAM_MISC_H |
d91ad6ab | 18 | struct pam_conv conv = { misc_conv, NULL }; |
fe2c9909 WJ |
19 | #elif defined(HAVE_SECURITY_OPENPAM_H) |
20 | struct pam_conv conv = { openpam_ttyconv, NULL }; | |
21 | #endif | |
d91ad6ab CM |
22 | int retcode; |
23 | ||
24 | retcode = pam_start(service_name, username, &conv, &pamh); | |
25 | if (pam_fail_check(pamh, retcode)) | |
26 | return FALSE; | |
27 | ||
28 | retcode = pam_authenticate(pamh, 0); | |
29 | if (pam_fail_check(pamh, retcode)) | |
30 | return FALSE; | |
31 | ||
32 | retcode = pam_acct_mgmt(pamh, 0); | |
33 | if (retcode == PAM_NEW_AUTHTOK_REQD) | |
34 | retcode = | |
35 | pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); | |
36 | if (pam_fail_check(pamh, retcode)) | |
37 | return FALSE; | |
38 | ||
39 | retcode = pam_setcred(pamh, 0); | |
40 | if (pam_fail_check(pamh, retcode)) | |
41 | return FALSE; | |
42 | ||
43 | pam_end(pamh, 0); | |
44 | /* no need to establish a session; this isn't a | |
45 | * session-oriented activity... */ | |
46 | } | |
47 | return TRUE; | |
d91ad6ab | 48 | } |