2 * auth.c -- PAM authorization code, common between chsh and chfn
3 * (c) 2012 by Cody Maloney <cmaloney@theoreticalchaos.com>
5 * this program is free software. you can redistribute it and
6 * modify it under the terms of the gnu general public license.
7 * there is no warranty.
13 int auth_pam(const char *service_name
, uid_t uid
, const char *username
)
16 pam_handle_t
*pamh
= NULL
;
17 #ifdef HAVE_SECURITY_PAM_MISC_H
18 struct pam_conv conv
= { misc_conv
, NULL
};
19 #elif defined(HAVE_SECURITY_OPENPAM_H)
20 struct pam_conv conv
= { openpam_ttyconv
, NULL
};
24 retcode
= pam_start(service_name
, username
, &conv
, &pamh
);
25 if (pam_fail_check(pamh
, retcode
))
28 retcode
= pam_authenticate(pamh
, 0);
29 if (pam_fail_check(pamh
, retcode
))
32 retcode
= pam_acct_mgmt(pamh
, 0);
33 if (retcode
== PAM_NEW_AUTHTOK_REQD
)
35 pam_chauthtok(pamh
, PAM_CHANGE_EXPIRED_AUTHTOK
);
36 if (pam_fail_check(pamh
, retcode
))
39 retcode
= pam_setcred(pamh
, 0);
40 if (pam_fail_check(pamh
, retcode
))
44 /* no need to establish a session; this isn't a
45 * session-oriented activity... */