2 * auth.c -- PAM authorization code, common between chsh and chfn
3 * (c) 2012 by Cody Maloney <cmaloney@theoreticalchaos.com>
5 * this program is free software. you can redistribute it and
6 * modify it under the terms of the gnu general public license.
7 * there is no warranty.
11 #include <security/pam_appl.h>
12 #ifdef HAVE_SECURITY_PAM_MISC_H
13 # include <security/pam_misc.h>
14 #elif defined(HAVE_SECURITY_OPENPAM_H)
15 # include <security/openpam.h>
21 static int pam_fail_check(pam_handle_t
*pamh
, int retcode
)
23 if (retcode
== PAM_SUCCESS
)
25 warnx("%s", pam_strerror(pamh
, retcode
));
26 pam_end(pamh
, retcode
);
30 int auth_pam(const char *service_name
, uid_t uid
, const char *username
)
33 pam_handle_t
*pamh
= NULL
;
34 #ifdef HAVE_SECURITY_PAM_MISC_H
35 struct pam_conv conv
= { misc_conv
, NULL
};
36 #elif defined(HAVE_SECURITY_OPENPAM_H)
37 struct pam_conv conv
= { openpam_ttyconv
, NULL
};
41 retcode
= pam_start(service_name
, username
, &conv
, &pamh
);
42 if (pam_fail_check(pamh
, retcode
))
45 retcode
= pam_authenticate(pamh
, 0);
46 if (pam_fail_check(pamh
, retcode
))
49 retcode
= pam_acct_mgmt(pamh
, 0);
50 if (retcode
== PAM_NEW_AUTHTOK_REQD
)
52 pam_chauthtok(pamh
, PAM_CHANGE_EXPIRED_AUTHTOK
);
53 if (pam_fail_check(pamh
, retcode
))
56 retcode
= pam_setcred(pamh
, 0);
57 if (pam_fail_check(pamh
, retcode
))
61 /* no need to establish a session; this isn't a
62 * session-oriented activity... */