src/: Disable and remove account-tools-setuid conditionals

Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
Reviewed-by: Alejandro Colomar <alx@kernel.org>

diff --git a/src/Makefile.am b/src/Makefile.am
index c387ef8a4ab7c3c6d95ce71fed1381c96da5238d..de78dde78fe13bdd7ec1740c8fddc2ac54f68634 100644 (file)
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -69,9 +69,6 @@ endif
 if !WITH_TCB
 suidubins += passwd
 endif
-if ACCT_TOOLS_SETUID
-suidusbins += chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod
-endif
 if ENABLE_SUBIDS
 if !FCAPS
 suidubins += newgidmap newuidmap
@@ -86,12 +83,6 @@ LDADD          = $(INTLLIBS) \
                 $(top_builddir)/lib/libshadow.la \
                 $(LIBTCB)
 
-if ACCT_TOOLS_SETUID
-LIBPAM_SUID  = $(LIBPAM)
-else
-LIBPAM_SUID  =
-endif
-
 if USE_PAM
 LIBCRYPT_NOPAM =
 else
@@ -102,15 +93,15 @@ chage_LDADD    = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl
 newuidmap_LDADD    = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
 newgidmap_LDADD    = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
 chfn_LDADD     = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
-chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
+chgpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
 chsh_LDADD     = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
 chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) -ldl
 expiry_LDADD = $(LDADD) $(LIBECONF)
 gpasswd_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
-groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl
-groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl
+groupadd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl
+groupdel_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl
 groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
-groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl
+groupmod_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl
 grpck_LDADD    = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
 grpconv_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
 grpunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
@@ -131,9 +122,9 @@ su_SOURCES     = \
        suauth.c
 su_LDADD       = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) $(LIBSELINUX)
 sulogin_LDADD  = $(LDADD) $(LIBCRYPT) $(LIBECONF)
-useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBECONF) -ldl
-userdel_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) -ldl
-usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBECONF) -ldl
+useradd_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBECONF) -ldl
+userdel_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) -ldl
+usermod_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBECONF) -ldl
 vipw_LDADD     = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
 
 install-am: all-am

diff --git a/src/chgpasswd.c b/src/chgpasswd.c
index 38e9eae173de89efc0098bc1b6cbb42ece45081d..334d448720810e0c8911f3d9aecbe0c28ec7d24b 100644 (file)
--- a/src/chgpasswd.c
+++ b/src/chgpasswd.c
@@ -18,11 +18,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-#include "pam_defs.h"
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
 #include "atoi/a2i.h"
 #include "defines.h"
 #include "nscd.h"
@@ -80,7 +75,6 @@ NORETURN static void fail_exit (int code, bool process_selinux);
 NORETURN static void usage (int status);
 static void process_flags (int argc, char **argv, struct option_flags *flags);
 static void check_flags (void);
-static void check_perms (void);
 static void open_files (bool process_selinux);
 static void close_files(const struct option_flags *flags);
 
@@ -292,56 +286,6 @@ static void check_flags (void)
        }
 }
 
-/*
- * check_perms - check if the caller is allowed to add a group
- *
- *     With PAM support, the setuid bit can be set on chgpasswd to allow
- *     non-root users to groups.
- *     Without PAM support, only users who can write in the group databases
- *     can add groups.
- *
- *     It will not return if the user is not allowed.
- */
-static void check_perms (void)
-{
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-       pam_handle_t *pamh = NULL;
-       int retval;
-       struct passwd *pampw;
-
-       pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
-       if (NULL == pampw) {
-               fprintf (stderr,
-                        _("%s: Cannot determine your user name.\n"),
-                        Prog);
-               exit (1);
-       }
-
-       retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
-
-       if (PAM_SUCCESS == retval) {
-               retval = pam_authenticate (pamh, 0);
-       }
-
-       if (PAM_SUCCESS == retval) {
-               retval = pam_acct_mgmt (pamh, 0);
-       }
-
-       if (PAM_SUCCESS != retval) {
-               fprintf (stderr, _("%s: PAM: %s\n"),
-                        Prog, pam_strerror (pamh, retval));
-               SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval)));
-               if (NULL != pamh) {
-                       (void) pam_end (pamh, retval);
-               }
-               exit (1);
-       }
-       (void) pam_end (pamh, retval);
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
-}
-
 /*
  * open_files - lock and open the group databases
  */
@@ -463,8 +407,6 @@ int main (int argc, char **argv)
 
        OPENLOG (Prog);
 
-       check_perms ();
-
 #ifdef SHADOWGRP
        is_shadow_grp = sgr_file_present ();
 #endif

diff --git a/src/chpasswd.c b/src/chpasswd.c
index 131e4a09a51cca09efc26ae405603ab77ef79475..0339ecf941043c3b734cd1ecdfdbf1add9c38513 100644 (file)
--- a/src/chpasswd.c
+++ b/src/chpasswd.c
@@ -79,7 +79,6 @@ NORETURN static void fail_exit (int code, bool process_selinux);
 NORETURN static void usage (int status);
 static void process_flags (int argc, char **argv, struct option_flags *flags);
 static void check_flags (void);
-static void check_perms (void);
 static void open_files(const struct option_flags *flags);
 static void close_files(const struct option_flags *flags);
 
@@ -288,60 +287,6 @@ static void check_flags (void)
        }
 }
 
-/*
- * check_perms - check if the caller is allowed to add a group
- *
- *     With PAM support, the setuid bit can be set on chpasswd to allow
- *     non-root users to groups.
- *     Without PAM support, only users who can write in the group databases
- *     can add groups.
- *
- *     It will not return if the user is not allowed.
- */
-static void check_perms (void)
-{
-#ifdef USE_PAM
-#ifdef ACCT_TOOLS_SETUID
-       /* If chpasswd uses PAM and is SUID, check the permissions,
-        * otherwise, the permissions are enforced by the access to the
-        * passwd and shadow files.
-        */
-       pam_handle_t *pamh = NULL;
-       int retval;
-       struct passwd *pampw;
-
-       pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
-       if (NULL == pampw) {
-               fprintf (stderr,
-                        _("%s: Cannot determine your user name.\n"),
-                        Prog);
-               exit (1);
-       }
-
-       retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
-
-       if (PAM_SUCCESS == retval) {
-               retval = pam_authenticate (pamh, 0);
-       }
-
-       if (PAM_SUCCESS == retval) {
-               retval = pam_acct_mgmt (pamh, 0);
-       }
-
-       if (PAM_SUCCESS != retval) {
-               fprintf (stderr, _("%s: PAM: %s\n"),
-                        Prog, pam_strerror (pamh, retval));
-               SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval)));
-               if (NULL != pamh) {
-                       (void) pam_end (pamh, retval);
-               }
-               exit (1);
-       }
-       (void) pam_end (pamh, retval);
-#endif                         /* ACCT_TOOLS_SETUID */
-#endif                         /* USE_PAM */
-}
-
 /*
  * open_files - lock and open the password databases
  */
@@ -503,8 +448,6 @@ int main (int argc, char **argv)
 
        OPENLOG (Prog);
 
-       check_perms ();
-
 #ifdef USE_PAM
        if (!use_pam)
 #endif                         /* USE_PAM */

diff --git a/src/groupadd.c b/src/groupadd.c
index fab8111b4a9f944ddc5582316bb70e5beec72d56..4d84bb678df50d426506536fd737cd2359ec4b01 100644 (file)
--- a/src/groupadd.c
+++ b/src/groupadd.c
@@ -18,12 +18,6 @@
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-#include "pam_defs.h"
-#include <pwd.h>
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
 
 #include "atoi/getnum.h"
 #include "chkname.h"
@@ -100,7 +94,6 @@ static void close_files(const struct option_flags *flags);
 static void open_files(const struct option_flags *flags);
 static void process_flags (int argc, char **argv, struct option_flags *flags);
 static void check_flags (void);
-static void check_perms (void);
 
 /*
  * usage - display usage message and exit
@@ -550,56 +543,6 @@ static void check_flags (void)
        }
 }
 
-/*
- * check_perms - check if the caller is allowed to add a group
- *
- *     With PAM support, the setuid bit can be set on groupadd to allow
- *     non-root users to groups.
- *     Without PAM support, only users who can write in the group databases
- *     can add groups.
- *
- *     It will not return if the user is not allowed.
- */
-static void check_perms (void)
-{
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-       pam_handle_t *pamh = NULL;
-       int retval;
-       struct passwd *pampw;
-
-       pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
-       if (NULL == pampw) {
-               fprintf (stderr,
-                        _("%s: Cannot determine your user name.\n"),
-                        Prog);
-               fail_exit (1);
-       }
-
-       retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
-
-       if (PAM_SUCCESS == retval) {
-               retval = pam_authenticate (pamh, 0);
-       }
-
-       if (PAM_SUCCESS == retval) {
-               retval = pam_acct_mgmt (pamh, 0);
-       }
-
-       if (PAM_SUCCESS != retval) {
-               fprintf (stderr, _("%s: PAM: %s\n"),
-                        Prog, pam_strerror (pamh, retval));
-               SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval)));
-               if (NULL != pamh) {
-                       (void) pam_end (pamh, retval);
-               }
-               fail_exit (1);
-       }
-       (void) pam_end (pamh, retval);
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
-}
-
 /*
  * main - groupadd command
  */
@@ -634,8 +577,6 @@ int main (int argc, char **argv)
         */
        process_flags (argc, argv, &flags);
 
-       check_perms ();
-
        if (run_parts ("/etc/shadow-maint/groupadd-pre.d", group_name,
                        Prog)) {
                exit(1);

diff --git a/src/groupdel.c b/src/groupdel.c
index 5b4bb8d1f8cf28939d73d3980a65860f4a7cf7af..47a080d5e215db057e235ad36e9896d4c96efab4 100644 (file)
--- a/src/groupdel.c
+++ b/src/groupdel.c
@@ -15,11 +15,6 @@
 #include <fcntl.h>
 #include <grp.h>
 #include <pwd.h>
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-#include "pam_defs.h"
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
 #include <stdio.h>
 #include <sys/types.h>
 #include <getopt.h>
@@ -362,12 +357,6 @@ static void process_flags (int argc, char **argv, struct option_flags *flags)
 
 int main (int argc, char **argv)
 {
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-       pam_handle_t *pamh = NULL;
-       int retval;
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
        struct option_flags  flags = {.chroot = false, .prefix = false};
 
        log_set_progname(Prog);
@@ -394,41 +383,6 @@ int main (int argc, char **argv)
 
        process_flags (argc, argv, &flags);
 
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-       {
-               struct passwd *pampw;
-               pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
-               if (pampw == NULL) {
-                       fprintf (stderr,
-                                _("%s: Cannot determine your user name.\n"),
-                                Prog);
-                       fail_exit (1);
-               }
-
-               retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
-       }
-
-       if (PAM_SUCCESS == retval) {
-               retval = pam_authenticate (pamh, 0);
-       }
-
-       if (PAM_SUCCESS == retval) {
-               retval = pam_acct_mgmt (pamh, 0);
-       }
-
-       if (PAM_SUCCESS != retval) {
-               fprintf (stderr, _("%s: PAM: %s\n"),
-                        Prog, pam_strerror (pamh, retval));
-               SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval)));
-               if (NULL != pamh) {
-                       (void) pam_end (pamh, retval);
-               }
-               fail_exit (1);
-       }
-       (void) pam_end (pamh, retval);
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
 
 #ifdef SHADOWGRP
        is_shadow_grp = sgr_file_present ();

diff --git a/src/groupmod.c b/src/groupmod.c
index c29f905088293ce670179b808b522166d8c0f3d4..ce265c8e43b380931e768d68c3fed094d912da43 100644 (file)
--- a/src/groupmod.c
+++ b/src/groupmod.c
@@ -20,12 +20,6 @@
 #include <string.h>
 #include <strings.h>
 #include <sys/types.h>
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-#include "pam_defs.h"
-#include <pwd.h>
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
 
 #include "alloc/malloc.h"
 #include "atoi/getnum.h"
@@ -783,12 +777,6 @@ void update_primary_groups (gid_t ogid, gid_t ngid)
  */
 int main (int argc, char **argv)
 {
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-       pam_handle_t *pamh = NULL;
-       int retval;
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
        struct option_flags  flags = {.chroot = false, .prefix = false};
 
        log_set_progname(Prog);
@@ -815,42 +803,6 @@ int main (int argc, char **argv)
 
        process_flags (argc, argv, &flags);
 
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-       {
-               struct passwd *pampw;
-               pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
-               if (NULL == pampw) {
-                       fprintf (stderr,
-                                _("%s: Cannot determine your user name.\n"),
-                                Prog);
-                       exit (E_PAM_USERNAME);
-               }
-
-               retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
-       }
-
-       if (PAM_SUCCESS == retval) {
-               retval = pam_authenticate (pamh, 0);
-       }
-
-       if (PAM_SUCCESS == retval) {
-               retval = pam_acct_mgmt (pamh, 0);
-       }
-
-       if (PAM_SUCCESS != retval) {
-               fprintf (stderr, _("%s: PAM: %s\n"),
-                        Prog, pam_strerror (pamh, retval));
-               SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval)));
-               if (NULL != pamh) {
-                       (void) pam_end (pamh, retval);
-               }
-               exit (E_PAM_ERROR);
-       }
-       (void) pam_end (pamh, retval);
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
-
 #ifdef SHADOWGRP
        is_shadow_grp = sgr_file_present ();
 #endif

diff --git a/src/newusers.c b/src/newusers.c
index e9353fdc0aa6fb4759c71c5ce72d2b8b9ad17079..952fa4172b3a849b70c166112c4884487f233d30 100644 (file)
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -36,11 +36,6 @@
 #include "atoi/a2i.h"
 #include "atoi/getnum.h"
 #include "attr.h"
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-#include "pam_defs.h"
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
 #include "chkname.h"
 #include "defines.h"
 #include "getdef.h"
@@ -118,7 +113,6 @@ static int update_passwd (struct passwd *, const char *);
 static int add_passwd (struct passwd *, const char *);
 static void process_flags (int argc, char **argv, struct option_flags *flags);
 static void check_flags (void);
-static void check_perms(const struct option_flags *flags);
 static void open_files (bool process_selinux);
 static void close_files(const struct option_flags *flags);
 
@@ -788,60 +782,6 @@ static void check_flags (void)
 #endif                         /* !USE_PAM */
 }
 
-/*
- * check_perms - check if the caller is allowed to add a group
- *
- *     With PAM support, the setuid bit can be set on groupadd to allow
- *     non-root users to groups.
- *     Without PAM support, only users who can write in the group databases
- *     can add groups.
- *
- *     It will not return if the user is not allowed.
- */
-static void
-check_perms(MAYBE_UNUSED const struct option_flags *flags)
-{
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-       pam_handle_t *pamh = NULL;
-       int retval;
-       struct passwd *pampw;
-       bool process_selinux;
-
-       process_selinux = !flags->chroot;
-
-       pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
-       if (NULL == pampw) {
-               fprintf (stderr,
-                        _("%s: Cannot determine your user name.\n"),
-                        Prog);
-               fail_exit (EXIT_FAILURE, process_selinux);
-       }
-
-       retval = pam_start ("newusers", pampw->pw_name, &conv, &pamh);
-
-       if (PAM_SUCCESS == retval) {
-               retval = pam_authenticate (pamh, 0);
-       }
-
-       if (PAM_SUCCESS == retval) {
-               retval = pam_acct_mgmt (pamh, 0);
-       }
-
-       if (PAM_SUCCESS != retval) {
-               fprintf (stderr, _("%s: PAM: %s\n"),
-                        Prog, pam_strerror (pamh, retval));
-               SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval)));
-               if (NULL != pamh) {
-                       (void) pam_end (pamh, retval);
-               }
-               fail_exit (EXIT_FAILURE, process_selinux);
-       }
-       (void) pam_end (pamh, retval);
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
-}
-
 /*
  * open_files - lock and open the password, group and shadow databases
  */
@@ -1088,8 +1028,6 @@ int main (int argc, char **argv)
        process_flags (argc, argv, &flags);
        process_selinux = !flags.chroot;
 
-       check_perms (&flags);
-
        is_shadow = spw_file_present ();
 
 #ifdef SHADOWGRP

diff --git a/src/useradd.c b/src/useradd.c
index 0ff354681775edb60ee3d4b76ac9bc959bcc1b60..b2fa8f7920bb1b22fd0ee733a68a6bc09485aa54 100644 (file)
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -23,11 +23,6 @@
 #include <libgen.h>
 #include <pwd.h>
 #include <signal.h>
-#ifdef ACCT_TOOLS_SETUID
-# ifdef USE_PAM
-#  include "pam_defs.h"
-# endif                                /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
 #include <paths.h>
 #include <stddef.h>
 #include <stdio.h>
@@ -2454,13 +2449,6 @@ static void check_uid_range(int rflg, uid_t user_id)
  */
 int main (int argc, char **argv)
 {
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-       pam_handle_t *pamh = NULL;
-       int retval;
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
-
 #ifdef ENABLE_SUBIDS
        uid_t uid_min;
        uid_t uid_max;
@@ -2524,42 +2512,6 @@ int main (int argc, char **argv)
                exit(1);
        }
 
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-       {
-               struct passwd *pampw;
-               pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
-               if (pampw == NULL && getuid ()) {
-                       fprintf (stderr,
-                                _("%s: Cannot determine your user name.\n"),
-                                Prog);
-                       fail_exit (1, process_selinux);
-               }
-
-               retval = pam_start (Prog, pampw?pampw->pw_name:"root", &conv, &pamh);
-       }
-
-       if (PAM_SUCCESS == retval) {
-               retval = pam_authenticate (pamh, 0);
-       }
-
-       if (PAM_SUCCESS == retval) {
-               retval = pam_acct_mgmt (pamh, 0);
-       }
-
-       if (PAM_SUCCESS != retval) {
-               fprintf (stderr, _("%s: PAM: %s\n"),
-                        Prog, pam_strerror (pamh, retval));
-               SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval)));
-               if (NULL != pamh) {
-                       (void) pam_end (pamh, retval);
-               }
-               fail_exit (1, process_selinux);
-       }
-       (void) pam_end (pamh, retval);
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
-
        /*
         * See if we are messing with the defaults file, or creating
         * a new user.

diff --git a/src/userdel.c b/src/userdel.c
index f021276436fd5a9ef6c19a86ae22f1a8cad6d2e0..925092abe7ff24c59ab65afb725b788ddd2e3fe1 100644 (file)
--- a/src/userdel.c
+++ b/src/userdel.c
@@ -20,11 +20,6 @@
 #include <sys/types.h>
 #include <unistd.h>
 
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-#include "pam_defs.h"
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
 #include "defines.h"
 #include "getdef.h"
 #include "groupio.h"
@@ -909,12 +904,6 @@ int main (int argc, char **argv)
 {
        bool errors = false; /* Error in the removal of the home directory */
 
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-       pam_handle_t *pamh = NULL;
-       int retval;
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
        struct option_flags  flags = {.chroot = false, .prefix = false};
        bool process_selinux;
 
@@ -1001,42 +990,6 @@ int main (int argc, char **argv)
                usage (E_USAGE);
        }
 
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-       {
-               struct passwd *pampw;
-               pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
-               if (pampw == NULL) {
-                       fprintf (stderr,
-                                _("%s: Cannot determine your user name.\n"),
-                                Prog);
-                       exit (E_PW_UPDATE);
-               }
-
-               retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
-       }
-
-       if (PAM_SUCCESS == retval) {
-               retval = pam_authenticate (pamh, 0);
-       }
-
-       if (PAM_SUCCESS == retval) {
-               retval = pam_acct_mgmt (pamh, 0);
-       }
-
-       if (PAM_SUCCESS != retval) {
-               fprintf (stderr, _("%s: PAM: %s\n"),
-                        Prog, pam_strerror (pamh, retval));
-               SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval)));
-               if (NULL != pamh) {
-                       (void) pam_end (pamh, retval);
-               }
-               exit (E_PW_UPDATE);
-       }
-       (void) pam_end (pamh, retval);
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
-
        is_shadow_pwd = spw_file_present ();
 #ifdef SHADOWGRP
        is_shadow_grp = sgr_file_present ();

diff --git a/src/usermod.c b/src/usermod.c
index 7cd7a8596d506fe1a293ab5247e3032208f61fff..13c9e1b4141397a2b81b3d4686b6884768b8b5c5 100644 (file)
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -21,11 +21,6 @@
 #include <lastlog.h>
 #endif /* ENABLE_LASTLOG */
 #include <pwd.h>
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-#include "pam_defs.h"
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
 #include <paths.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -2172,12 +2167,6 @@ static void move_mailbox (void)
  */
 int main (int argc, char **argv)
 {
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-       pam_handle_t *pamh = NULL;
-       int retval;
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
        struct option_flags  flags = {.chroot = false, .prefix = false};
        bool process_selinux;
 
@@ -2226,42 +2215,6 @@ int main (int argc, char **argv)
                exit (E_USER_BUSY);
        }
 
-#ifdef ACCT_TOOLS_SETUID
-#ifdef USE_PAM
-       {
-               struct passwd *pampw;
-               pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
-               if (pampw == NULL) {
-                       fprintf (stderr,
-                                _("%s: Cannot determine your user name.\n"),
-                                Prog);
-                       exit (1);
-               }
-
-               retval = pam_start (Prog, pampw->pw_name, &conv, &pamh);
-       }
-
-       if (PAM_SUCCESS == retval) {
-               retval = pam_authenticate (pamh, 0);
-       }
-
-       if (PAM_SUCCESS == retval) {
-               retval = pam_acct_mgmt (pamh, 0);
-       }
-
-       if (PAM_SUCCESS != retval) {
-               fprintf (stderr, _("%s: PAM: %s\n"),
-                        Prog, pam_strerror (pamh, retval));
-               SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval)));
-               if (NULL != pamh) {
-                       (void) pam_end (pamh, retval);
-               }
-               exit (1);
-       }
-       (void) pam_end (pamh, retval);
-#endif                         /* USE_PAM */
-#endif                         /* ACCT_TOOLS_SETUID */
-
 #ifdef WITH_TCB
        if (shadowtcb_set_user (user_name) == SHADOWTCB_FAILURE) {
                exit (E_PW_UPDATE);