login: PAM session initialization refactoring

Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/login-utils/login.c b/login-utils/login.c
index 828117850fe59337602e6db4fe5c008deda969b4..d318e120c77759827c15f124cda87d9028065e8f 100644 (file)
--- a/login-utils/login.c
+++ b/login-utils/login.c
@@ -705,6 +705,22 @@ static void loginpam_acct(struct login_context *cxt)
        }
 }
 
+static void loginpam_session(struct login_context *cxt)
+{
+       int rc;
+       pam_handle_t *pamh = cxt->pamh;
+
+       rc = pam_open_session(pamh, 0);
+       if (is_pam_failure(rc))
+               loginpam_err(pamh, rc);
+
+       rc = pam_setcred(pamh, PAM_ESTABLISH_CRED);
+       if (is_pam_failure(rc)) {
+               pam_close_session(pamh, 0);
+               loginpam_err(pamh, rc);
+       }
+}
+
 /*
  * We need to check effective UID/GID. For example $HOME could be on root
  * squashed NFS or on NFS with UID mapping and access(2) uses real UID/GID.
@@ -980,15 +996,10 @@ int main(int argc, char **argv)
                exit(EXIT_FAILURE);
        }
 
-       retcode = pam_open_session(pamh, 0);
-       if (is_pam_failure(retcode))
-               loginpam_err(pamh, retcode);
-
-       retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED);
-       if (is_pam_failure(retcode)) {
-               pam_close_session(pamh, 0);
-               loginpam_err(pamh, retcode);
-       }
+       /*
+        * Open PAM session (after successful authentication and account check)
+        */
+       loginpam_session(&cxt);
 
        /* committed to login -- turn off timeout */
        alarm((unsigned int)0);