chsh-chfn: Move pam auth to its own function, factoring out common code

This makes it easier to add support for libuser, which needs the same PAM
authentication. Also removes duplicate code between chsh and chfn.

Signed-off-by: Cody Maloney <cmaloney@theoreticalchaos.com>

diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am
index 479b87b0fb3c9783b4da62edfd365b249b874495..ee853295c7af3bdba2e1c1f06f883c5a7e74ce2a 100644 (file)
--- a/login-utils/Makemodule.am
+++ b/login-utils/Makemodule.am
@@ -62,6 +62,8 @@ dist_man_MANS += \
 chfn_chsh_sources = \
        login-utils/islocal.c \
        login-utils/islocal.h \
+       login-utils/auth.c \
+       login-utils/auth.h \
        login-utils/setpwnam.c \
        login-utils/setpwnam.h
 chfn_chsh_cflags = $(SUID_CFLAGS) $(AM_CFLAGS)

diff --git a/login-utils/auth.c b/login-utils/auth.c
new file mode 100644 (file)
index 0000000..373bd22
--- /dev/null
+++ b/login-utils/auth.c
@@ -0,0 +1,47 @@
+/*
+ *   auth.c -- PAM authorization code, common between chsh and chfn
+ *   (c) 2012 by Cody Maloney <cmaloney@theoreticalchaos.com>
+ *
+ *   this program is free software.  you can redistribute it and
+ *   modify it under the terms of the gnu general public license.
+ *   there is no warranty.
+ *
+ */
+
+#include "auth.h"
+
+#include "pamfail.h"
+
+int auth_pam(const char *service_name, uid_t uid, const char *username) {
+#ifdef REQUIRE_PASSWORD
+       if (uid != 0) {
+               pam_handle_t *pamh = NULL;
+               struct pam_conv conv = { misc_conv, NULL };
+               int retcode;
+
+               retcode = pam_start(service_name, username, &conv, &pamh);
+               if (pam_fail_check(pamh, retcode))
+                       return FALSE;
+
+               retcode = pam_authenticate(pamh, 0);
+               if (pam_fail_check(pamh, retcode))
+                       return FALSE;
+
+               retcode = pam_acct_mgmt(pamh, 0);
+               if (retcode == PAM_NEW_AUTHTOK_REQD)
+                       retcode =
+                           pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+               if (pam_fail_check(pamh, retcode))
+                       return FALSE;
+
+               retcode = pam_setcred(pamh, 0);
+               if (pam_fail_check(pamh, retcode))
+                       return FALSE;
+
+               pam_end(pamh, 0);
+               /* no need to establish a session; this isn't a
+                * session-oriented activity...  */
+       }
+       return TRUE;
+#endif /* REQUIRE_PASSWORD */
+}

diff --git a/login-utils/auth.h b/login-utils/auth.h
new file mode 100644 (file)
index 0000000..bf7c369
--- /dev/null
+++ b/login-utils/auth.h
@@ -0,0 +1,13 @@
+/*
+ *   auth.h -- PAM authorization code, common between chsh and chfn
+ *   (c) 2012 by Cody Maloney <cmaloney@theoreticalchaos.com>
+ *
+ *   this program is free software.  you can redistribute it and
+ *   modify it under the terms of the gnu general public license.
+ *   there is no warranty.
+ *
+ */
+
+#include <sys/types.h>
+
+extern int auth_pam(const char *service_name, uid_t uid, const char *username);

diff --git a/login-utils/chfn.c b/login-utils/chfn.c
index b240ec72560036aa32b27241c769e9689ff2b84c..7c9af84031d36c50d5c5dc9b10c8aef449a88044 100644 (file)
--- a/login-utils/chfn.c
+++ b/login-utils/chfn.c
@@ -31,12 +31,12 @@
 #include <sys/types.h>
 #include <unistd.h>
 
+#include "auth.h"
 #include "c.h"
 #include "env.h"
 #include "closestream.h"
 #include "islocal.h"
 #include "nls.h"
-#include "pamfail.h"
 #include "setpwnam.h"
 #include "strutils.h"
 #include "xalloc.h"
@@ -157,36 +157,9 @@ int main(int argc, char **argv)
 
        printf(_("Changing finger information for %s.\n"), oldf.username);
 
-#ifdef REQUIRE_PASSWORD
-       if (uid != 0) {
-               pam_handle_t *pamh = NULL;
-               struct pam_conv conv = { misc_conv, NULL };
-               int retcode;
-
-               retcode = pam_start("chfn", oldf.username, &conv, &pamh);
-               if (pam_fail_check(pamh, retcode))
-                       return EXIT_FAILURE;
-
-               retcode = pam_authenticate(pamh, 0);
-               if (pam_fail_check(pamh, retcode))
-                       return EXIT_FAILURE;
-
-               retcode = pam_acct_mgmt(pamh, 0);
-               if (retcode == PAM_NEW_AUTHTOK_REQD)
-                       retcode =
-                           pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
-               if (pam_fail_check(pamh, retcode))
-                       return EXIT_FAILURE;
-
-               retcode = pam_setcred(pamh, 0);
-               if (pam_fail_check(pamh, retcode))
-                       return EXIT_FAILURE;
-
-               pam_end(pamh, 0);
-               /* no need to establish a session; this isn't a
-                * session-oriented activity...  */
+       if(!auth_pam("chfn", uid, oldf.username)) {
+               return EXIT_FAILURE;
        }
-#endif /* REQUIRE_PASSWORD */
 
        if (interactive)
                ask_info(&oldf, &newf);

diff --git a/login-utils/chsh.c b/login-utils/chsh.c
index f83b0571d0e402d384a4c008ee18357785843627..7d3963fc0d9244f3476f15f01ef0cdd0e24d5c83 100644 (file)
--- a/login-utils/chsh.c
+++ b/login-utils/chsh.c
@@ -32,12 +32,12 @@
 #include <sys/types.h>
 #include <unistd.h>
 
+#include "auth.h"
 #include "c.h"
 #include "env.h"
 #include "closestream.h"
 #include "islocal.h"
 #include "nls.h"
-#include "pamfail.h"
 #include "pathnames.h"
 #include "setpwnam.h"
 #include "xalloc.h"
@@ -147,36 +147,9 @@ int main(int argc, char **argv)
 
        printf(_("Changing shell for %s.\n"), pw->pw_name);
 
-#ifdef REQUIRE_PASSWORD
-       if (uid != 0) {
-               pam_handle_t *pamh = NULL;
-               struct pam_conv conv = { misc_conv, NULL };
-               int retcode;
-
-               retcode = pam_start("chsh", pw->pw_name, &conv, &pamh);
-               if (pam_fail_check(pamh, retcode))
-                       return EXIT_FAILURE;
-
-               retcode = pam_authenticate(pamh, 0);
-               if (pam_fail_check(pamh, retcode))
-                       return EXIT_FAILURE;
-
-               retcode = pam_acct_mgmt(pamh, 0);
-               if (retcode == PAM_NEW_AUTHTOK_REQD)
-                       retcode =
-                           pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
-               if (pam_fail_check(pamh, retcode))
-                       return EXIT_FAILURE;
-
-               retcode = pam_setcred(pamh, 0);
-               if (pam_fail_check(pamh, retcode))
-                       return EXIT_FAILURE;
-
-               pam_end(pamh, 0);
-               /* no need to establish a session; this isn't a
-                * session-oriented activity...  */
+       if(!auth_pam("chsh", uid, pw->pw_name)) {
+               return EXIT_FAILURE;
        }
-#endif /* REQUIRE_PASSWORD */
 
        if (!shell) {
                shell = prompt(_("New shell"), oldshell);