From 18fc4505d37816de7e011e09c25d2b1f54d83192 Mon Sep 17 00:00:00 2001 From: nekral-guest Date: Sat, 6 Sep 2008 13:28:02 +0000 Subject: [PATCH] * src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c, src/chsh.c: Simplify the PAM error handling. Do not keep the pamh handle, but terminate the PAM transaction as soon as possible if there are no PAM session opened. --- ChangeLog | 9 +++++++++ src/chage.c | 35 +++++------------------------------ src/chfn.c | 31 +++++++++---------------------- src/chgpasswd.c | 19 ++++++------------- src/chpasswd.c | 19 ++++++------------- src/chsh.c | 18 +++++------------- src/groupadd.c | 44 +++++++++++--------------------------------- src/groupdel.c | 14 ++++---------- src/groupmems.c | 6 ++++-- src/groupmod.c | 15 +++++---------- src/newusers.c | 19 ++++++------------- src/useradd.c | 12 ++++-------- src/userdel.c | 11 ++++------- src/usermod.c | 12 ++++-------- 14 files changed, 82 insertions(+), 182 deletions(-) diff --git a/ChangeLog b/ChangeLog index b1cdb280..1d317ad0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2008-09-06 Nicolas François + + * src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c, + src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c, + src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c, + src/chsh.c: Simplify the PAM error handling. Do not keep the pamh + handle, but terminate the PAM transaction as soon as possible if + there are no PAM session opened. + 2008-09-06 Nicolas François * src/newgrp.c, src/userdel.c, src/grpck.c, src/gpasswd.c, diff --git a/src/chage.c b/src/chage.c index 43fa925c..5766e0ab 100644 --- a/src/chage.c +++ b/src/chage.c @@ -83,10 +83,6 @@ static long warndays; static long inactdays; static long expdays; -#ifdef USE_PAM -static pam_handle_t *pamh = NULL; -#endif - #define EPOCH "1969-12-31" /* local function prototypes */ @@ -132,16 +128,6 @@ static void fail_exit (int code) } #endif -#ifdef USE_PAM - if (NULL != pamh) { - /* If there is a PAM error, pam_end will be called by the - * caller. - * We always end the pam transaction with PAM_SUCCESS here. - */ - (void) pam_end (pamh, PAM_SUCCESS); - } -#endif - exit (code); } @@ -499,6 +485,7 @@ static void check_flags (int argc, int opt_index) static void check_perms (void) { #ifdef USE_PAM + pam_handle_t *pamh = NULL; struct passwd *pampw; int retval; #endif @@ -515,34 +502,26 @@ static void check_perms (void) } #ifdef USE_PAM - retval = PAM_SUCCESS; - pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ if (NULL == pampw) { retval = PAM_USER_UNKNOWN; - } - - if (PAM_SUCCESS == retval) { + } else { retval = pam_start ("chage", pampw->pw_name, &conv, &pamh); } if (PAM_SUCCESS == retval) { retval = pam_authenticate (pamh, 0); - if (PAM_SUCCESS != retval) { - (void) pam_end (pamh, retval); - } } if (PAM_SUCCESS == retval) { retval = pam_acct_mgmt (pamh, 0); - if (PAM_SUCCESS != retval) { - (void) pam_end (pamh, retval); - } } + if (NULL != pamh) { + (void) pam_end (pamh, retval); + } if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); - pamh = NULL; fail_exit (E_NOPERM); } #endif /* USE_PAM */ @@ -912,10 +891,6 @@ int main (int argc, char **argv) SYSLOG ((LOG_INFO, "changed password expiry for %s", user_name)); -#ifdef USE_PAM - (void) pam_end (pamh, PAM_SUCCESS); -#endif /* USE_PAM */ - closelog (); exit (E_SUCCESS); } diff --git a/src/chfn.c b/src/chfn.c index 9f0f60c0..0137a9cf 100644 --- a/src/chfn.c +++ b/src/chfn.c @@ -69,9 +69,6 @@ static bool rflg = false; /* -r - set room number */ static bool wflg = false; /* -w - set work phone number */ static bool hflg = false; /* -h - set home phone number */ static bool oflg = false; /* -o - set other information */ -#ifdef USE_PAM -static pam_handle_t *pamh = NULL; -#endif static bool pw_locked = false; /* @@ -338,6 +335,7 @@ static void process_flags (int argc, char **argv) static void check_perms (const struct passwd *pw) { #ifdef USE_PAM + pam_handle_t *pamh = NULL; int retval; struct passwd *pampw; #endif @@ -377,32 +375,25 @@ static void check_perms (const struct passwd *pw) } #else /* !USE_PAM */ - retval = PAM_SUCCESS; - pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ - if (pampw == NULL) { + if (NULL == pampw) { retval = PAM_USER_UNKNOWN; - } - - if (retval == PAM_SUCCESS) { + } else { retval = pam_start ("chfn", pampw->pw_name, &conv, &pamh); } - if (retval == PAM_SUCCESS) { + if (PAM_SUCCESS == retval) { retval = pam_authenticate (pamh, 0); - if (retval != PAM_SUCCESS) { - pam_end (pamh, retval); - } } - if (retval == PAM_SUCCESS) { + if (PAM_SUCCESS == retval) { retval = pam_acct_mgmt (pamh, 0); - if (retval != PAM_SUCCESS) { - pam_end (pamh, retval); - } } - if (retval != PAM_SUCCESS) { + if (NULL != pamh) { + (void) pam_end (pamh, retval); + } + if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); exit (E_NOPERM); } @@ -725,10 +716,6 @@ int main (int argc, char **argv) nscd_flush_cache ("passwd"); -#ifdef USE_PAM - (void) pam_end (pamh, PAM_SUCCESS); -#endif /* USE_PAM */ - closelog (); exit (E_SUCCESS); } diff --git a/src/chgpasswd.c b/src/chgpasswd.c index 9262d19b..aaa39e1c 100644 --- a/src/chgpasswd.c +++ b/src/chgpasswd.c @@ -68,10 +68,6 @@ static bool sgr_locked = false; #endif static bool gr_locked = false; -#ifdef USE_PAM -static pam_handle_t *pamh = NULL; -#endif - /* local function prototypes */ static void fail_exit (int code); static void usage (void); @@ -251,15 +247,14 @@ static void check_flags (void) static void check_perms (void) { #ifdef USE_PAM - int retval = PAM_SUCCESS; + pam_handle_t *pamh = NULL; + int retval; struct passwd *pampw; pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ if (NULL == pampw) { retval = PAM_USER_UNKNOWN; - } - - if (PAM_SUCCESS == retval) { + } else { retval = pam_start ("chgpasswd", pampw->pw_name, &conv, &pamh); } @@ -271,8 +266,10 @@ static void check_perms (void) retval = pam_acct_mgmt (pamh, 0); } - if (PAM_SUCCESS != retval) { + if (NULL != pamh) { (void) pam_end (pamh, retval); + } + if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); exit (1); } @@ -528,10 +525,6 @@ int main (int argc, char **argv) nscd_flush_cache ("group"); -#ifdef USE_PAM - (void) pam_end (pamh, PAM_SUCCESS); -#endif /* USE_PAM */ - return (0); } diff --git a/src/chpasswd.c b/src/chpasswd.c index 723bdfcc..99093ffa 100644 --- a/src/chpasswd.c +++ b/src/chpasswd.c @@ -64,10 +64,6 @@ static bool is_shadow_pwd; static bool pw_locked = false; static bool spw_locked = false; -#ifdef USE_PAM -static pam_handle_t *pamh = NULL; -#endif - /* local function prototypes */ static void fail_exit (int code); static void usage (void); @@ -245,15 +241,14 @@ static void check_flags (void) static void check_perms (void) { #ifdef USE_PAM - int retval = PAM_SUCCESS; + pam_handle_t *pamh = NULL; + int retval; struct passwd *pampw; pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ if (NULL == pampw) { retval = PAM_USER_UNKNOWN; - } - - if (PAM_SUCCESS == retval) { + } else { retval = pam_start ("chpasswd", pampw->pw_name, &conv, &pamh); } @@ -265,8 +260,10 @@ static void check_perms (void) retval = pam_acct_mgmt (pamh, 0); } - if (PAM_SUCCESS != retval) { + if (NULL != pamh) { (void) pam_end (pamh, retval); + } + if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); exit (1); } @@ -513,10 +510,6 @@ int main (int argc, char **argv) nscd_flush_cache ("passwd"); -#ifdef USE_PAM - (void) pam_end (pamh, PAM_SUCCESS); -#endif /* USE_PAM */ - return (0); } diff --git a/src/chsh.c b/src/chsh.c index 7b64017f..269b7a15 100644 --- a/src/chsh.c +++ b/src/chsh.c @@ -64,9 +64,6 @@ static bool amroot; /* Real UID is root */ static char loginsh[BUFSIZ]; /* Name of new login shell */ /* command line options */ static bool sflg = false; /* -s - set shell from command line */ -#ifdef USE_PAM -static pam_handle_t *pamh = NULL; -#endif static bool pw_locked = false; /* external identifiers */ @@ -251,6 +248,7 @@ static void process_flags (int argc, char **argv) static void check_perms (const struct passwd *pw) { #ifdef USE_PAM + pam_handle_t *pamh = NULL; int retval; struct passwd *pampw; #endif @@ -306,14 +304,10 @@ static void check_perms (const struct passwd *pw) } #else /* !USE_PAM */ - retval = PAM_SUCCESS; - pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ if (NULL == pampw) { retval = PAM_USER_UNKNOWN; - } - - if (PAM_SUCCESS == retval) { + } else { retval = pam_start ("chsh", pampw->pw_name, &conv, &pamh); } @@ -325,8 +319,10 @@ static void check_perms (const struct passwd *pw) retval = pam_acct_mgmt (pamh, 0); } - if (PAM_SUCCESS != retval) { + if (NULL != pamh) { (void) pam_end (pamh, retval); + } + if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); exit (E_NOPERM); } @@ -544,10 +540,6 @@ int main (int argc, char **argv) nscd_flush_cache ("passwd"); -#ifdef USE_PAM - (void) pam_end (pamh, PAM_SUCCESS); -#endif /* USE_PAM */ - closelog (); exit (E_SUCCESS); } diff --git a/src/groupadd.c b/src/groupadd.c index d509ee70..f6ff4079 100644 --- a/src/groupadd.c +++ b/src/groupadd.c @@ -87,11 +87,6 @@ static bool sgr_locked = false; #endif static bool gr_locked = false; - -#ifdef USE_PAM -static pam_handle_t *pamh = NULL; -#endif - /* local function prototypes */ static void usage (void); static void new_grent (struct group *grent); @@ -400,14 +395,6 @@ static void fail_exit (int code) } #endif -#ifdef USE_PAM - if (NULL != pamh) { - /* If there is a PAM error, fail_exit is not called. - * We always end the pam transaction with PAM_SUCCESS here. - */ - (void) pam_end (pamh, PAM_SUCCESS); - } -#endif exit (code); } @@ -579,34 +566,29 @@ static void check_flags (void) static void check_perms (void) { #ifdef USE_PAM - int retval = PAM_SUCCESS; + pam_handle_t *pamh = NULL; + int retval; struct passwd *pampw; pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ - if (pampw == NULL) { + if (NULL == pampw) { retval = PAM_USER_UNKNOWN; + } else { + retval = pam_start ("groupadd", pampw->pw_name, &conv, &pamh); } - if (retval == PAM_SUCCESS) { - retval = pam_start ("groupadd", pampw->pw_name, - &conv, &pamh); - } - - if (retval == PAM_SUCCESS) { + if (PAM_SUCCESS == retval) { retval = pam_authenticate (pamh, 0); - if (retval != PAM_SUCCESS) { - (void) pam_end (pamh, retval); - } } - if (retval == PAM_SUCCESS) { + if (PAM_SUCCESS == retval) { retval = pam_acct_mgmt (pamh, 0); - if (retval != PAM_SUCCESS) { - (void) pam_end (pamh, retval); - } } - if (retval != PAM_SUCCESS) { + if (NULL != pamh) { + (void) pam_end (pamh, retval); + } + if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); exit (1); } @@ -661,10 +643,6 @@ int main (int argc, char **argv) nscd_flush_cache ("group"); -#ifdef USE_PAM - (void) pam_end (pamh, PAM_SUCCESS); -#endif /* USE_PAM */ - exit (E_SUCCESS); /* NOT REACHED */ } diff --git a/src/groupdel.c b/src/groupdel.c index 792450e0..1981ab19 100644 --- a/src/groupdel.c +++ b/src/groupdel.c @@ -337,16 +337,12 @@ int main (int argc, char **argv) OPENLOG ("groupdel"); #ifdef USE_PAM - retval = PAM_SUCCESS; - { struct passwd *pampw; pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ if (pampw == NULL) { retval = PAM_USER_UNKNOWN; - } - - if (PAM_SUCCESS == retval) { + } else { retval = pam_start ("groupdel", pampw->pw_name, &conv, &pamh); } @@ -360,8 +356,10 @@ int main (int argc, char **argv) retval = pam_acct_mgmt (pamh, 0); } - if (PAM_SUCCESS != retval) { + if (NULL != pamh) { (void) pam_end (pamh, retval); + } + if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); exit (1); } @@ -435,10 +433,6 @@ int main (int argc, char **argv) nscd_flush_cache ("group"); -#ifdef USE_PAM - (void) pam_end (pamh, PAM_SUCCESS); -#endif /* USE_PAM */ - return E_SUCCESS; } diff --git a/src/groupmems.c b/src/groupmems.c index e5ce73d0..abfc25bc 100644 --- a/src/groupmems.c +++ b/src/groupmems.c @@ -440,7 +440,7 @@ static void check_perms (void) if (!list) { #ifdef USE_PAM pam_handle_t *pamh = NULL; - int retval = PAM_SUCCESS; + int retval; struct passwd *pampw; pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ @@ -459,7 +459,9 @@ static void check_perms (void) retval = pam_acct_mgmt (pamh, 0); } - (void) pam_end (pamh, retval); + if (NULL != pamh) { + (void) pam_end (pamh, retval); + } if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); fail_exit (1); diff --git a/src/groupmod.c b/src/groupmod.c index 3d536dbf..6d09d2b6 100644 --- a/src/groupmod.c +++ b/src/groupmod.c @@ -702,16 +702,12 @@ int main (int argc, char **argv) OPENLOG ("groupmod"); #ifdef USE_PAM - retval = PAM_SUCCESS; - { struct passwd *pampw; pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ - if (pampw == NULL) { + if (NULL == pamh) { retval = PAM_USER_UNKNOWN; - } - - if (PAM_SUCCESS == retval) { + } else { retval = pam_start ("groupmod", pampw->pw_name, &conv, &pamh); } @@ -725,8 +721,10 @@ int main (int argc, char **argv) retval = pam_acct_mgmt (pamh, 0); } - if (PAM_SUCCESS != retval) { + if (NULL != pamh) { (void) pam_end (pamh, retval); + } + if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); fail_exit (1); } @@ -810,9 +808,6 @@ int main (int argc, char **argv) nscd_flush_cache ("group"); -#ifdef USE_PAM - (void) pam_end (pamh, PAM_SUCCESS); -#endif /* USE_PAM */ exit (E_SUCCESS); /* NOT REACHED */ } diff --git a/src/newusers.c b/src/newusers.c index 45099690..e30a159b 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -83,10 +83,6 @@ static bool pw_locked = false; static bool gr_locked = false; static bool spw_locked = false; -#ifdef USE_PAM -static pam_handle_t *pamh = NULL; -#endif - /* local function prototypes */ static void usage (void); static void fail_exit (int); @@ -566,15 +562,14 @@ static void check_flags (void) static void check_perms (void) { #ifdef USE_PAM - int retval = PAM_SUCCESS; + pam_handle_t *pamh = NULL; + int retval; struct passwd *pampw; pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ if (NULL == pampw) { retval = PAM_USER_UNKNOWN; - } - - if (PAM_SUCCESS == retval) { + } else { retval = pam_start ("newusers", pampw->pw_name, &conv, &pamh); } @@ -586,8 +581,10 @@ static void check_perms (void) retval = pam_acct_mgmt (pamh, 0); } - if (PAM_SUCCESS != retval) { + if (NULL != pamh) { (void) pam_end (pamh, retval); + } + if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); fail_exit (1); } @@ -945,10 +942,6 @@ int main (int argc, char **argv) nscd_flush_cache ("passwd"); nscd_flush_cache ("group"); -#ifdef USE_PAM - (void) pam_end (pamh, PAM_SUCCESS); -#endif /* USE_PAM */ - return 0; } diff --git a/src/useradd.c b/src/useradd.c index e3efcb7e..40421c39 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -1793,9 +1793,7 @@ int main (int argc, char **argv) pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ if (pampw == NULL) { retval = PAM_USER_UNKNOWN; - } - - if (PAM_SUCCESS == retval) { + } else { retval = pam_start ("useradd", pampw->pw_name, &conv, &pamh); } @@ -1809,8 +1807,10 @@ int main (int argc, char **argv) retval = pam_acct_mgmt (pamh, 0); } - if (PAM_SUCCESS != retval) { + if (NULL != pamh) { (void) pam_end (pamh, retval); + } + if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); fail_exit (1); } @@ -1952,10 +1952,6 @@ int main (int argc, char **argv) nscd_flush_cache ("passwd"); nscd_flush_cache ("group"); -#ifdef USE_PAM - (void) pam_end (pamh, PAM_SUCCESS); -#endif /* USE_PAM */ - return E_SUCCESS; } diff --git a/src/userdel.c b/src/userdel.c index 3a8862db..13dc8cac 100644 --- a/src/userdel.c +++ b/src/userdel.c @@ -838,9 +838,7 @@ int main (int argc, char **argv) pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ if (pampw == NULL) { retval = PAM_USER_UNKNOWN; - } - - if (retval == PAM_SUCCESS) { + } else { retval = pam_start ("userdel", pampw->pw_name, &conv, &pamh); } @@ -854,8 +852,10 @@ int main (int argc, char **argv) retval = pam_acct_mgmt (pamh, 0); } - if (PAM_SUCCESS != retval) { + if (NULL != pamh) { (void) pam_end (pamh, retval); + } + if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); exit (E_PW_UPDATE); } @@ -1000,9 +1000,6 @@ int main (int argc, char **argv) nscd_flush_cache ("passwd"); nscd_flush_cache ("group"); -#ifdef USE_PAM - (void) pam_end (pamh, PAM_SUCCESS); -#endif /* USE_PAM */ exit ((0 != errors) ? E_HOMEDIR : E_SUCCESS); /* NOT REACHED */ } diff --git a/src/usermod.c b/src/usermod.c index ca1a7688..1ca0afd3 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -1659,9 +1659,7 @@ int main (int argc, char **argv) pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ if (pampw == NULL) { retval = PAM_USER_UNKNOWN; - } - - if (PAM_SUCCESS == retval) { + } else { retval = pam_start ("usermod", pampw->pw_name, &conv, &pamh); } @@ -1675,8 +1673,10 @@ int main (int argc, char **argv) retval = pam_acct_mgmt (pamh, 0); } - if (PAM_SUCCESS != retval) { + if (NULL != pamh) { (void) pam_end (pamh, retval); + } + if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); exit (1); } @@ -1722,10 +1722,6 @@ int main (int argc, char **argv) user_gid, gflg ? user_newgid : user_gid); } -#ifdef USE_PAM - (void) pam_end (pamh, PAM_SUCCESS); -#endif /* USE_PAM */ - exit (E_SUCCESS); /* NOT REACHED */ }