diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 02:42:50 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 02:42:50 +0000 |
commit | 8cb83eee5a58b1fad74c34094ce3afb9e430b5a4 (patch) | |
tree | a9b2e7baeca1be40eb734371e3c8b11b02294497 /login-utils/auth.c | |
parent | Initial commit. (diff) | |
download | util-linux-upstream/2.33.1.tar.xz util-linux-upstream/2.33.1.zip |
Adding upstream version 2.33.1.upstream/2.33.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'login-utils/auth.c')
-rw-r--r-- | login-utils/auth.c | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/login-utils/auth.c b/login-utils/auth.c new file mode 100644 index 0000000..fdeb12b --- /dev/null +++ b/login-utils/auth.c @@ -0,0 +1,65 @@ +/* + * auth.c -- PAM authorization code, common between chsh and chfn + * (c) 2012 by Cody Maloney <cmaloney@theoreticalchaos.com> + * + * this program is free software. you can redistribute it and + * modify it under the terms of the gnu general public license. + * there is no warranty. + * + */ + +#include <security/pam_appl.h> +#ifdef HAVE_SECURITY_PAM_MISC_H +# include <security/pam_misc.h> +#elif defined(HAVE_SECURITY_OPENPAM_H) +# include <security/openpam.h> +#endif + +#include "c.h" +#include "auth.h" + +static int pam_fail_check(pam_handle_t *pamh, int retcode) +{ + if (retcode == PAM_SUCCESS) + return 0; + warnx("%s", pam_strerror(pamh, retcode)); + pam_end(pamh, retcode); + return 1; +} + +int auth_pam(const char *service_name, uid_t uid, const char *username) +{ + if (uid != 0) { + pam_handle_t *pamh = NULL; +#ifdef HAVE_SECURITY_PAM_MISC_H + struct pam_conv conv = { misc_conv, NULL }; +#elif defined(HAVE_SECURITY_OPENPAM_H) + struct pam_conv conv = { openpam_ttyconv, NULL }; +#endif + int retcode; + + retcode = pam_start(service_name, username, &conv, &pamh); + if (pam_fail_check(pamh, retcode)) + return FALSE; + + retcode = pam_authenticate(pamh, 0); + if (pam_fail_check(pamh, retcode)) + return FALSE; + + retcode = pam_acct_mgmt(pamh, 0); + if (retcode == PAM_NEW_AUTHTOK_REQD) + retcode = + pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); + if (pam_fail_check(pamh, retcode)) + return FALSE; + + retcode = pam_setcred(pamh, 0); + if (pam_fail_check(pamh, retcode)) + return FALSE; + + pam_end(pamh, 0); + /* no need to establish a session; this isn't a + * session-oriented activity... */ + } + return TRUE; +} |