From: Ludwig Nussel <ludwig.nussel@suse.de>
To: util-linux@vger.kernel.org
Cc: Ludwig Nussel <ludwig.nussel@suse.de>
Subject: [PATCH 5/7] replace PAM_BAIL_P macro with better solution
Date: Fri, 1 Jun 2012 14:51:19 +0200 [thread overview]
Message-ID: <1338555081-2061-5-git-send-email-ludwig.nussel@suse.de> (raw)
In-Reply-To: <1338555081-2061-1-git-send-email-ludwig.nussel@suse.de>
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
---
login-utils/su.c | 56 +++++++++++++++++++++++++++---------------------------
1 files changed, 28 insertions(+), 28 deletions(-)
diff --git a/login-utils/su.c b/login-utils/su.c
index cdaf31e..cabf116 100644
--- a/login-utils/su.c
+++ b/login-utils/su.c
@@ -68,6 +68,8 @@ enum
#define PAM_SERVICE_NAME "su"
#define PAM_SERVICE_NAME_L "su-l"
+#define is_pam_failure(_rc) ((_rc) != PAM_SUCCESS)
+
#include "logindefs.h"
/* The shell to run if none is given in the user's passwd entry. */
@@ -148,13 +150,6 @@ static struct pam_conv conv =
NULL
};
-# define PAM_BAIL_P(a) \
- if (retval) \
- { \
- pam_end (pamh, retval); \
- a; \
- }
-
static void
cleanup_pam (int retcode)
{
@@ -199,7 +194,7 @@ create_watching_parent (void)
int retval;
retval = pam_open_session (pamh, 0);
- if (retval != PAM_SUCCESS)
+ if (is_pam_failure(retval))
{
cleanup_pam (retval);
error (EXIT_FAILURE, 0, _("cannot not open session: %s"),
@@ -305,8 +300,8 @@ create_watching_parent (void)
exit (status);
}
-static bool
-correct_password (const struct passwd *pw)
+static void
+authenticate (const struct passwd *pw)
{
const struct passwd *lpw;
const char *cp;
@@ -314,7 +309,8 @@ correct_password (const struct passwd *pw)
retval = pam_start (simulate_login ? PAM_SERVICE_NAME_L : PAM_SERVICE_NAME,
pw->pw_name, &conv, &pamh);
- PAM_BAIL_P (return false);
+ if (is_pam_failure(retval))
+ goto done;
if (isatty (0) && (cp = ttyname (0)) != NULL)
{
@@ -325,7 +321,8 @@ correct_password (const struct passwd *pw)
else
tty = cp;
retval = pam_set_item (pamh, PAM_TTY, tty);
- PAM_BAIL_P (return false);
+ if (is_pam_failure(retval))
+ goto done;
}
# if 0 /* Manpage discourages use of getlogin. */
cp = getlogin ();
@@ -335,20 +332,32 @@ correct_password (const struct passwd *pw)
if (lpw && lpw->pw_name)
{
retval = pam_set_item (pamh, PAM_RUSER, (const void *) lpw->pw_name);
- PAM_BAIL_P (return false);
+ if (is_pam_failure(retval))
+ goto done;
}
+
retval = pam_authenticate (pamh, 0);
- PAM_BAIL_P (return false);
+ if (is_pam_failure(retval))
+ goto done;
+
retval = pam_acct_mgmt (pamh, 0);
if (retval == PAM_NEW_AUTHTOK_REQD)
{
/* Password has expired. Offer option to change it. */
retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
- PAM_BAIL_P (return false);
}
- PAM_BAIL_P (return false);
- /* Must be authenticated if this point was reached. */
- return true;
+
+done:
+
+ log_su (pw, !is_pam_failure(retval));
+
+ if (is_pam_failure(retval))
+ {
+ const char *msg = pam_strerror(pamh, retval);
+ pam_end(pamh, retval);
+ sleep (getlogindefs_num ("FAIL_DELAY", 1));
+ error (EXIT_FAILURE, 0, "%s", msg?msg:_("incorrect password"));
+ }
}
/* Add or clear /sbin and /usr/sbin for the su command
@@ -760,16 +769,7 @@ main (int argc, char **argv)
: DEFAULT_SHELL);
endpwent ();
- if (!correct_password (pw))
- {
- log_su (pw, false);
- sleep (getlogindefs_num ("FAIL_DELAY", 1));
- error (EXIT_FAILURE, 0, _("incorrect password"));
- }
- else
- {
- log_su (pw, true);
- }
+ authenticate (pw);
if (request_same_session || !command || !pw->pw_uid)
same_session = 1;
--
1.7.7
next prev parent reply other threads:[~2012-06-01 12:51 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-01 12:51 [PATCH 1/7] don't use custom MAX macro Ludwig Nussel
2012-06-01 12:51 ` [PATCH 2/7] use EXIT_FAILURE consistently Ludwig Nussel
2012-06-01 12:51 ` [PATCH 3/7] use ENV_PATH resp ENV_SUPATH to be consistent with login Ludwig Nussel
2012-06-01 12:51 ` [PATCH 4/7] introduce xsetenv globally Ludwig Nussel
2012-06-05 13:27 ` Karel Zak
2012-06-01 12:51 ` Ludwig Nussel [this message]
2012-06-01 12:51 ` [PATCH 6/7] remove unused code Ludwig Nussel
2012-06-01 12:51 ` [PATCH 7/7] use BSD err function instead of gnu's error() Ludwig Nussel
2012-06-05 13:27 ` [PATCH 1/7] don't use custom MAX macro Karel Zak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1338555081-2061-5-git-send-email-ludwig.nussel@suse.de \
--to=ludwig.nussel@suse.de \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).