summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorYu Watanabe <watanabe.yu+github@gmail.com>2024-01-04 15:28:34 +0100
committerGitHub <noreply@github.com>2024-01-04 15:28:34 +0100
commit4855d82348388c85657fc06ba9271a03a8ebb259 (patch)
tree0a8bf0eab8c550223ffc0caabe80378133a91e83 /src
parenthomed: when empty username is passed to bus calls, operate on client's UID (diff)
parentpam_systemd_home: port over to pam_get_item_many() (diff)
downloadsystemd-4855d82348388c85657fc06ba9271a03a8ebb259.tar.xz
systemd-4855d82348388c85657fc06ba9271a03a8ebb259.zip
Merge pull request #30739 from poettering/pam-util-many
pam-util: add pam_get_item_many() to shorten some code
Diffstat (limited to 'src')
-rw-r--r--src/home/pam_systemd_home.c13
-rw-r--r--src/login/pam_systemd.c32
-rw-r--r--src/shared/pam-util.c24
-rw-r--r--src/shared/pam-util.h4
4 files changed, 46 insertions, 27 deletions
diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c
index ba8d8f6054..30f624b6e2 100644
--- a/src/home/pam_systemd_home.c
+++ b/src/home/pam_systemd_home.c
@@ -969,13 +969,12 @@ _public_ PAM_EXTERN int pam_sm_chauthtok(
return r;
/* Start with cached credentials */
- r = pam_get_item(handle, PAM_OLDAUTHTOK, (const void**) &old_password);
- if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS))
- return pam_syslog_pam_error(handle, LOG_ERR, r, "Failed to get old password: @PAMERR@");
-
- r = pam_get_item(handle, PAM_AUTHTOK, (const void**) &new_password);
- if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS))
- return pam_syslog_pam_error(handle, LOG_ERR, r, "Failed to get cached password: @PAMERR@");
+ r = pam_get_item_many(
+ handle,
+ PAM_OLDAUTHTOK, &old_password,
+ PAM_AUTHTOK, &new_password);
+ if (r != PAM_SUCCESS)
+ return pam_syslog_pam_error(handle, LOG_ERR, r, "Failed to get cached passwords: @PAMERR@");
if (isempty(new_password)) {
/* No, it's not cached, then let's ask for the password and its verification, and cache
diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
index 4d391ffaff..20ec5530d9 100644
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -926,15 +926,20 @@ _public_ PAM_EXTERN int pam_sm_open_session(
if (!logind_running())
goto success;
- /* Make sure we don't enter a loop by talking to
- * systemd-logind when it is actually waiting for the
- * background to finish start-up. If the service is
- * "systemd-user" we simply set XDG_RUNTIME_DIR and
+ r = pam_get_item_many(
+ handle,
+ PAM_SERVICE, &service,
+ PAM_XDISPLAY, &display,
+ PAM_TTY, &tty,
+ PAM_RUSER, &remote_user,
+ PAM_RHOST, &remote_host);
+ if (r != PAM_SUCCESS)
+ return pam_syslog_pam_error(handle, LOG_ERR, r, "Failed to get PAM items: @PAMERR@");
+
+ /* Make sure we don't enter a loop by talking to systemd-logind when it is actually waiting for the
+ * background to finish start-up. If the service is "systemd-user" we simply set XDG_RUNTIME_DIR and
* leave. */
- r = pam_get_item(handle, PAM_SERVICE, (const void**) &service);
- if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS))
- return pam_syslog_pam_error(handle, LOG_ERR, r, "Failed to get PAM service: @PAMERR@");
if (streq_ptr(service, "systemd-user")) {
char rt[STRLEN("/run/user/") + DECIMAL_STR_MAX(uid_t)];
@@ -948,19 +953,6 @@ _public_ PAM_EXTERN int pam_sm_open_session(
/* Otherwise, we ask logind to create a session for us */
- r = pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
- if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS))
- return pam_syslog_pam_error(handle, LOG_ERR, r, "Failed to get PAM_XDISPLAY: @PAMERR@");
- r = pam_get_item(handle, PAM_TTY, (const void**) &tty);
- if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS))
- return pam_syslog_pam_error(handle, LOG_ERR, r, "Failed to get PAM_TTY: @PAMERR@");
- r = pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
- if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS))
- return pam_syslog_pam_error(handle, LOG_ERR, r, "Failed to get PAM_RUSER: @PAMERR@");
- r = pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
- if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS))
- return pam_syslog_pam_error(handle, LOG_ERR, r, "Failed to get PAM_RHOST: @PAMERR@");
-
seat = getenv_harder(handle, "XDG_SEAT", NULL);
cvtnr = getenv_harder(handle, "XDG_VTNR", NULL);
type = getenv_harder(handle, "XDG_SESSION_TYPE", type_pam);
diff --git a/src/shared/pam-util.c b/src/shared/pam-util.c
index 1057104194..59437ae0bb 100644
--- a/src/shared/pam-util.c
+++ b/src/shared/pam-util.c
@@ -202,3 +202,27 @@ void pam_cleanup_free(pam_handle_t *handle, void *data, int error_status) {
/* A generic destructor for pam_set_data() that just frees the specified data */
free(data);
}
+
+int pam_get_item_many_internal(pam_handle_t *handle, ...) {
+ va_list ap;
+ int r;
+
+ va_start(ap, handle);
+ for (;;) {
+ int item_type = va_arg(ap, int);
+
+ if (item_type <= 0) {
+ r = PAM_SUCCESS;
+ break;
+ }
+
+ const void **value = ASSERT_PTR(va_arg(ap, const void **));
+
+ r = pam_get_item(handle, item_type, value);
+ if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS))
+ break;
+ }
+ va_end(ap);
+
+ return r;
+}
diff --git a/src/shared/pam-util.h b/src/shared/pam-util.h
index 5a05fb71f1..9c40ba2dde 100644
--- a/src/shared/pam-util.h
+++ b/src/shared/pam-util.h
@@ -39,3 +39,7 @@ int pam_acquire_bus_connection(pam_handle_t *handle, const char *module_name, sd
int pam_release_bus_connection(pam_handle_t *handle, const char *module_name);
void pam_cleanup_free(pam_handle_t *handle, void *data, int error_status);
+
+int pam_get_item_many_internal(pam_handle_t *handle, ...);
+
+#define pam_get_item_many(handle, ...) pam_get_item_many_internal(handle, __VA_ARGS__, -1)