diff options
| author | Mattias Andrée <maandree@operamail.com> | 2015-03-24 13:01:02 +0100 |
|---|---|---|
| committer | Mattias Andrée <maandree@operamail.com> | 2015-03-24 13:01:02 +0100 |
| commit | 1cbeacd77bfdcecd434a846032896f5bcea4fb33 (patch) | |
| tree | 7d254b23a8c6484a42b729799c20ba86ceaa1c12 /src/cerberus.c | |
| parent | m (diff) | |
| download | cerberus-1cbeacd77bfdcecd434a846032896f5bcea4fb33.tar.gz cerberus-1cbeacd77bfdcecd434a846032896f5bcea4fb33.tar.bz2 cerberus-1cbeacd77bfdcecd434a846032896f5bcea4fb33.tar.xz | |
add verify hook so securetty can be supported1427201094
Signed-off-by: Mattias Andrée <maandree@operamail.com>
Diffstat (limited to 'src/cerberus.c')
| -rw-r--r-- | src/cerberus.c | 30 |
1 files changed, 21 insertions, 9 deletions
diff --git a/src/cerberus.c b/src/cerberus.c index 617aad9..a5be25c 100644 --- a/src/cerberus.c +++ b/src/cerberus.c @@ -25,6 +25,7 @@ #define HOOK_LOGIN 0 #define HOOK_LOGOUT 1 #define HOOK_DENIED 2 +#define HOOK_VERIFY 3 @@ -115,6 +116,7 @@ void exec_hook(int hook, int argc, char** argv) [HOOK_LOGIN] = "login", [HOOK_LOGOUT] = "logout", [HOOK_DENIED] = "denied", + [HOOK_VERIFY] = "verify", }; char** args; int i; @@ -139,32 +141,34 @@ void exec_hook(int hook, int argc, char** argv) /** * Fork-exec-wait /etc/cerberusrc * - * @param hook The ID of the hook to run - * @param argc The number of command line arguments - * @param argv The command line arguments + * @param hook The ID of the hook to run + * @param argc The number of command line arguments + * @param argv The command line arguments + * @return The exit value of the hook */ -void fork_exec_wait_hook(int hook, int argc, char** argv) +int fork_exec_wait_hook(int hook, int argc, char** argv) { pid_t pid, reaped; + int status; pid = fork(); if (pid == -1) - return; + return -1; if (pid == 0) { close(STDIN_FILENO); exec_hook(hook, argc, argv); - _exit(1); + _exit(138); } for (;;) { - reaped = wait(NULL); + reaped = wait(&status); if (reaped == -1) { perror("wait"); - return; + return -1; } if (reaped == pid) - return; + return status == 138 ? -1 : status; } } @@ -261,6 +265,14 @@ void do_login(int argc, char** argv) } + /* Verify that the user may login */ + if (fork_exec_wait_hook(HOOK_VERIFY, argc, argv) == 1) + { + sleep(ERROR_SLEEP); + _exit(2); + } + + if (skip_auth) { /* Reset terminal settings */ |