diff options
| -rw-r--r-- | Makefile | 5 | ||||
| -rw-r--r-- | src/cerberus.c | 14 | ||||
| -rw-r--r-- | src/cerberus.h | 8 |
3 files changed, 25 insertions, 2 deletions
@@ -48,7 +48,10 @@ VRB_CPPFLAGS = $(foreach D, $(VRB_DEFS), -D'$(D)=$($(D))') -DAUTH=$(auth_$(AUTH) OPTIMISE = -Os CPPFLAGS = $(EXTRA_CPP_FLAGS) $(STR_CPPFLAGS) $(VRB_CPPFLAGS) CFLAGS = -std=gnu99 -Wall -Wextra -LDFLAGS = -lpassphrase +LDFLAGS = +ifneq ($(AUTH),none) +LDFLAGS += -lpassphrase +endif ifeq ($(AUTH),crypt) LDFLAGS += -lcrypt endif diff --git a/src/cerberus.c b/src/cerberus.c index 036a5fd..b1afec5 100644 --- a/src/cerberus.c +++ b/src/cerberus.c @@ -38,10 +38,12 @@ static struct passwd* entry; */ pid_t child_pid = 0; +#if AUTH > 0 /** * The passphrase */ char* passphrase = NULL; +#endif /** @@ -103,11 +105,13 @@ void do_login(int argc, char** argv) #endif + #if AUTH > 0 /* Disable echoing */ passphrase_disable_echo(); /* This should be done as early and quickly as possible so as little as possible of the passphrase gets leaked to the output if the user begins entering the passphrase directly after the username. */ + #endif /* Set process group ID */ @@ -202,8 +206,10 @@ void do_login(int argc, char** argv) #endif secure_tty(tty_group); + #if AUTH > 0 /* Redisable echoing */ passphrase_disable_echo(); + #endif /* Set up clean quiting and time out */ @@ -213,7 +219,9 @@ void do_login(int argc, char** argv) siginterrupt(SIGALRM, 1); siginterrupt(SIGQUIT, 1); siginterrupt(SIGINT, 1); + #if AUTH > 0 alarm(TIMEOUT_SECONDS); + #ednif /* Get user information */ @@ -231,10 +239,13 @@ void do_login(int argc, char** argv) /* Verify passphrase or other token, if -f has not been used */ + #if AUTH > 0 initialise_login(hostname, username, read_passphrase); if ((skip_auth == 0) && authenticate_login()) + #endif printf("(auto-authenticated)\n"); + #if AUTH > 0 /* Passphrase entered, turn off timeout */ alarm(0); @@ -249,6 +260,7 @@ void do_login(int argc, char** argv) /* Reset terminal settings */ passphrase_reenable_echo(); + #endif /* Verify account, such as that it is enabled */ @@ -306,6 +318,7 @@ void do_login(int argc, char** argv) } +#if AUTH > 0 /** * Read passphrase from the terminal * @@ -322,4 +335,5 @@ char* read_passphrase(void) } return passphrase; } +#endif diff --git a/src/cerberus.h b/src/cerberus.h index b82a98d..6be59fc 100644 --- a/src/cerberus.h +++ b/src/cerberus.h @@ -34,11 +34,12 @@ #include <sys/types.h> #include <grp.h> +#if AUTH > 0 #include <passphrase.h> +#endif #include "config.h" -#include "passphrase.h" #include "quit.h" #include "login.h" #include "security.h" @@ -51,7 +52,12 @@ void do_login(int argc, char** argv); + +#if AUTH > 0 char* read_passphrase(void); +#else +#define read_passphrase NULL +#endif #endif |