diff options
| -rw-r--r-- | src/auth/crypt.c | 9 | ||||
| -rw-r--r-- | src/auth/crypt.h | 2 | ||||
| -rw-r--r-- | src/auth/pam.c | 7 | ||||
| -rw-r--r-- | src/auth/pam.h | 2 | ||||
| -rw-r--r-- | src/cerberus.c | 15 |
5 files changed, 23 insertions, 12 deletions
diff --git a/src/auth/crypt.c b/src/auth/crypt.c index cbd082b..ec65fc8 100644 --- a/src/auth/crypt.c +++ b/src/auth/crypt.c @@ -74,7 +74,7 @@ void initialise_crypt(char* remote, char* username, char* (*reader)(void)) /** * Perform token authentication * - * @return Whether the user got automatically authenticated + * @return 0: failed, 1: success, 2: auto-authenticated */ char authenticate_crypt(void) { @@ -111,11 +111,11 @@ char authenticate_crypt(void) #endif if (!(crypted && *crypted)) /* empty means that no passphrase is required (not even Enter) */ - return 1; + return 2; entered = crypt(passphrase_reader(), crypted /* salt argument stops parsing when encrypted begins */); if (entered && !strcmp(entered, crypted)) - return 0; + return 1; /* Clear ISIG (and everything else) to prevent the user * from skipping the brute force protection sleep. */ @@ -124,7 +124,6 @@ char authenticate_crypt(void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stty); printf("Incorrect passphrase\n"); - sleep(FAILURE_SLEEP); - _exit(1); + return 0; } diff --git a/src/auth/crypt.h b/src/auth/crypt.h index 478b138..1ba7717 100644 --- a/src/auth/crypt.h +++ b/src/auth/crypt.h @@ -32,7 +32,7 @@ void initialise_crypt(char* remote, char* username, char* (*reader)(void)); /** * Perform token authentication * - * @return Whether the user got automatically authenticated + * @return 0: failed, 1: success, 2: auto-authenticated */ char authenticate_crypt(void); diff --git a/src/auth/pam.c b/src/auth/pam.c index 0a08343..61ef1fe 100644 --- a/src/auth/pam.c +++ b/src/auth/pam.c @@ -210,7 +210,7 @@ void quit_pam(int sig) /** * Perform token authentication * - * @return Whether the user got automatically authenticated + * @return 0: failed, 1: success, 2: auto-authenticated */ char authenticate_pam(void) { @@ -227,11 +227,10 @@ char authenticate_pam(void) printf("Incorrect passphrase\n"); pam_end(handle, rc); - sleep(FAILURE_SLEEP); - _exit(1); + return 0; } - return auto_authenticated; + return auto_authenticated ? 2 : 1; } diff --git a/src/auth/pam.h b/src/auth/pam.h index 62e2a2f..86bd64f 100644 --- a/src/auth/pam.h +++ b/src/auth/pam.h @@ -47,7 +47,7 @@ void close_session_pam(void); /** * Perform token authentication * - * @return Whether the user got automatically authenticated + * @return 0: failed, 1: success, 2: auto-authenticated */ char authenticate_pam(void); diff --git a/src/cerberus.c b/src/cerberus.c index 9563ede..1479771 100644 --- a/src/cerberus.c +++ b/src/cerberus.c @@ -291,13 +291,26 @@ void do_login(int argc, char** argv) /* Verify passphrase or other token, if -f has not been used */ + ret = 2; #if AUTH == 0 (void) hostname; #else initialise_login(hostname, username, read_passphrase); - if ((skip_auth == 0) && authenticate_login()) + if (skip_auth == 0) + ret = authenticate_login(); #endif + if (ret == 2) printf("(auto-authenticated)\n"); + if (ret == 0) + { + if (fork() == 0) + { + exec_hook(HOOK_DENIED, argc, argv); + _exit(0); + } + sleep(FAILURE_SLEEP); + _exit(1); + } #if AUTH > 0 /* Passphrase entered, turn off timeout */ |