aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/auth/crypt.c9
-rw-r--r--src/auth/crypt.h2
-rw-r--r--src/auth/pam.c7
-rw-r--r--src/auth/pam.h2
-rw-r--r--src/cerberus.c15
5 files changed, 23 insertions, 12 deletions
diff --git a/src/auth/crypt.c b/src/auth/crypt.c
index cbd082b..ec65fc8 100644
--- a/src/auth/crypt.c
+++ b/src/auth/crypt.c
@@ -74,7 +74,7 @@ void initialise_crypt(char* remote, char* username, char* (*reader)(void))
/**
* Perform token authentication
*
- * @return Whether the user got automatically authenticated
+ * @return 0: failed, 1: success, 2: auto-authenticated
*/
char authenticate_crypt(void)
{
@@ -111,11 +111,11 @@ char authenticate_crypt(void)
#endif
if (!(crypted && *crypted)) /* empty means that no passphrase is required (not even Enter) */
- return 1;
+ return 2;
entered = crypt(passphrase_reader(), crypted /* salt argument stops parsing when encrypted begins */);
if (entered && !strcmp(entered, crypted))
- return 0;
+ return 1;
/* Clear ISIG (and everything else) to prevent the user
* from skipping the brute force protection sleep. */
@@ -124,7 +124,6 @@ char authenticate_crypt(void)
tcsetattr(STDIN_FILENO, TCSAFLUSH, &stty);
printf("Incorrect passphrase\n");
- sleep(FAILURE_SLEEP);
- _exit(1);
+ return 0;
}
diff --git a/src/auth/crypt.h b/src/auth/crypt.h
index 478b138..1ba7717 100644
--- a/src/auth/crypt.h
+++ b/src/auth/crypt.h
@@ -32,7 +32,7 @@ void initialise_crypt(char* remote, char* username, char* (*reader)(void));
/**
* Perform token authentication
*
- * @return Whether the user got automatically authenticated
+ * @return 0: failed, 1: success, 2: auto-authenticated
*/
char authenticate_crypt(void);
diff --git a/src/auth/pam.c b/src/auth/pam.c
index 0a08343..61ef1fe 100644
--- a/src/auth/pam.c
+++ b/src/auth/pam.c
@@ -210,7 +210,7 @@ void quit_pam(int sig)
/**
* Perform token authentication
*
- * @return Whether the user got automatically authenticated
+ * @return 0: failed, 1: success, 2: auto-authenticated
*/
char authenticate_pam(void)
{
@@ -227,11 +227,10 @@ char authenticate_pam(void)
printf("Incorrect passphrase\n");
pam_end(handle, rc);
- sleep(FAILURE_SLEEP);
- _exit(1);
+ return 0;
}
- return auto_authenticated;
+ return auto_authenticated ? 2 : 1;
}
diff --git a/src/auth/pam.h b/src/auth/pam.h
index 62e2a2f..86bd64f 100644
--- a/src/auth/pam.h
+++ b/src/auth/pam.h
@@ -47,7 +47,7 @@ void close_session_pam(void);
/**
* Perform token authentication
*
- * @return Whether the user got automatically authenticated
+ * @return 0: failed, 1: success, 2: auto-authenticated
*/
char authenticate_pam(void);
diff --git a/src/cerberus.c b/src/cerberus.c
index 9563ede..1479771 100644
--- a/src/cerberus.c
+++ b/src/cerberus.c
@@ -291,13 +291,26 @@ void do_login(int argc, char** argv)
/* Verify passphrase or other token, if -f has not been used */
+ ret = 2;
#if AUTH == 0
(void) hostname;
#else
initialise_login(hostname, username, read_passphrase);
- if ((skip_auth == 0) && authenticate_login())
+ if (skip_auth == 0)
+ ret = authenticate_login();
#endif
+ if (ret == 2)
printf("(auto-authenticated)\n");
+ if (ret == 0)
+ {
+ if (fork() == 0)
+ {
+ exec_hook(HOOK_DENIED, argc, argv);
+ _exit(0);
+ }
+ sleep(FAILURE_SLEEP);
+ _exit(1);
+ }
#if AUTH > 0
/* Passphrase entered, turn off timeout */
generated by cgit v1.2.3-70-g09d2 (git 2.51.0) at 2026-02-20 21:47:24 +0000