diff options
author | Mattias Andrée <maandree@operamail.com> | 2013-11-18 22:28:51 +0100 |
---|---|---|
committer | Mattias Andrée <maandree@operamail.com> | 2013-11-18 22:28:51 +0100 |
commit | 1a57451434b9941ea5497dba9017b715826608fd (patch) | |
tree | 4aa3e6d7aea29d91012e2822a78ccf743b060716 | |
parent | m (diff) | |
download | libpassphrase-1a57451434b9941ea5497dba9017b715826608fd.tar.gz libpassphrase-1a57451434b9941ea5497dba9017b715826608fd.tar.bz2 libpassphrase-1a57451434b9941ea5497dba9017b715826608fd.tar.xz |
m
Signed-off-by: Mattias Andrée <maandree@operamail.com>
Diffstat (limited to '')
-rw-r--r-- | Makefile | 6 | ||||
-rw-r--r-- | configurable-definitions | 7 | ||||
-rw-r--r-- | src/cerberus.c | 68 | ||||
-rw-r--r-- | src/cerberus.h | 7 | ||||
-rw-r--r-- | src/config.h | 54 | ||||
-rw-r--r-- | src/login.c | 116 | ||||
-rw-r--r-- | src/login.h | 49 | ||||
-rw-r--r-- | src/passphrase.c | 11 | ||||
-rw-r--r-- | src/passphrase.h | 13 | ||||
-rw-r--r-- | src/quit.c | 5 | ||||
-rw-r--r-- | src/quit.h | 15 | ||||
-rw-r--r-- | src/security.c | 16 | ||||
-rw-r--r-- | src/security.h | 25 |
13 files changed, 279 insertions, 113 deletions
@@ -28,7 +28,7 @@ VCS_LEN = $(shell vcs="$(VCS)" ; echo "$${$(H)vcs}") VCSA_LEN = $(shell vcsa="$(VCSA)" ; echo "$${$(H)vcsa}") VCS_VCSA_LEN = $(shell (echo $(VCS_LEN) ; echo $(VCSA_LEN)) | sort -n | tail -n 1) -STR_DEFS = TTY_GROUP DEFAULT_HOME DEFAULT_SHELL DEFAULT_TERM PATH PATH_ROOT +STR_DEFS = TTY_GROUP DEFAULT_HOME DEFAULT_SHELL DEFAULT_TERM PATH PATH_ROOT VCS VCSA INT_DEFS = VCS_LEN VCSA_LEN VCS_VCSA_LEN STR_CPPFLAGS = $(foreach D, $(STR_DEFS), -D'$(D)="$($(D))"') @@ -42,7 +42,7 @@ CFLAGS = -std=gnu99 -Wall -Wextra CC_FLAGS = $(CPPFLAGS) $(CFLAGS) $(OPTIMISE) LD_FLAGS = $(LDFLAGS) $(CFLAGS) $(OPTIMISE) -SRC = cerberus passphrase quit security +SRC = cerberus passphrase quit security login OBJ = $(foreach S, $(SRC), obj/$(S).o) @@ -55,7 +55,7 @@ bin/cerberus: $(OBJ) $(CC) $(LD_FLAGS) -o "$@" $^ -obj/%.o: src/%.c src/%.h +obj/%.o: src/%.c src/%.h src/config.h @mkdir -p obj $(CC) $(CC_FLAGS) -o "$@" -c "$<" diff --git a/configurable-definitions b/configurable-definitions index 751e192..991f0b5 100644 --- a/configurable-definitions +++ b/configurable-definitions @@ -10,17 +10,18 @@ USE_TTY_GROUP (default: undefinied, type: #ifdef) FAILURE_SLEEP (default: 5, type: float) - Number of seconds to sleep on login failure. + Number of seconds to sleep on login failure ERROR_SLEEP (default: 2, type: float) - Number of seconds to sleep on error. + Number of seconds to sleep on error, + so the user has time to read the error message TIMEOUT_SECONDS (default: 60, type: int) - Number of seconds before timeout when waiting for a passphrase. + Number of seconds before timeout when waiting for a passphrase OWN_VCSA (default: undefinied, type: #ifdef) diff --git a/src/cerberus.c b/src/cerberus.c index 49e9857..807db40 100644 --- a/src/cerberus.c +++ b/src/cerberus.c @@ -25,11 +25,6 @@ /** - * The environment variables - */ -extern char** environ; - -/** * Mane method * * @param argc The number of command line arguments @@ -188,66 +183,9 @@ int main(int argc, char** argv) /* TODO login */ - - /* Change directory */ - if (chdir(entry->pw_dir)) - { - perror("chdir"); - if (chdir(DEFAULT_HOME)) - { - perror("chdir"); - sleep(ERROR_SLEEP); - return 1; - } - entry->pw_dir = DEFAULT_HOME; - } - - /* Make sure the shell to use is definied */ - if ((entry->pw_shell && *(entry->pw_shell)) == 0) - entry->pw_shell = DEFAULT_SHELL; - - /* Set environment variables */ - { - char* _term = getenv("TERM"); - char* term = NULL; - if (_term) - { - int n = 0, i; - while (*(_term + n++)) - ; - term = malloc(n * sizeof(char)); - if (term == NULL) - { - perror("malloc"); - sleep(ERROR_SLEEP); - return 1; - } - for (i = 0; i < n; i++) - *(term + i) = *(_term + i); - } - - if (preserve_env == 0) - { - environ = malloc(sizeof(char*)); - if (environ == NULL) - { - perror("malloc"); - sleep(ERROR_SLEEP); - return 1; - } - *environ = NULL; - } - - setenv("HOME", entry->pw_dir, 1); - setenv("USER", entry->pw_name, 1); - setenv("LOGUSER", entry->pw_name, 1); - setenv("SHELL", entry->pw_shell, 1); - setenv("TERM", term ?: DEFAULT_TERM, 1); - setenv("PATH", entry->pw_uid ? PATH : PATH_ROOT, 1); - - if (term) - free(term); - } + chdir_home(entry); + ensure_shell(entry); + set_environ(entry, preserve_env); /* Reset terminal ownership and mode */ diff --git a/src/cerberus.h b/src/cerberus.h index acafddf..3f10bee 100644 --- a/src/cerberus.h +++ b/src/cerberus.h @@ -28,11 +28,8 @@ #include "passphrase.h" #include "quit.h" +#include "login.h" #include "security.h" +#include "login.h" -/* The number of seconds before the program times out */ -#ifndef TIMEOUT_SECONDS -#define TIMEOUT_SECONDS 60 -#endif - diff --git a/src/config.h b/src/config.h new file mode 100644 index 0000000..acf596c --- /dev/null +++ b/src/config.h @@ -0,0 +1,54 @@ +/** + * cerberus – Minimal login program + * + * Copyright © 2013 Mattias Andrée (maandree@member.fsf.org) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +#ifndef __CONFIG_H__ +#define __CONFIG_H__ + + +/** + * Mode for TTY devices + */ +#ifndef TTY_PERM +#define TTY_PERM 0600 +#endif + +/** + * Number of seconds to sleep on login failure + */ +#ifndef FAILURE_SLEEP +#define FAILURE_SLEEP 5 +#endif + +/** + * Number of seconds to sleep on error, + * so the user has time to read the error message + */ +#ifndef ERROR_SLEEP +#define ERROR_SLEEP 2 +#endif + +/** + * Number of seconds before timeout when waiting for a passphrase + */ +#ifndef TIMEOUT_SECONDS +#define TIMEOUT_SECONDS 60 +#endif + + +#endif + diff --git a/src/login.c b/src/login.c new file mode 100644 index 0000000..5a97fb6 --- /dev/null +++ b/src/login.c @@ -0,0 +1,116 @@ +/** + * cerberus – Minimal login program + * + * Copyright © 2013 Mattias Andrée (maandree@member.fsf.org) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +#include <pwd.h> +#include <stdlib.h> +#include <stdio.h> +#include <unistd.h> + +#include "config.h" + +#include "login.h" + + +/** + * The environment variables + */ +extern char** environ; + + +/** + * Change directory to the user's home directory + * + * @param entry The user entry in the password file + */ +void chdir_home(struct passwd* entry) +{ + if (chdir(entry->pw_dir)) + { + perror("chdir"); + if (chdir(DEFAULT_HOME)) + { + perror("chdir"); + sleep(ERROR_SLEEP); + _exit(1); + } + entry->pw_dir = DEFAULT_HOME; + } +} + + +/** + * Make sure the shell to use is definied + * + * @param entry The user entry in the password file + */ +void ensure_shell(struct passwd* entry) +{ + if ((entry->pw_shell && *(entry->pw_shell)) == 0) + entry->pw_shell = DEFAULT_SHELL; +} + + +/** + * Set environment variables + * + * @param entry The user entry in the password file + * @param preserve_env Whether to preserve the environment + */ +void set_environ(struct passwd* entry, char preserve_env) +{ + char* _term = getenv("TERM"); + char* term = NULL; + if (_term) + { + int n = 0, i; + while (*(_term + n++)) + ; + term = malloc(n * sizeof(char)); + if (term == NULL) + { + perror("malloc"); + sleep(ERROR_SLEEP); + _exit(1); + } + for (i = 0; i < n; i++) + *(term + i) = *(_term + i); + } + + if (preserve_env == 0) + { + environ = malloc(sizeof(char*)); + if (environ == NULL) + { + perror("malloc"); + sleep(ERROR_SLEEP); + _exit(1); + } + *environ = NULL; + } + + setenv("HOME", entry->pw_dir, 1); + setenv("USER", entry->pw_name, 1); + setenv("LOGUSER", entry->pw_name, 1); + setenv("SHELL", entry->pw_shell, 1); + setenv("TERM", term ?: DEFAULT_TERM, 1); + setenv("PATH", entry->pw_uid ? PATH : PATH_ROOT, 1); + + if (term) + free(term); +} + diff --git a/src/login.h b/src/login.h new file mode 100644 index 0000000..43cb302 --- /dev/null +++ b/src/login.h @@ -0,0 +1,49 @@ +/** + * cerberus – Minimal login program + * + * Copyright © 2013 Mattias Andrée (maandree@member.fsf.org) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +#ifndef __LOGIN_H__ +#define __LOGIN_H__ + +#include <pwd.h> + + +/** + * Change directory to the user's home directory + * + * @param entry The user entry in the password file + */ +void chdir_home(struct passwd* entry); + +/** + * Make sure the shell to use is definied + * + * @param entry The user entry in the password file + */ +void ensure_shell(struct passwd* entry); + +/** + * Set environment variables + * + * @param entry The user entry in the password file + * @param preserve_env Whether to preserve the environment + */ +void set_environ(struct passwd* entry, char preserve_env); + + +#endif + diff --git a/src/passphrase.c b/src/passphrase.c index 4b6af86..9482ba1 100644 --- a/src/passphrase.c +++ b/src/passphrase.c @@ -16,6 +16,13 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#include <stdlib.h> +#include <stdio.h> +#include <termios.h> +#include <unistd.h> + +#include "config.h" + #include "passphrase.h" @@ -70,7 +77,7 @@ char* get_passphrase(void) /** * Disable echoing and do anything else to the terminal settnings `get_passphrase` requires */ -void disable_echo() +void disable_echo(void) { struct termios stty; @@ -84,7 +91,7 @@ void disable_echo() /** * Undo the actions of `disable_echo` */ -void reenable_echo() +void reenable_echo(void) { tcsetattr(STDIN_FILENO, TCSAFLUSH, &saved_stty); } diff --git a/src/passphrase.h b/src/passphrase.h index 160e334..18b84ae 100644 --- a/src/passphrase.h +++ b/src/passphrase.h @@ -16,10 +16,8 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ -#include <stdlib.h> -#include <stdio.h> -#include <termios.h> -#include <unistd.h> +#ifndef __PASSPHRASE_H__ +#define __PASSPHRASE_H__ /** @@ -32,10 +30,13 @@ char* get_passphrase(void); /** * Disable echoing and do anything else to the terminal settnings `get_passphrase` requires */ -void disable_echo(); +void disable_echo(void); /** * Undo the actions of `disable_echo` */ -void reenable_echo(); +void reenable_echo(void); + + +#endif @@ -16,6 +16,11 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#include <stdio.h> +#include <unistd.h> + +#include "config.h" +#include "passphrase.h" #include "quit.h" @@ -16,16 +16,8 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ -#include <stdio.h> -#include <unistd.h> - -#include "passphrase.h" - - -/* Number of seconds to sleep on error, so the user has time to read the error message */ -#ifndef ERROR_SLEEP -#define ERROR_SLEEP 2 -#endif +#ifndef __QUIT_H__ +#define __QUIT_H__ /** @@ -42,3 +34,6 @@ void timeout_quit(int signal); */ void user_quit(int signal); + +#endif + diff --git a/src/security.c b/src/security.c index a273cf0..b645b32 100644 --- a/src/security.c +++ b/src/security.c @@ -16,6 +16,20 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#include <unistd.h> +#include <sys/stat.h> +#include <stdio.h> +#include <termios.h> +#include <fcntl.h> +#include <signal.h> +#include <stropts.h> +#if defined(OWN_VCSA) || defined(OWN_VCS) +#include <string.h> +#include <linux/vt.h> +#endif + +#include "config.h" + #include "security.h" @@ -80,7 +94,7 @@ void secure_tty(gid_t group) * @param group The group, -1 for unchanged * @param with_fail Abort on failure */ -void chown_tty(uid_t owner, gid_t group, int with_fail) +void chown_tty(uid_t owner, gid_t group, char with_fail) { #if defined(OWN_VCSA) || defined(OWN_VCS) struct vt_stat vtstat; diff --git a/src/security.h b/src/security.h index 5e291ff..3a218d9 100644 --- a/src/security.h +++ b/src/security.h @@ -16,24 +16,10 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ -#include <unistd.h> -#include <sys/stat.h> -#include <stdio.h> -#include <termios.h> -#include <fcntl.h> -#include <signal.h> -#include <string.h> -#include <stropts.h> -#include <linux/vt.h> +#ifndef __SECURITY_H__ +#define __SECURITY_H__ - -#ifndef TTY_PERM -#define TTY_PERM 0600 -#endif - -#ifndef FAILURE_SLEEP -#define FAILURE_SLEEP 5 -#endif +#include <sys/types.h> /** @@ -50,5 +36,8 @@ void secure_tty(gid_t group); * @param group The group, -1 for unchanged * @param with_fail Abort on failure */ -void chown_tty(uid_t owner, gid_t group, int with_fail); +void chown_tty(uid_t owner, gid_t group, char with_fail); + + +#endif |