optionally use PAM

Signed-off-by: Mattias Andrée <maandree@operamail.com>

7 files changed, 86 insertions, 23 deletions

diff --git a/Makefile b/Makefile
index 185cc4c..fa4d685 100644
--- a/Makefile
+++ b/Makefile
@@ -14,6 +14,7 @@ _LS = $(LOCAL_PREFIX)$(SBIN)
 _US = $(USR_PREFIX)$(SBIN)
 _SS = $(SBIN)
 
+AUTH = pam
 TTY_GROUP = tty
 DEFAULT_HOME = /
 DEFAULT_SH = sh
@@ -24,26 +25,35 @@ VCSA = $(DEV)/vcsa
 PATH = $(_LB):$(_UB):$(_SB)
 PATH_ROOT = $(_LS):$(_LB):$(_US):$(_UB):$(_SS):$(_SB)
 
+auth_none = 0
+auth_pam = 1
+
 H = \#
 VCS_LEN = $(shell vcs="$(VCS)" ; echo "$${$(H)vcs}")
 VCSA_LEN = $(shell vcsa="$(VCSA)" ; echo "$${$(H)vcsa}")
 VCS_VCSA_LEN = $(shell (echo $(VCS_LEN) ; echo $(VCSA_LEN)) | sort -n | tail -n 1)
 
 STR_DEFS = TTY_GROUP DEFAULT_HOME DEFAULT_SH DEFAULT_SHELL DEFAULT_TERM PATH PATH_ROOT VCS VCSA
-INT_DEFS = VCS_LEN VCSA_LEN VCS_VCSA_LEN
+VRB_DEFS = VCS_LEN VCSA_LEN VCS_VCSA_LEN
 
 STR_CPPFLAGS = $(foreach D, $(STR_DEFS), -D'$(D)="$($(D))"')
-INT_CPPFLAGS = $(foreach D, $(INT_DEFS), -D'$(D)=$($(D))')
+VRB_CPPFLAGS = $(foreach D, $(VRB_DEFS), -D'$(D)=$($(D))') -DAUTH=$(auth_$(AUTH))
 
 OPTIMISE = -Os
-CPPFLAGS = $(EXTRA_CPP_FLAGS) $(STR_CPPFLAGS) $(INT_CPPFLAGS)
-LDFLAGS = -lpam
+CPPFLAGS = $(EXTRA_CPP_FLAGS) $(STR_CPPFLAGS) $(VRB_CPPFLAGS)
 CFLAGS = -std=gnu99 -Wall -Wextra
+LDFLAGS =
+ifeq ($(AUTH),pam)
+LDFLAGS += -lpam
+endif
 
 CC_FLAGS = $(CPPFLAGS) $(CFLAGS) $(OPTIMISE)
 LD_FLAGS = $(LDFLAGS) $(CFLAGS) $(OPTIMISE)
 
-SRC = cerberus passphrase quit security login pam
+SRC = cerberus passphrase quit security login
+ifneq ($(AUTH),none)
+SRC += auth/$(AUTH)
+endif
 OBJ = $(foreach S, $(SRC), obj/$(S).o)
 
 
@@ -56,9 +66,9 @@ bin/cerberus: $(OBJ)
 	$(CC) $(LD_FLAGS) -o "$@" $^
 
 
-obj/cerberus.o: $(foreach H, $(SRC), src/$(H).h)
+obj/cerberus.o: $(foreach H, $(SRC), src/$(H).h) src/auth.h
 obj/%.o: src/%.c src/%.h src/config.h
-	@mkdir -p obj
+	@mkdir -p "$(shell dirname "$@")"
 	$(CC) $(CC_FLAGS) -o "$@" -c "$<"
 
 
diff --git a/configurable-definitions b/configurable-definitions
index 991f0b5..bbc3135 100644
--- a/configurable-definitions
+++ b/configurable-definitions
@@ -1,35 +1,43 @@
 TTY_PERM  (default: 0600, type: int)
 
-   Mode for TTY devices
+    Mode for TTY devices
 
 
 USE_TTY_GROUP (default: undefinied, type: #ifdef)
 
-   Use the group tty for group ownership of TTY devices
+    Use the group tty for group ownership of TTY devices
 
 
 FAILURE_SLEEP  (default: 5, type: float)
 
-   Number of seconds to sleep on login failure
+    Number of seconds to sleep on login failure
 
 
 ERROR_SLEEP  (default: 2, type: float)
 
-   Number of seconds to sleep on error,
-   so the user has time to read the error message
+    Number of seconds to sleep on error,
+    so the user has time to read the error message
 
 
 TIMEOUT_SECONDS  (default: 60, type: int)
 
-   Number of seconds before timeout when waiting for a passphrase
+    Number of seconds before timeout when waiting for a passphrase
 
 
 OWN_VCSA (default: undefinied, type: #ifdef)
 
-   Take ownership of and change mode of VCSA device 
+    Take ownership of and change mode of VCSA device 
 
 
 OWN_VCS (default: undefinied, type: #ifdef)
 
-   Take ownership of and change mode of VCS device 
+    Take ownership of and change mode of VCS device 
+
+
+AUTH (default: pam, type: name)
+
+    Authentication module. One of:
+
+        pam	   -- Pluggable Authentication Module (PAM)
+	none	   -- Always auto-authenticate
 
diff --git a/src/auth.h b/src/auth.h
new file mode 100644
index 0000000..c24a70d
--- /dev/null
+++ b/src/auth.h
@@ -0,0 +1,45 @@
+/**
+ * cerberus – Minimal login program
+ * 
+ * Copyright © 2013  Mattias Andrée (maandree@member.fsf.org)
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef __AUTH_H__
+#define __AUTH_H__
+
+
+
+#if AUTH == 0
+
+#define  close_login_session(...)  /* do nothing */
+#define  initialise_login(...)     (void) hostname
+#define  authenticate_login(...)   1
+#define  verify_account(...)       /* do nothing */
+#define  open_login_session(...)   /* do nothing */
+
+#elif AUTH == 1
+
+#include "auth/pam.h"
+#define  close_login_session  close_session_pam
+#define  initialise_login     initialise_pam
+#define  authenticate_login   authenticate_pam
+#define  verify_account       verify_account_pam
+#define  open_login_session   open_session_pam
+
+#endif
+
+
+#endif
+
diff --git a/src/pam.c b/src/auth/pam.c
index 288196e..e02aed1 100644
--- a/src/pam.c
+++ b/src/auth/pam.c
@@ -23,7 +23,7 @@
 #include <security/pam_appl.h>
 #include <security/pam_misc.h>
 
-#include "config.h"
+#include "../config.h"
 
 #include "pam.h"
 
diff --git a/src/pam.h b/src/auth/pam.h
index ee766df..ee766df 100644
--- a/src/pam.h
+++ b/src/auth/pam.h
diff --git a/src/cerberus.c b/src/cerberus.c
index 03a7a75..f20e600 100644
--- a/src/cerberus.c
+++ b/src/cerberus.c
@@ -67,7 +67,7 @@ int main(int argc, char** argv)
   chown_tty(0, tty_group, 0);
   
   /* Close login session */
-  close_session_pam();
+  close_login_session();
   
   return 0;
 }
@@ -215,8 +215,8 @@ void do_login(int argc, char** argv)
   
   
   /* Verify passphrase or other token, if -f has not been used */
-  initialise_pam(hostname, username, read_passphrase);
-  if ((skip_auth == 0) && authenticate_pam())
+  initialise_login(hostname, username, read_passphrase);
+  if ((skip_auth == 0) && authenticate_login())
     printf("(auto-authenticated)\n");
   
   /* Passphrase entered, turn off timeout */
@@ -236,7 +236,7 @@ void do_login(int argc, char** argv)
   
   
   /* Verify account, such as that it is enabled */
-  verify_account_pam();
+  verify_account();
   
   
   /* Partial login */
@@ -244,7 +244,7 @@ void do_login(int argc, char** argv)
   chdir_home(entry);
   ensure_shell(entry);
   set_environ(entry, preserve_env);
-  open_session_pam();
+  open_login_session();
   
   
   /* Stop signal handling */
@@ -260,7 +260,7 @@ void do_login(int argc, char** argv)
   if (child_pid == -1)
     {
       perror("fork");
-      close_session_pam();
+      close_login_session();
       sleep(ERROR_SLEEP);
       _exit(1);
     }
diff --git a/src/cerberus.h b/src/cerberus.h
index 5c5a240..5851524 100644
--- a/src/cerberus.h
+++ b/src/cerberus.h
@@ -39,7 +39,7 @@
 #include "quit.h"
 #include "login.h"
 #include "security.h"
-#include "pam.h"
+#include "auth.h"
 
 
 #ifndef USE_TTY_GROUP