diff options
author | Mattias Andrée <maandree@operamail.com> | 2013-11-22 06:31:37 +0100 |
---|---|---|
committer | Mattias Andrée <maandree@operamail.com> | 2013-11-22 06:31:37 +0100 |
commit | 094cd2dbd5e79e8ad607286f8af2ebd27fd8ed7a (patch) | |
tree | ceda0607d4d3a8333f0d6b438965c9e27a847b56 | |
parent | pam_acct_mgmt freezes (diff) | |
download | libpassphrase-094cd2dbd5e79e8ad607286f8af2ebd27fd8ed7a.tar.gz libpassphrase-094cd2dbd5e79e8ad607286f8af2ebd27fd8ed7a.tar.bz2 libpassphrase-094cd2dbd5e79e8ad607286f8af2ebd27fd8ed7a.tar.xz |
optionally use PAM
Signed-off-by: Mattias Andrée <maandree@operamail.com>
-rw-r--r-- | Makefile | 24 | ||||
-rw-r--r-- | configurable-definitions | 24 | ||||
-rw-r--r-- | src/auth.h | 45 | ||||
-rw-r--r-- | src/auth/pam.c (renamed from src/pam.c) | 2 | ||||
-rw-r--r-- | src/auth/pam.h (renamed from src/pam.h) | 0 | ||||
-rw-r--r-- | src/cerberus.c | 12 | ||||
-rw-r--r-- | src/cerberus.h | 2 |
7 files changed, 86 insertions, 23 deletions
@@ -14,6 +14,7 @@ _LS = $(LOCAL_PREFIX)$(SBIN) _US = $(USR_PREFIX)$(SBIN) _SS = $(SBIN) +AUTH = pam TTY_GROUP = tty DEFAULT_HOME = / DEFAULT_SH = sh @@ -24,26 +25,35 @@ VCSA = $(DEV)/vcsa PATH = $(_LB):$(_UB):$(_SB) PATH_ROOT = $(_LS):$(_LB):$(_US):$(_UB):$(_SS):$(_SB) +auth_none = 0 +auth_pam = 1 + H = \# VCS_LEN = $(shell vcs="$(VCS)" ; echo "$${$(H)vcs}") VCSA_LEN = $(shell vcsa="$(VCSA)" ; echo "$${$(H)vcsa}") VCS_VCSA_LEN = $(shell (echo $(VCS_LEN) ; echo $(VCSA_LEN)) | sort -n | tail -n 1) STR_DEFS = TTY_GROUP DEFAULT_HOME DEFAULT_SH DEFAULT_SHELL DEFAULT_TERM PATH PATH_ROOT VCS VCSA -INT_DEFS = VCS_LEN VCSA_LEN VCS_VCSA_LEN +VRB_DEFS = VCS_LEN VCSA_LEN VCS_VCSA_LEN STR_CPPFLAGS = $(foreach D, $(STR_DEFS), -D'$(D)="$($(D))"') -INT_CPPFLAGS = $(foreach D, $(INT_DEFS), -D'$(D)=$($(D))') +VRB_CPPFLAGS = $(foreach D, $(VRB_DEFS), -D'$(D)=$($(D))') -DAUTH=$(auth_$(AUTH)) OPTIMISE = -Os -CPPFLAGS = $(EXTRA_CPP_FLAGS) $(STR_CPPFLAGS) $(INT_CPPFLAGS) -LDFLAGS = -lpam +CPPFLAGS = $(EXTRA_CPP_FLAGS) $(STR_CPPFLAGS) $(VRB_CPPFLAGS) CFLAGS = -std=gnu99 -Wall -Wextra +LDFLAGS = +ifeq ($(AUTH),pam) +LDFLAGS += -lpam +endif CC_FLAGS = $(CPPFLAGS) $(CFLAGS) $(OPTIMISE) LD_FLAGS = $(LDFLAGS) $(CFLAGS) $(OPTIMISE) -SRC = cerberus passphrase quit security login pam +SRC = cerberus passphrase quit security login +ifneq ($(AUTH),none) +SRC += auth/$(AUTH) +endif OBJ = $(foreach S, $(SRC), obj/$(S).o) @@ -56,9 +66,9 @@ bin/cerberus: $(OBJ) $(CC) $(LD_FLAGS) -o "$@" $^ -obj/cerberus.o: $(foreach H, $(SRC), src/$(H).h) +obj/cerberus.o: $(foreach H, $(SRC), src/$(H).h) src/auth.h obj/%.o: src/%.c src/%.h src/config.h - @mkdir -p obj + @mkdir -p "$(shell dirname "$@")" $(CC) $(CC_FLAGS) -o "$@" -c "$<" diff --git a/configurable-definitions b/configurable-definitions index 991f0b5..bbc3135 100644 --- a/configurable-definitions +++ b/configurable-definitions @@ -1,35 +1,43 @@ TTY_PERM (default: 0600, type: int) - Mode for TTY devices + Mode for TTY devices USE_TTY_GROUP (default: undefinied, type: #ifdef) - Use the group tty for group ownership of TTY devices + Use the group tty for group ownership of TTY devices FAILURE_SLEEP (default: 5, type: float) - Number of seconds to sleep on login failure + Number of seconds to sleep on login failure ERROR_SLEEP (default: 2, type: float) - Number of seconds to sleep on error, - so the user has time to read the error message + Number of seconds to sleep on error, + so the user has time to read the error message TIMEOUT_SECONDS (default: 60, type: int) - Number of seconds before timeout when waiting for a passphrase + Number of seconds before timeout when waiting for a passphrase OWN_VCSA (default: undefinied, type: #ifdef) - Take ownership of and change mode of VCSA device + Take ownership of and change mode of VCSA device OWN_VCS (default: undefinied, type: #ifdef) - Take ownership of and change mode of VCS device + Take ownership of and change mode of VCS device + + +AUTH (default: pam, type: name) + + Authentication module. One of: + + pam -- Pluggable Authentication Module (PAM) + none -- Always auto-authenticate diff --git a/src/auth.h b/src/auth.h new file mode 100644 index 0000000..c24a70d --- /dev/null +++ b/src/auth.h @@ -0,0 +1,45 @@ +/** + * cerberus – Minimal login program + * + * Copyright © 2013 Mattias Andrée (maandree@member.fsf.org) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +#ifndef __AUTH_H__ +#define __AUTH_H__ + + + +#if AUTH == 0 + +#define close_login_session(...) /* do nothing */ +#define initialise_login(...) (void) hostname +#define authenticate_login(...) 1 +#define verify_account(...) /* do nothing */ +#define open_login_session(...) /* do nothing */ + +#elif AUTH == 1 + +#include "auth/pam.h" +#define close_login_session close_session_pam +#define initialise_login initialise_pam +#define authenticate_login authenticate_pam +#define verify_account verify_account_pam +#define open_login_session open_session_pam + +#endif + + +#endif + diff --git a/src/pam.c b/src/auth/pam.c index 288196e..e02aed1 100644 --- a/src/pam.c +++ b/src/auth/pam.c @@ -23,7 +23,7 @@ #include <security/pam_appl.h> #include <security/pam_misc.h> -#include "config.h" +#include "../config.h" #include "pam.h" diff --git a/src/pam.h b/src/auth/pam.h index ee766df..ee766df 100644 --- a/src/pam.h +++ b/src/auth/pam.h diff --git a/src/cerberus.c b/src/cerberus.c index 03a7a75..f20e600 100644 --- a/src/cerberus.c +++ b/src/cerberus.c @@ -67,7 +67,7 @@ int main(int argc, char** argv) chown_tty(0, tty_group, 0); /* Close login session */ - close_session_pam(); + close_login_session(); return 0; } @@ -215,8 +215,8 @@ void do_login(int argc, char** argv) /* Verify passphrase or other token, if -f has not been used */ - initialise_pam(hostname, username, read_passphrase); - if ((skip_auth == 0) && authenticate_pam()) + initialise_login(hostname, username, read_passphrase); + if ((skip_auth == 0) && authenticate_login()) printf("(auto-authenticated)\n"); /* Passphrase entered, turn off timeout */ @@ -236,7 +236,7 @@ void do_login(int argc, char** argv) /* Verify account, such as that it is enabled */ - verify_account_pam(); + verify_account(); /* Partial login */ @@ -244,7 +244,7 @@ void do_login(int argc, char** argv) chdir_home(entry); ensure_shell(entry); set_environ(entry, preserve_env); - open_session_pam(); + open_login_session(); /* Stop signal handling */ @@ -260,7 +260,7 @@ void do_login(int argc, char** argv) if (child_pid == -1) { perror("fork"); - close_session_pam(); + close_login_session(); sleep(ERROR_SLEEP); _exit(1); } diff --git a/src/cerberus.h b/src/cerberus.h index 5c5a240..5851524 100644 --- a/src/cerberus.h +++ b/src/cerberus.h @@ -39,7 +39,7 @@ #include "quit.h" #include "login.h" #include "security.h" -#include "pam.h" +#include "auth.h" #ifndef USE_TTY_GROUP |