aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMattias Andrée <maandree@operamail.com>2013-11-22 06:31:37 +0100
committerMattias Andrée <maandree@operamail.com>2013-11-22 06:31:37 +0100
commit094cd2dbd5e79e8ad607286f8af2ebd27fd8ed7a (patch)
treeceda0607d4d3a8333f0d6b438965c9e27a847b56
parentpam_acct_mgmt freezes (diff)
downloadlibpassphrase-094cd2dbd5e79e8ad607286f8af2ebd27fd8ed7a.tar.gz
libpassphrase-094cd2dbd5e79e8ad607286f8af2ebd27fd8ed7a.tar.bz2
libpassphrase-094cd2dbd5e79e8ad607286f8af2ebd27fd8ed7a.tar.xz
optionally use PAM
Signed-off-by: Mattias Andrée <maandree@operamail.com>
-rw-r--r--Makefile24
-rw-r--r--configurable-definitions24
-rw-r--r--src/auth.h45
-rw-r--r--src/auth/pam.c (renamed from src/pam.c)2
-rw-r--r--src/auth/pam.h (renamed from src/pam.h)0
-rw-r--r--src/cerberus.c12
-rw-r--r--src/cerberus.h2
7 files changed, 86 insertions, 23 deletions
diff --git a/Makefile b/Makefile
index 185cc4c..fa4d685 100644
--- a/Makefile
+++ b/Makefile
@@ -14,6 +14,7 @@ _LS = $(LOCAL_PREFIX)$(SBIN)
_US = $(USR_PREFIX)$(SBIN)
_SS = $(SBIN)
+AUTH = pam
TTY_GROUP = tty
DEFAULT_HOME = /
DEFAULT_SH = sh
@@ -24,26 +25,35 @@ VCSA = $(DEV)/vcsa
PATH = $(_LB):$(_UB):$(_SB)
PATH_ROOT = $(_LS):$(_LB):$(_US):$(_UB):$(_SS):$(_SB)
+auth_none = 0
+auth_pam = 1
+
H = \#
VCS_LEN = $(shell vcs="$(VCS)" ; echo "$${$(H)vcs}")
VCSA_LEN = $(shell vcsa="$(VCSA)" ; echo "$${$(H)vcsa}")
VCS_VCSA_LEN = $(shell (echo $(VCS_LEN) ; echo $(VCSA_LEN)) | sort -n | tail -n 1)
STR_DEFS = TTY_GROUP DEFAULT_HOME DEFAULT_SH DEFAULT_SHELL DEFAULT_TERM PATH PATH_ROOT VCS VCSA
-INT_DEFS = VCS_LEN VCSA_LEN VCS_VCSA_LEN
+VRB_DEFS = VCS_LEN VCSA_LEN VCS_VCSA_LEN
STR_CPPFLAGS = $(foreach D, $(STR_DEFS), -D'$(D)="$($(D))"')
-INT_CPPFLAGS = $(foreach D, $(INT_DEFS), -D'$(D)=$($(D))')
+VRB_CPPFLAGS = $(foreach D, $(VRB_DEFS), -D'$(D)=$($(D))') -DAUTH=$(auth_$(AUTH))
OPTIMISE = -Os
-CPPFLAGS = $(EXTRA_CPP_FLAGS) $(STR_CPPFLAGS) $(INT_CPPFLAGS)
-LDFLAGS = -lpam
+CPPFLAGS = $(EXTRA_CPP_FLAGS) $(STR_CPPFLAGS) $(VRB_CPPFLAGS)
CFLAGS = -std=gnu99 -Wall -Wextra
+LDFLAGS =
+ifeq ($(AUTH),pam)
+LDFLAGS += -lpam
+endif
CC_FLAGS = $(CPPFLAGS) $(CFLAGS) $(OPTIMISE)
LD_FLAGS = $(LDFLAGS) $(CFLAGS) $(OPTIMISE)
-SRC = cerberus passphrase quit security login pam
+SRC = cerberus passphrase quit security login
+ifneq ($(AUTH),none)
+SRC += auth/$(AUTH)
+endif
OBJ = $(foreach S, $(SRC), obj/$(S).o)
@@ -56,9 +66,9 @@ bin/cerberus: $(OBJ)
$(CC) $(LD_FLAGS) -o "$@" $^
-obj/cerberus.o: $(foreach H, $(SRC), src/$(H).h)
+obj/cerberus.o: $(foreach H, $(SRC), src/$(H).h) src/auth.h
obj/%.o: src/%.c src/%.h src/config.h
- @mkdir -p obj
+ @mkdir -p "$(shell dirname "$@")"
$(CC) $(CC_FLAGS) -o "$@" -c "$<"
diff --git a/configurable-definitions b/configurable-definitions
index 991f0b5..bbc3135 100644
--- a/configurable-definitions
+++ b/configurable-definitions
@@ -1,35 +1,43 @@
TTY_PERM (default: 0600, type: int)
- Mode for TTY devices
+ Mode for TTY devices
USE_TTY_GROUP (default: undefinied, type: #ifdef)
- Use the group tty for group ownership of TTY devices
+ Use the group tty for group ownership of TTY devices
FAILURE_SLEEP (default: 5, type: float)
- Number of seconds to sleep on login failure
+ Number of seconds to sleep on login failure
ERROR_SLEEP (default: 2, type: float)
- Number of seconds to sleep on error,
- so the user has time to read the error message
+ Number of seconds to sleep on error,
+ so the user has time to read the error message
TIMEOUT_SECONDS (default: 60, type: int)
- Number of seconds before timeout when waiting for a passphrase
+ Number of seconds before timeout when waiting for a passphrase
OWN_VCSA (default: undefinied, type: #ifdef)
- Take ownership of and change mode of VCSA device
+ Take ownership of and change mode of VCSA device
OWN_VCS (default: undefinied, type: #ifdef)
- Take ownership of and change mode of VCS device
+ Take ownership of and change mode of VCS device
+
+
+AUTH (default: pam, type: name)
+
+ Authentication module. One of:
+
+ pam -- Pluggable Authentication Module (PAM)
+ none -- Always auto-authenticate
diff --git a/src/auth.h b/src/auth.h
new file mode 100644
index 0000000..c24a70d
--- /dev/null
+++ b/src/auth.h
@@ -0,0 +1,45 @@
+/**
+ * cerberus – Minimal login program
+ *
+ * Copyright © 2013 Mattias Andrée (maandree@member.fsf.org)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef __AUTH_H__
+#define __AUTH_H__
+
+
+
+#if AUTH == 0
+
+#define close_login_session(...) /* do nothing */
+#define initialise_login(...) (void) hostname
+#define authenticate_login(...) 1
+#define verify_account(...) /* do nothing */
+#define open_login_session(...) /* do nothing */
+
+#elif AUTH == 1
+
+#include "auth/pam.h"
+#define close_login_session close_session_pam
+#define initialise_login initialise_pam
+#define authenticate_login authenticate_pam
+#define verify_account verify_account_pam
+#define open_login_session open_session_pam
+
+#endif
+
+
+#endif
+
diff --git a/src/pam.c b/src/auth/pam.c
index 288196e..e02aed1 100644
--- a/src/pam.c
+++ b/src/auth/pam.c
@@ -23,7 +23,7 @@
#include <security/pam_appl.h>
#include <security/pam_misc.h>
-#include "config.h"
+#include "../config.h"
#include "pam.h"
diff --git a/src/pam.h b/src/auth/pam.h
index ee766df..ee766df 100644
--- a/src/pam.h
+++ b/src/auth/pam.h
diff --git a/src/cerberus.c b/src/cerberus.c
index 03a7a75..f20e600 100644
--- a/src/cerberus.c
+++ b/src/cerberus.c
@@ -67,7 +67,7 @@ int main(int argc, char** argv)
chown_tty(0, tty_group, 0);
/* Close login session */
- close_session_pam();
+ close_login_session();
return 0;
}
@@ -215,8 +215,8 @@ void do_login(int argc, char** argv)
/* Verify passphrase or other token, if -f has not been used */
- initialise_pam(hostname, username, read_passphrase);
- if ((skip_auth == 0) && authenticate_pam())
+ initialise_login(hostname, username, read_passphrase);
+ if ((skip_auth == 0) && authenticate_login())
printf("(auto-authenticated)\n");
/* Passphrase entered, turn off timeout */
@@ -236,7 +236,7 @@ void do_login(int argc, char** argv)
/* Verify account, such as that it is enabled */
- verify_account_pam();
+ verify_account();
/* Partial login */
@@ -244,7 +244,7 @@ void do_login(int argc, char** argv)
chdir_home(entry);
ensure_shell(entry);
set_environ(entry, preserve_env);
- open_session_pam();
+ open_login_session();
/* Stop signal handling */
@@ -260,7 +260,7 @@ void do_login(int argc, char** argv)
if (child_pid == -1)
{
perror("fork");
- close_session_pam();
+ close_login_session();
sleep(ERROR_SLEEP);
_exit(1);
}
diff --git a/src/cerberus.h b/src/cerberus.h
index 5c5a240..5851524 100644
--- a/src/cerberus.h
+++ b/src/cerberus.h
@@ -39,7 +39,7 @@
#include "quit.h"
#include "login.h"
#include "security.h"
-#include "pam.h"
+#include "auth.h"
#ifndef USE_TTY_GROUP