aboutsummaryrefslogtreecommitdiffstats
path: root/src/cerberus.c
diff options
context:
space:
mode:
authorMattias Andrée <maandree@operamail.com>2013-11-21 21:15:04 +0100
committerMattias Andrée <maandree@operamail.com>2013-11-21 21:15:04 +0100
commit382fccc29404671b6cc7b2b599c15e32e306ee4f (patch)
tree76f2b497a83bc3ef37f5cbaa539af753526ff875 /src/cerberus.c
parentsome work on pam usage (diff)
downloadlibpassphrase-382fccc29404671b6cc7b2b599c15e32e306ee4f.tar.gz
libpassphrase-382fccc29404671b6cc7b2b599c15e32e306ee4f.tar.bz2
libpassphrase-382fccc29404671b6cc7b2b599c15e32e306ee4f.tar.xz
auth with pam
Signed-off-by: Mattias Andrée <maandree@operamail.com>
Diffstat (limited to '')
-rw-r--r--src/cerberus.c44
1 files changed, 32 insertions, 12 deletions
diff --git a/src/cerberus.c b/src/cerberus.c
index 06b83df..d18b690 100644
--- a/src/cerberus.c
+++ b/src/cerberus.c
@@ -22,13 +22,26 @@
#ifdef USE_TTY_GROUP
+/**
+ * The group ID for the `tty` group
+ */
static gid_t tty_group = 0;
#endif
+
+/**
+ * The user's entry in the password file
+ */
static struct passwd* entry;
-static pid_t child_pid;
+/**
+ * The process ID of the child process, 0 if none
+ */
+pid_t child_pid = 0;
-void do_login(int argc, char** argv);
+/**
+ * The passphrase
+ */
+char* passphrase = NULL;
/**
@@ -70,7 +83,6 @@ void do_login(int argc, char** argv)
{
char* username = NULL;
char* hostname = NULL;
- char* passphrase = NULL;
char preserve_env = 0;
char skip_auth = 0;
int ret;
@@ -202,18 +214,15 @@ void do_login(int argc, char** argv)
username = entry->pw_name;
- /* Get the passphrase, if -f has not been used */
- if (skip_auth == 0)
- {
- passphrase = get_passphrase();
- printf("\n");
- }
+
+ /* Verify passphrase or other token, if -f has not been used */
+ initialise_pam(hostname, username, read_passphrase);
+ if ((skip_auth == 0) && authenticate_pam())
+ printf("(auto-authenticated)\n");
/* Passphrase entered, turn off timeout */
alarm(0);
- /* TODO verify passphrase */
-
/* Wipe and free the passphrase from the memory */
if ((skip_auth == 0) && passphrase)
{
@@ -223,7 +232,6 @@ void do_login(int argc, char** argv)
free(passphrase);
}
-
/* Reset terminal settings */
reenable_echo();
@@ -282,3 +290,15 @@ void do_login(int argc, char** argv)
exec_shell(entry);
}
+
+/**
+ * Read passphrase from the terminal
+ *
+ * @return The entered passphrase
+ */
+char* read_passphrase(void)
+{
+ passphrase = get_passphrase();
+ return passphrase;
+}
+