auth with pam

Signed-off-by: Mattias Andrée <maandree@operamail.com>

1 files changed, 32 insertions, 12 deletions

diff --git a/src/cerberus.c b/src/cerberus.c
index 06b83df..d18b690 100644
--- a/src/cerberus.c
+++ b/src/cerberus.c
@@ -22,13 +22,26 @@
 
 
 #ifdef USE_TTY_GROUP
+/**
+ * The group ID for the `tty` group
+ */
 static gid_t tty_group = 0;
 #endif
+
+/**
+ * The user's entry in the password file
+ */
 static struct passwd* entry;
-static pid_t child_pid;
 
+/**
+ * The process ID of the child process, 0 if none
+ */
+pid_t child_pid = 0;
 
-void do_login(int argc, char** argv);
+/**
+ * The passphrase
+ */
+char* passphrase = NULL;
 
 
 /**
@@ -70,7 +83,6 @@ void do_login(int argc, char** argv)
 {
   char* username = NULL;
   char* hostname = NULL;
-  char* passphrase = NULL;
   char preserve_env = 0;
   char skip_auth = 0;
   int ret;
@@ -202,18 +214,15 @@ void do_login(int argc, char** argv)
   username = entry->pw_name;
   
   
-  /* Get the passphrase, if -f has not been used */
-  if (skip_auth == 0)
-    {
-      passphrase = get_passphrase();
-      printf("\n");
-    }
+  
+  /* Verify passphrase or other token, if -f has not been used */
+  initialise_pam(hostname, username, read_passphrase);
+  if ((skip_auth == 0) && authenticate_pam())
+    printf("(auto-authenticated)\n");
   
   /* Passphrase entered, turn off timeout */
   alarm(0);
   
-  /* TODO verify passphrase */
-  
   /* Wipe and free the passphrase from the memory */
   if ((skip_auth == 0) && passphrase)
     {
@@ -223,7 +232,6 @@ void do_login(int argc, char** argv)
       free(passphrase);
     }
   
-  
   /* Reset terminal settings */
   reenable_echo();
   
@@ -282,3 +290,15 @@ void do_login(int argc, char** argv)
   exec_shell(entry);
 }
 
+
+/**
+ * Read passphrase from the terminal
+ * 
+ * @return  The entered passphrase
+ */
+char* read_passphrase(void)
+{
+  passphrase = get_passphrase();
+  return passphrase;
+}
+