aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMattias Andrée <maandree@operamail.com>2013-11-22 09:45:40 +0100
committerMattias Andrée <maandree@operamail.com>2013-11-22 09:45:40 +0100
commit4b204339078eb55ba9309f1fd669b1792d6b43c6 (patch)
treeee1d4a016b24b92201ceada7c1b991a69d8e8af4 /src
parentfix chmod and chown of tty device files (diff)
downloadlibpassphrase-4b204339078eb55ba9309f1fd669b1792d6b43c6.tar.gz
libpassphrase-4b204339078eb55ba9309f1fd669b1792d6b43c6.tar.bz2
libpassphrase-4b204339078eb55ba9309f1fd669b1792d6b43c6.tar.xz
add crypt auth module
Signed-off-by: Mattias Andrée <maandree@operamail.com>
Diffstat (limited to 'src')
-rw-r--r--src/auth.h9
-rw-r--r--src/auth/crypt.c122
-rw-r--r--src/auth/crypt.h41
-rw-r--r--src/cerberus.c2
4 files changed, 174 insertions, 0 deletions
diff --git a/src/auth.h b/src/auth.h
index c24a70d..3851b95 100644
--- a/src/auth.h
+++ b/src/auth.h
@@ -31,6 +31,15 @@
#elif AUTH == 1
+#include "auth/crypt.h"
+#define close_login_session(...) /* do nothing */
+#define initialise_login initialise_crypt
+#define authenticate_login authenticate_crypt
+#define verify_account(...) /* do nothing */
+#define open_login_session(...) /* do nothing */
+
+#elif AUTH == 2
+
#include "auth/pam.h"
#define close_login_session close_session_pam
#define initialise_login initialise_pam
diff --git a/src/auth/crypt.c b/src/auth/crypt.c
new file mode 100644
index 0000000..27238e2
--- /dev/null
+++ b/src/auth/crypt.c
@@ -0,0 +1,122 @@
+/**
+ * cerberus – Minimal login program
+ *
+ * Copyright © 2013 Mattias Andrée (maandree@member.fsf.org)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef NO_SHADOW
+# ifndef HAVE_SHADOW
+# define HAVE_SHADOW
+# endif
+#endif
+
+#define _XOPEN_SOURCE
+#include <unistd.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <string.h>
+#ifdef HAVE_SHADOW
+#include <shadow.h>
+#endif
+
+#include "../config.h"
+
+#include "crypt.h"
+
+
+#if !defined(__USE_SVID) && !defined(__USE_MISC) && !defined(__USE_XOPEN_EXTENDED)
+#define endpwent() /* do nothing */
+#endif
+
+
+/**
+ * Function that can be used to read a passphrase from the terminal
+ */
+static char* (*passphrase_reader)(void) = NULL;
+
+/**
+ * The username of the user to log in to
+ */
+static char* login_username;
+
+
+
+/**
+ * Initialise crypt authentication module
+ *
+ * @param remote The remote computer, {@code NULL} for local login
+ * @param username The username of the user to log in to
+ * @param reader Function that can be used to read a passphrase from the terminal
+ */
+void initialise_crypt(char* remote, char* username, char* (*reader)(void))
+{
+ (void) remote;
+
+ login_username = username;
+ passphrase_reader = reader;
+}
+
+
+/**
+ * Perform token authentication
+ *
+ * @return Whether the user got automatically authenticated
+ */
+char authenticate_crypt(void)
+{
+#ifdef HAVE_SHADOW
+ struct spwd* shadow_entry = NULL;
+#endif
+ struct passwd* passwd_entry = NULL;
+ char* crypted;
+ char* entered;
+
+#ifdef HAVE_SHADOW
+ shadow_entry = getspnam(login_username);
+ endspent();
+
+ if (shadow_entry)
+ crypted = shadow_entry->sp_pwdp;
+ else
+ {
+#endif
+ passwd_entry = getpwnam(login_username);
+ if (passwd_entry)
+ crypted = passwd_entry->pw_passwd;
+ else
+ {
+ perror("getpwnam");
+ endpwent();
+ sleep(ERROR_SLEEP);
+ _exit(1);
+ }
+ endpwent();
+#ifdef HAVE_SHADOW
+ }
+#endif
+
+ if (!(crypted && *crypted)) /* empty means that no passphrase is required (not even Enter) */
+ return 1;
+
+ entered = crypt(passphrase_reader(), crypted /* salt argument stops parsing when encrypted begins */);
+ if (entered && !strcmp(entered, crypted))
+ return 0;
+
+ printf("Incorrect passphrase\n");
+ sleep(FAILURE_SLEEP);
+ _exit(1);
+}
+
diff --git a/src/auth/crypt.h b/src/auth/crypt.h
new file mode 100644
index 0000000..e75c5b5
--- /dev/null
+++ b/src/auth/crypt.h
@@ -0,0 +1,41 @@
+/**
+ * cerberus – Minimal login program
+ *
+ * Copyright © 2013 Mattias Andrée (maandree@member.fsf.org)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef __CRYPT_H__
+#define __CRYPT_H__
+
+
+/**
+ * Initialise crypt authentication module
+ *
+ * @param remote The remote computer, {@code NULL} for local login
+ * @param username The username of the user to log in to
+ * @param reader Function that can be used to read a passphrase from the terminal
+ */
+void initialise_crypt(char* remote, char* username, char* (*reader)(void));
+
+/**
+ * Perform token authentication
+ *
+ * @return Whether the user got automatically authenticated
+ */
+char authenticate_crypt(void);
+
+
+#endif
+
diff --git a/src/cerberus.c b/src/cerberus.c
index e52a48f..c555a2b 100644
--- a/src/cerberus.c
+++ b/src/cerberus.c
@@ -196,6 +196,7 @@ void do_login(int argc, char** argv)
#ifdef USE_TTY_GROUP
if ((group = getgrnam(TTY_GROUP)))
tty_group = group->gr_gid;
+ endgrent();
#endif
secure_tty(tty_group);
@@ -223,6 +224,7 @@ void do_login(int argc, char** argv)
sleep(ERROR_SLEEP);
_exit(1);
}
+ endpwent();
username = entry->pw_name;