aboutsummaryrefslogtreecommitdiffstats
path: root/src/cerberus.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/cerberus.c44
1 files changed, 32 insertions, 12 deletions
diff --git a/src/cerberus.c b/src/cerberus.c
index 06b83df..d18b690 100644
--- a/src/cerberus.c
+++ b/src/cerberus.c
@@ -22,13 +22,26 @@
#ifdef USE_TTY_GROUP
+/**
+ * The group ID for the `tty` group
+ */
static gid_t tty_group = 0;
#endif
+
+/**
+ * The user's entry in the password file
+ */
static struct passwd* entry;
-static pid_t child_pid;
+/**
+ * The process ID of the child process, 0 if none
+ */
+pid_t child_pid = 0;
-void do_login(int argc, char** argv);
+/**
+ * The passphrase
+ */
+char* passphrase = NULL;
/**
@@ -70,7 +83,6 @@ void do_login(int argc, char** argv)
{
char* username = NULL;
char* hostname = NULL;
- char* passphrase = NULL;
char preserve_env = 0;
char skip_auth = 0;
int ret;
@@ -202,18 +214,15 @@ void do_login(int argc, char** argv)
username = entry->pw_name;
- /* Get the passphrase, if -f has not been used */
- if (skip_auth == 0)
- {
- passphrase = get_passphrase();
- printf("\n");
- }
+
+ /* Verify passphrase or other token, if -f has not been used */
+ initialise_pam(hostname, username, read_passphrase);
+ if ((skip_auth == 0) && authenticate_pam())
+ printf("(auto-authenticated)\n");
/* Passphrase entered, turn off timeout */
alarm(0);
- /* TODO verify passphrase */
-
/* Wipe and free the passphrase from the memory */
if ((skip_auth == 0) && passphrase)
{
@@ -223,7 +232,6 @@ void do_login(int argc, char** argv)
free(passphrase);
}
-
/* Reset terminal settings */
reenable_echo();
@@ -282,3 +290,15 @@ void do_login(int argc, char** argv)
exec_shell(entry);
}
+
+/**
+ * Read passphrase from the terminal
+ *
+ * @return The entered passphrase
+ */
+char* read_passphrase(void)
+{
+ passphrase = get_passphrase();
+ return passphrase;
+}
+