From a255387998be1c1ea4f2bc702c4b750ffa8b0279 Mon Sep 17 00:00:00 2001
From: Mattias Andrée <maandree@operamail.com>
Date: Wed, 20 Nov 2013 01:02:35 +0100
Subject: beginning of pam use
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Mattias Andrée <maandree@operamail.com>
---
 Makefile       |  2 +-
 src/cerberus.h |  2 +-
 src/pam.c      | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 src/pam.h      | 33 +++++++++++++++++++++++++
 4 files changed, 112 insertions(+), 2 deletions(-)
 create mode 100644 src/pam.c
 create mode 100644 src/pam.h

diff --git a/Makefile b/Makefile
index 6e73c52..fa598e7 100644
--- a/Makefile
+++ b/Makefile
@@ -43,7 +43,7 @@ CFLAGS = -std=gnu99 -Wall -Wextra
 CC_FLAGS = $(CPPFLAGS) $(CFLAGS) $(OPTIMISE)
 LD_FLAGS = $(LDFLAGS) $(CFLAGS) $(OPTIMISE)
 
-SRC = cerberus passphrase quit security login
+SRC = cerberus passphrase quit security login pam
 OBJ = $(foreach S, $(SRC), obj/$(S).o)
 
 
diff --git a/src/cerberus.h b/src/cerberus.h
index a2df554..695d64c 100644
--- a/src/cerberus.h
+++ b/src/cerberus.h
@@ -39,7 +39,7 @@
 #include "quit.h"
 #include "login.h"
 #include "security.h"
-#include "login.h"
+#include "parm.h"
 
 
 #ifndef USE_TTY_GROUP
diff --git a/src/pam.c b/src/pam.c
new file mode 100644
index 0000000..d876d9c
--- /dev/null
+++ b/src/pam.c
@@ -0,0 +1,77 @@
+/**
+ * cerberus – Minimal login program
+ * 
+ * Copyright © 2013  Mattias Andrée (maandree@member.fsf.org)
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+#include <stdio.h>
+#include <unistd.h>
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+#include "config.h"
+
+#include "pam.h"
+
+
+/**
+ * The PAM handle
+ */
+static pam_handle_t* handle = NULL;
+
+/**
+ * The PAM convention
+ */
+static struct pam_conv conv = { misc_conv, NULL };
+
+
+/**
+ * Exit if a PAM instruction failed
+ * 
+ * @param  rc  What the PAM instruction return
+ */
+static void do_pam(int rc)
+{
+  if (rc != PAM_SUCCESS)
+    {
+      const char* msg = pam_strerror(handle, rc);
+      if (msg)
+	fprintf(stderr, "%s\n", msg);
+      pam_end(handle, rc);
+      sleep(ERROR_SLEEP);
+      _exit(1);
+    }
+}
+
+
+/**
+ * Initialise PAM
+ * 
+ * @param  remote    The remote computer, {@code NULL} for local login
+ * @param  username  The username of the user to log in to
+ */
+void initialise_pam(char* remote, char* username)
+{
+  if (pam_start(remote ? "remote" : "local", username, &conv, &handle) != PAM_SUCCESS)
+    {
+      fprintf(stderr, "Cannot initialise PAM\n");
+      sleep(ERROR_SLEEP);
+      _exit(1);
+    }
+  
+  do_pam(pam_set_item(handle, PAM_RHOST, remote ?: "localhost"));
+  do_pam(pam_set_item(handle, PAM_TTY, ttyname(STDIN_FILENO) ?: "(none)");
+}
+
diff --git a/src/pam.h b/src/pam.h
new file mode 100644
index 0000000..791aa07
--- /dev/null
+++ b/src/pam.h
@@ -0,0 +1,33 @@
+/**
+ * cerberus – Minimal login program
+ * 
+ * Copyright © 2013  Mattias Andrée (maandree@member.fsf.org)
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef __PAM_H__
+#define __PAM_H__
+
+
+/**
+ * Initialise PAM
+ * 
+ * @param  remote    The remote computer, {@code NULL} for local login
+ * @param  username  The username of the user to log in to
+ */
+void initialise_pam(char* remote, char* username);
+
+
+#endif
+
-- 
cgit v1.2.3-70-g09d2