blob: 27238e2c1684c7ead3cd4b9437ec6abc9e1b866f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
/**
* cerberus – Minimal login program
*
* Copyright © 2013 Mattias Andrée (maandree@member.fsf.org)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef NO_SHADOW
# ifndef HAVE_SHADOW
# define HAVE_SHADOW
# endif
#endif
#define _XOPEN_SOURCE
#include <unistd.h>
#include <stdio.h>
#include <sys/types.h>
#include <pwd.h>
#include <string.h>
#ifdef HAVE_SHADOW
#include <shadow.h>
#endif
#include "../config.h"
#include "crypt.h"
#if !defined(__USE_SVID) && !defined(__USE_MISC) && !defined(__USE_XOPEN_EXTENDED)
#define endpwent() /* do nothing */
#endif
/**
* Function that can be used to read a passphrase from the terminal
*/
static char* (*passphrase_reader)(void) = NULL;
/**
* The username of the user to log in to
*/
static char* login_username;
/**
* Initialise crypt authentication module
*
* @param remote The remote computer, {@code NULL} for local login
* @param username The username of the user to log in to
* @param reader Function that can be used to read a passphrase from the terminal
*/
void initialise_crypt(char* remote, char* username, char* (*reader)(void))
{
(void) remote;
login_username = username;
passphrase_reader = reader;
}
/**
* Perform token authentication
*
* @return Whether the user got automatically authenticated
*/
char authenticate_crypt(void)
{
#ifdef HAVE_SHADOW
struct spwd* shadow_entry = NULL;
#endif
struct passwd* passwd_entry = NULL;
char* crypted;
char* entered;
#ifdef HAVE_SHADOW
shadow_entry = getspnam(login_username);
endspent();
if (shadow_entry)
crypted = shadow_entry->sp_pwdp;
else
{
#endif
passwd_entry = getpwnam(login_username);
if (passwd_entry)
crypted = passwd_entry->pw_passwd;
else
{
perror("getpwnam");
endpwent();
sleep(ERROR_SLEEP);
_exit(1);
}
endpwent();
#ifdef HAVE_SHADOW
}
#endif
if (!(crypted && *crypted)) /* empty means that no passphrase is required (not even Enter) */
return 1;
entered = crypt(passphrase_reader(), crypted /* salt argument stops parsing when encrypted begins */);
if (entered && !strcmp(entered, crypted))
return 0;
printf("Incorrect passphrase\n");
sleep(FAILURE_SLEEP);
_exit(1);
}
|
