diff options
Diffstat (limited to 'platforms/linux/xorg/slock/slock-pam_auth-20190207-35633d4.diff')
| -rw-r--r-- | platforms/linux/xorg/slock/slock-pam_auth-20190207-35633d4.diff | 154 |
1 files changed, 0 insertions, 154 deletions
diff --git a/platforms/linux/xorg/slock/slock-pam_auth-20190207-35633d4.diff b/platforms/linux/xorg/slock/slock-pam_auth-20190207-35633d4.diff deleted file mode 100644 index 34b12af..0000000 --- a/platforms/linux/xorg/slock/slock-pam_auth-20190207-35633d4.diff +++ /dev/null @@ -1,154 +0,0 @@ -diff --git a/config.def.h b/config.def.h -index 9855e21..19e7f62 100644 ---- a/config.def.h -+++ b/config.def.h -@@ -6,7 +6,11 @@ static const char *colorname[NUMCOLS] = { - [INIT] = "black", /* after initialization */ - [INPUT] = "#005577", /* during input */ - [FAILED] = "#CC3333", /* wrong password */ -+ [PAM] = "#9400D3", /* waiting for PAM */ - }; - - /* treat a cleared input like a wrong password (color) */ - static const int failonclear = 1; -+ -+/* PAM service that's used for authentication */ -+static const char* pam_service = "u2f"; -diff --git a/config.mk b/config.mk -index 74429ae..6e82074 100644 ---- a/config.mk -+++ b/config.mk -@@ -12,7 +12,7 @@ X11LIB = /usr/X11R6/lib - - # includes and libs - INCS = -I. -I/usr/include -I${X11INC} --LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr -+LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr -lpam - - # flags - CPPFLAGS = -DVERSION=\"${VERSION}\" -D_DEFAULT_SOURCE -DHAVE_SHADOW_H -diff --git a/slock.c b/slock.c -index 5ae738c..3a8da42 100644 ---- a/slock.c -+++ b/slock.c -@@ -18,16 +18,22 @@ - #include <X11/keysym.h> - #include <X11/Xlib.h> - #include <X11/Xutil.h> -+#include <security/pam_appl.h> -+#include <security/pam_misc.h> - - #include "arg.h" - #include "util.h" - - char *argv0; -+static int pam_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); -+struct pam_conv pamc = {pam_conv, NULL}; -+char passwd[256]; - - enum { - INIT, - INPUT, - FAILED, -+ PAM, - NUMCOLS - }; - -@@ -57,6 +63,31 @@ die(const char *errstr, ...) - exit(1); - } - -+static int -+pam_conv(int num_msg, const struct pam_message **msg, -+ struct pam_response **resp, void *appdata_ptr) -+{ -+ int retval = PAM_CONV_ERR; -+ for(int i=0; i<num_msg; i++) { -+ if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF && -+ strncmp(msg[i]->msg, "Password: ", 10) == 0) { -+ struct pam_response *resp_msg = malloc(sizeof(struct pam_response)); -+ if (!resp_msg) -+ die("malloc failed\n"); -+ char *password = malloc(strlen(passwd) + 1); -+ if (!password) -+ die("malloc failed\n"); -+ memset(password, 0, strlen(passwd) + 1); -+ strcpy(password, passwd); -+ resp_msg->resp_retcode = 0; -+ resp_msg->resp = password; -+ resp[i] = resp_msg; -+ retval = PAM_SUCCESS; -+ } -+ } -+ return retval; -+} -+ - #ifdef __linux__ - #include <fcntl.h> - #include <linux/oom.h> -@@ -121,6 +152,8 @@ gethash(void) - } - #endif /* HAVE_SHADOW_H */ - -+ /* pam, store user name */ -+ hash = pw->pw_name; - return hash; - } - -@@ -129,11 +162,12 @@ readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens, - const char *hash) - { - XRRScreenChangeNotifyEvent *rre; -- char buf[32], passwd[256], *inputhash; -- int num, screen, running, failure, oldc; -+ char buf[32]; -+ int num, screen, running, failure, oldc, retval; - unsigned int len, color; - KeySym ksym; - XEvent ev; -+ pam_handle_t *pamh; - - len = 0; - running = 1; -@@ -160,10 +194,26 @@ readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens, - case XK_Return: - passwd[len] = '\0'; - errno = 0; -- if (!(inputhash = crypt(passwd, hash))) -- fprintf(stderr, "slock: crypt: %s\n", strerror(errno)); -+ retval = pam_start(pam_service, hash, &pamc, &pamh); -+ color = PAM; -+ for (screen = 0; screen < nscreens; screen++) { -+ XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[color]); -+ XClearWindow(dpy, locks[screen]->win); -+ XRaiseWindow(dpy, locks[screen]->win); -+ } -+ XSync(dpy, False); -+ -+ if (retval == PAM_SUCCESS) -+ retval = pam_authenticate(pamh, 0); -+ if (retval == PAM_SUCCESS) -+ retval = pam_acct_mgmt(pamh, 0); -+ -+ running = 1; -+ if (retval == PAM_SUCCESS) -+ running = 0; - else -- running = !!strcmp(inputhash, hash); -+ fprintf(stderr, "slock: %s\n", pam_strerror(pamh, retval)); -+ pam_end(pamh, retval); - if (running) { - XBell(dpy, 100); - failure = 1; -@@ -339,10 +389,9 @@ main(int argc, char **argv) { - dontkillme(); - #endif - -+ /* the contents of hash are used to transport the current user name */ - hash = gethash(); - errno = 0; -- if (!crypt("", hash)) -- die("slock: crypt: %s\n", strerror(errno)); - - if (!(dpy = XOpenDisplay(NULL))) - die("slock: cannot open display\n"); |