diff options
| author | Quentin Rameau <quinq@fifth.space> | 2016-09-07 13:02:42 +0200 |
|---|---|---|
| committer | Markus Teich <markus.teich@stusta.mhn.de> | 2016-09-07 13:10:25 +0200 |
| commit | 04143fd68dbc656905714eff5c208fadb3464e25 (patch) | |
| tree | fb712237b8079b4a40c1e742935fad3dc519b98a | |
| parent | 9698224090ff2989659717815bfa076d5d436a70 (diff) | |
Unify how we check passwords between different OSes
| -rw-r--r-- | config.mk | 9 | ||||
| -rw-r--r-- | slock.c | 47 |
2 files changed, 15 insertions, 41 deletions
| @@ -20,16 +20,11 @@ CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS} | |||
| 20 | LDFLAGS = -s ${LIBS} | 20 | LDFLAGS = -s ${LIBS} |
| 21 | COMPATSRC = explicit_bzero.c | 21 | COMPATSRC = explicit_bzero.c |
| 22 | 22 | ||
| 23 | # On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH | 23 | # On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS |
| 24 | # On OpenBSD and Darwin remove -lcrypt from LIBS | 24 | # On OpenBSD and Darwin remove -lcrypt from LIBS |
| 25 | #LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr | 25 | #LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr |
| 26 | #CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE | 26 | #CPPFLAGS = -DVERSION=\"${VERSION}\" -D_BSD_SOURCE |
| 27 | #COMPATSRC = | 27 | #COMPATSRC = |
| 28 | 28 | ||
| 29 | # compiler and linker | 29 | # compiler and linker |
| 30 | CC = cc | 30 | CC = cc |
| 31 | |||
| 32 | # Install mode. On BSD systems MODE=2755 and GROUP=auth | ||
| 33 | # On others MODE=4755 and GROUP=root | ||
| 34 | #MODE=2755 | ||
| 35 | #GROUP=auth | ||
| @@ -18,11 +18,6 @@ | |||
| 18 | #include <X11/Xlib.h> | 18 | #include <X11/Xlib.h> |
| 19 | #include <X11/Xutil.h> | 19 | #include <X11/Xutil.h> |
| 20 | 20 | ||
| 21 | #if HAVE_BSD_AUTH | ||
| 22 | #include <login_cap.h> | ||
| 23 | #include <bsd_auth.h> | ||
| 24 | #endif | ||
| 25 | |||
| 26 | #include "arg.h" | 21 | #include "arg.h" |
| 27 | #include "util.h" | 22 | #include "util.h" |
| 28 | 23 | ||
| @@ -88,7 +83,6 @@ dontkillme(void) | |||
| 88 | } | 83 | } |
| 89 | #endif | 84 | #endif |
| 90 | 85 | ||
| 91 | #ifndef HAVE_BSD_AUTH | ||
| 92 | /* only run as root */ | 86 | /* only run as root */ |
| 93 | static const char * | 87 | static const char * |
| 94 | getpw(void) | 88 | getpw(void) |
| @@ -96,6 +90,7 @@ getpw(void) | |||
| 96 | const char *rval; | 90 | const char *rval; |
| 97 | struct passwd *pw; | 91 | struct passwd *pw; |
| 98 | 92 | ||
| 93 | /* Check if the current user has a password entry */ | ||
| 99 | errno = 0; | 94 | errno = 0; |
| 100 | if (!(pw = getpwuid(getuid()))) { | 95 | if (!(pw = getpwuid(getuid()))) { |
| 101 | if (errno) | 96 | if (errno) |
| @@ -109,10 +104,20 @@ getpw(void) | |||
| 109 | if (rval[0] == 'x' && rval[1] == '\0') { | 104 | if (rval[0] == 'x' && rval[1] == '\0') { |
| 110 | struct spwd *sp; | 105 | struct spwd *sp; |
| 111 | if (!(sp = getspnam(getenv("USER")))) | 106 | if (!(sp = getspnam(getenv("USER")))) |
| 112 | die("slock: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); | 107 | die("slock: getspnam: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); |
| 113 | rval = sp->sp_pwdp; | 108 | rval = sp->sp_pwdp; |
| 114 | } | 109 | } |
| 115 | #endif | 110 | #else |
| 111 | if (rval[0] == '*' && rval[1] == '\0') { | ||
| 112 | #ifdef __OpenBSD__ | ||
| 113 | if (!(pw = getpwnam_shadow(getenv("USER")))) | ||
| 114 | die("slock: getpwnam_shadow: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); | ||
| 115 | rval = pw->pw_passwd; | ||
| 116 | #else | ||
| 117 | die("slock: getpwuid: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); | ||
| 118 | #endif /* __OpenBSD__ */ | ||
| 119 | } | ||
| 120 | #endif /* HAVE_SHADOW_H */ | ||
| 116 | 121 | ||
| 117 | /* drop privileges */ | 122 | /* drop privileges */ |
| 118 | if (geteuid() == 0 && | 123 | if (geteuid() == 0 && |
| @@ -120,14 +125,9 @@ getpw(void) | |||
| 120 | die("slock: cannot drop privileges\n"); | 125 | die("slock: cannot drop privileges\n"); |
| 121 | return rval; | 126 | return rval; |
| 122 | } | 127 | } |
| 123 | #endif | ||
| 124 | 128 | ||
| 125 | static void | 129 | static void |
| 126 | #ifdef HAVE_BSD_AUTH | ||
| 127 | readpw(Display *dpy) | ||
| 128 | #else | ||
| 129 | readpw(Display *dpy, const char *pws) | 130 | readpw(Display *dpy, const char *pws) |
| 130 | #endif | ||
| 131 | { | 131 | { |
| 132 | char buf[32], passwd[256], *encrypted; | 132 | char buf[32], passwd[256], *encrypted; |
| 133 | int num, screen, running, failure; | 133 | int num, screen, running, failure; |
| @@ -163,15 +163,11 @@ readpw(Display *dpy, const char *pws) | |||
| 163 | switch (ksym) { | 163 | switch (ksym) { |
| 164 | case XK_Return: | 164 | case XK_Return: |
| 165 | passwd[len] = 0; | 165 | passwd[len] = 0; |
| 166 | #ifdef HAVE_BSD_AUTH | ||
| 167 | running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd); | ||
| 168 | #else | ||
| 169 | errno = 0; | 166 | errno = 0; |
| 170 | if (!(encrypted = crypt(passwd, pws))) | 167 | if (!(encrypted = crypt(passwd, pws))) |
| 171 | fprintf(stderr, "slock: crypt: %s\n", strerror(errno)); | 168 | fprintf(stderr, "slock: crypt: %s\n", strerror(errno)); |
| 172 | else | 169 | else |
| 173 | running = !!strcmp(encrypted, pws); | 170 | running = !!strcmp(encrypted, pws); |
| 174 | #endif | ||
| 175 | if (running) { | 171 | if (running) { |
| 176 | XBell(dpy, 100); | 172 | XBell(dpy, 100); |
| 177 | failure = True; | 173 | failure = True; |
| @@ -320,9 +316,7 @@ usage(void) | |||
| 320 | 316 | ||
| 321 | int | 317 | int |
| 322 | main(int argc, char **argv) { | 318 | main(int argc, char **argv) { |
| 323 | #ifndef HAVE_BSD_AUTH | ||
| 324 | const char *pws; | 319 | const char *pws; |
| 325 | #endif | ||
| 326 | Display *dpy; | 320 | Display *dpy; |
| 327 | int s, nlocks; | 321 | int s, nlocks; |
| 328 | 322 | ||
| @@ -338,20 +332,9 @@ main(int argc, char **argv) { | |||
| 338 | dontkillme(); | 332 | dontkillme(); |
| 339 | #endif | 333 | #endif |
| 340 | 334 | ||
| 341 | /* Check if the current user has a password entry */ | ||
| 342 | errno = 0; | ||
| 343 | if (!getpwuid(getuid())) { | ||
| 344 | if (errno == 0) | ||
| 345 | die("slock: no password entry for current user\n"); | ||
| 346 | else | ||
| 347 | die("slock: getpwuid: %s\n", strerror(errno)); | ||
| 348 | } | ||
| 349 | |||
| 350 | #ifndef HAVE_BSD_AUTH | ||
| 351 | pws = getpw(); | 335 | pws = getpw(); |
| 352 | if (strlen(pws) < 2) | 336 | if (strlen(pws) < 2) |
| 353 | die("slock: failed to get user password hash.\n"); | 337 | die("slock: failed to get user password hash.\n"); |
| 354 | #endif | ||
| 355 | 338 | ||
| 356 | if (!(dpy = XOpenDisplay(NULL))) | 339 | if (!(dpy = XOpenDisplay(NULL))) |
| 357 | die("slock: cannot open display\n"); | 340 | die("slock: cannot open display\n"); |
| @@ -396,11 +379,7 @@ main(int argc, char **argv) { | |||
| 396 | } | 379 | } |
| 397 | 380 | ||
| 398 | /* everything is now blank. Wait for the correct password */ | 381 | /* everything is now blank. Wait for the correct password */ |
| 399 | #ifdef HAVE_BSD_AUTH | ||
| 400 | readpw(dpy); | ||
| 401 | #else | ||
| 402 | readpw(dpy, pws); | 382 | readpw(dpy, pws); |
| 403 | #endif | ||
| 404 | 383 | ||
| 405 | /* password ok, unlock everything and quit */ | 384 | /* password ok, unlock everything and quit */ |
| 406 | cleanup(dpy); | 385 | cleanup(dpy); |