Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.2:Update
i3lock
i3lock-2.5-use-unix2_chkpwd.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File i3lock-2.5-use-unix2_chkpwd.diff of Package i3lock
Author: Stefan Seyfried <seife+obs@b1-systems.com> Date: Sat Feb 15 14:20:27 2014 +0100 add the option to use unix2_chkpwd instead of needing setgid shadow diff --git a/Makefile b/Makefile index 2633bef..27a471b 100644 --- a/Makefile +++ b/Makefile @@ -13,7 +13,11 @@ CPPFLAGS += -D_GNU_SOURCE CFLAGS += $(shell pkg-config --cflags cairo xcb-dpms xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11) LIBS += $(shell pkg-config --libs cairo xcb-dpms xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11) +ifeq ($(USE_UNIX2_CHKPWD),1) +CFLAGS += -DUSE_UNIX2_CHKPWD=1 +else LIBS += -lpam +endif LIBS += -lev LIBS += -lm diff --git a/i3lock.c b/i3lock.c index 5a87999..70842c6 100644 --- a/i3lock.c +++ b/i3lock.c @@ -17,7 +17,9 @@ #include <xcb/dpms.h> #include <err.h> #include <assert.h> +#ifndef USE_UNIX2_CHKPWD #include <security/pam_appl.h> +#endif #include <getopt.h> #include <string.h> #include <ev.h> @@ -28,6 +30,13 @@ #include <cairo.h> #include <cairo/cairo-xcb.h> +#ifdef USE_UNIX2_CHKPWD +#include <sys/types.h> +#include <sys/wait.h> +#include <pwd.h> +#include <errno.h> +#endif + #include "i3lock.h" #include "xcb.h" #include "cursors.h" @@ -40,7 +49,9 @@ char color[7] = "ffffff"; uint32_t last_resolution[2]; xcb_window_t win; static xcb_cursor_t cursor; +#ifndef USE_UNIX2_CHKPWD static pam_handle_t *pam_handle; +#endif int input_position = 0; /* Holds the password you enter (in UTF-8). */ static char password[512]; @@ -226,6 +228,62 @@ pam_state = STATE_PAM_VERIFY; redraw_screen(); +#ifdef USE_UNIX2_CHKPWD + struct passwd *pw; + + pw = getpwuid(getuid()); + if (! pw) + perror("i3lock: getpwuid() failed"); + else { + int pfd[2], status; + pid_t pid; + + if (pipe(pfd) < 0) { + perror("i3lock: pipe() failed"); + goto auth_failed; + } + + if ((pid = fork()) < 0) { + perror("i3lock: fork() failed"); + close(pfd[0]); + close(pfd[1]); + goto auth_failed; + } + + if (pid == 0) { + close(pfd[1]); + if (pfd[0] != 0) + dup2(pfd[0], 0); + + /* Helper is invoked as helper service-name [user] */ + printf("calling '/sbin/unix2_chkpwd i3lock %s'\n", pw->pw_name); + execlp("/sbin/unix2_chkpwd", "/sbin/unix2_chkpwd", "i3lock", pw->pw_name, NULL); + perror("i3lock: execlp(/sbin/unix2_chkpwd)"); + exit(1); + } + + close(pfd[0]); + /* Write out password to helper process */ + write(pfd[1], password, strlen(password)); + close(pfd[1]); + + while (waitpid(pid, &status, 0) < 0) { + if (errno == EINTR) + continue; + perror("i3lock: waitpid() failed"); + goto auth_failed; + } + + if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) + goto auth_failed; + endpwent(); + DEBUG("successfully authenticated\n"); + clear_password_memory(); + exit(0); + } + auth_failed: + endpwent(); +#else if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) { DEBUG("successfully authenticated\n"); clear_password_memory(); @@ -234,7 +292,7 @@ turn_monitors_on(); exit(0); } - +#endif if (debug_mode) fprintf(stderr, "Authentication failure\n"); @@ -398,6 +466,7 @@ void handle_screen_resize(void) { redraw_screen(); } +#ifndef USE_UNIX2_CHKPWD /* * Callback function for PAM. We only react on password request callbacks. * @@ -429,6 +498,7 @@ static int conv_callback(int num_msg, const struct pam_message **msg, return 0; } +#endif /* * This callback is only a dummy, see xcb_prepare_cb and xcb_check_cb. @@ -516,8 +586,10 @@ static void xcb_check_cb(EV_P_ ev_check *w, int revents) { int main(int argc, char *argv[]) { char *username; char *image_path = NULL; +#ifndef USE_UNIX2_CHKPWD int ret; struct pam_conv conv = {conv_callback, NULL}; +#endif int curs_choice = CURS_NONE; int o; int optind = 0; @@ -597,10 +669,12 @@ int main(int argc, char *argv[]) { * the unlock indicator upon keypresses. */ srand(time(NULL)); +#ifndef USE_UNIX2_CHKPWD /* Initialize PAM */ ret = pam_start("i3lock", username, &conv, &pam_handle); if (ret != PAM_SUCCESS) errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret)); +#endif /* Using mlock() as non-super-user seems only possible in Linux. Users of other * operating systems should use encrypted swap/no swap (or remove the ifdef and
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor