sites

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs

commit aebd67d0981097aae950b7beb99e2472920e8460
parent ae456acdbd5af8a9dc22f6647e98e1746b3a825c
Author: Jan Christoph Ebersbach <jceb@e-jc.de>
Date:   Fri,  9 Sep 2016 22:01:54 +0200

Update pam_auth patch

Diffstat:
Mtools.suckless.org/slock/patches/pam_auth.md | 1+
Atools.suckless.org/slock/patches/slock-pam_auth-20160909-a7619f7.diff | 158+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 159 insertions(+), 0 deletions(-)

diff --git a/tools.suckless.org/slock/patches/pam_auth.md b/tools.suckless.org/slock/patches/pam_auth.md @@ -12,6 +12,7 @@ service. The default configuration is for ArchLinux's `login` service. Download -------- +* [slock-pam_auth-20160909-a7619f7.diff](slock-pam_auth-20160909-a7619f7.diff) * [slock-pam_auth.diff](slock-pam_auth.diff) Authors diff --git a/tools.suckless.org/slock/patches/slock-pam_auth-20160909-a7619f7.diff b/tools.suckless.org/slock/patches/slock-pam_auth-20160909-a7619f7.diff @@ -0,0 +1,158 @@ +Author: Jan Christoph Ebersbach <jceb@e-jc.de> +URL: http://tools.suckless.org/slock/patches/pam_auth +Replaces shadow support with PAM authentication support. + +Change variable `pam_service` in `config.def.h` to the corresponding PAM +service. The default configuration is for ArchLinux's `login` service. + +Index: slock-patches/slock/config.def.h +=================================================================== +--- slock-patches.orig/slock/config.def.h ++++ slock-patches/slock/config.def.h +@@ -6,7 +6,11 @@ static const char *colorname[NUMCOLS] = + "black", /* after initialization */ + "#005577", /* during input */ + "#CC3333", /* wrong password */ ++ "#9400D3", /* waiting for PAM */ + }; + + /* treat a cleared input like a wrong password */ + static const int failonclear = 1; ++ ++/* PAM service that's used for authentication */ ++static const char* pam_service = "login"; +Index: slock-patches/slock/config.mk +=================================================================== +--- slock-patches.orig/slock/config.mk ++++ slock-patches/slock/config.mk +@@ -12,7 +12,7 @@ X11LIB = /usr/X11R6/lib + + # includes and libs + INCS = -I. -I/usr/include -I${X11INC} +-LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr ++LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr -lpam + + # flags + CPPFLAGS = -DVERSION=\"${VERSION}\" -D_DEFAULT_SOURCE -DHAVE_SHADOW_H +Index: slock-patches/slock/slock.c +=================================================================== +--- slock-patches.orig/slock/slock.c ++++ slock-patches/slock/slock.c +@@ -18,6 +18,8 @@ + #include <X11/keysym.h> + #include <X11/Xlib.h> + #include <X11/Xutil.h> ++#include <security/pam_appl.h> ++#include <security/pam_misc.h> + + #include "arg.h" + #include "util.h" +@@ -28,6 +30,7 @@ enum { + INIT, + INPUT, + FAILED, ++ PAM, + NUMCOLS + }; + +@@ -40,6 +43,9 @@ typedef struct { + unsigned long colors[NUMCOLS]; + } Lock; + ++static int pam_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); ++struct pam_conv pamc = {pam_conv, NULL}; ++char passwd[256]; + static Lock **locks; + static int nscreens; + static Bool rr; +@@ -119,18 +125,46 @@ getpw(void) + } + #endif /* HAVE_SHADOW_H */ + ++ /* pam, store user name */ ++ rval = pw->pw_name; + return rval; + } + ++static int ++pam_conv(int num_msg, const struct pam_message **msg, ++ struct pam_response **resp, void *appdata_ptr) ++{ ++ int retval = PAM_CONV_ERR; ++ for(int i=0; i<num_msg; i++) { ++ if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF && ++ strncmp(msg[i]->msg, "Password: ", 10) == 0) { ++ struct pam_response *resp_msg = malloc(sizeof(struct pam_response)); ++ if (!resp_msg) ++ die("malloc failed"); ++ char *password = malloc(strlen(passwd) + 1); ++ if (!password) ++ die("malloc failed"); ++ memset(password, 0, strlen(passwd) + 1); ++ strcpy(password, passwd); ++ resp_msg->resp_retcode = 0; ++ resp_msg->resp = password; ++ resp[i] = resp_msg; ++ retval = PAM_SUCCESS; ++ } ++ } ++ return retval; ++} ++ + static void + readpw(Display *dpy, const char *pws) + { +- char buf[32], passwd[256], *encrypted; +- int num, screen, running, failure; ++ char buf[32]; ++ int num, screen, running, failure, retval; + unsigned int len, color; + KeySym ksym; + XEvent ev; + static int oldc = INIT; ++ pam_handle_t *pamh; + + len = 0; + running = 1; +@@ -159,11 +193,26 @@ readpw(Display *dpy, const char *pws) + switch (ksym) { + case XK_Return: + passwd[len] = 0; +- errno = 0; +- if (!(encrypted = crypt(passwd, pws))) +- fprintf(stderr, "slock: crypt: %s\n", strerror(errno)); ++ retval = pam_start(pam_service, pws, &pamc, &pamh); ++ color = PAM; ++ for (screen = 0; screen < nscreens; screen++) { ++ XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[color]); ++ XClearWindow(dpy, locks[screen]->win); ++ XRaiseWindow(dpy, locks[screen]->win); ++ } ++ XSync(dpy, False); ++ ++ if (retval == PAM_SUCCESS) ++ retval = pam_authenticate(pamh, 0); ++ if (retval == PAM_SUCCESS) ++ retval = pam_acct_mgmt(pamh, 0); ++ ++ running = 1; ++ if (retval == PAM_SUCCESS) ++ running = 0; + else +- running = !!strcmp(encrypted, pws); ++ fprintf(stderr, "slock: %s\n", pam_strerror(pamh, retval)); ++ pam_end(pamh, retval); + if (running) { + XBell(dpy, 100); + failure = True; +@@ -344,9 +393,8 @@ main(int argc, char **argv) { + dontkillme(); + #endif + ++ /* the contents of pws are used to transport the current user name */ + pws = getpw(); +- if (strlen(pws) < 2) +- die("slock: failed to get user password hash.\n"); + + if (!(dpy = XOpenDisplay(NULL))) + die("slock: cannot open display\n");