commit 4ea6b449eae7d8ccae420e8992638f3d83bd24af
parent 64ec7dc4002bd3fcd25eeefd7bdc72f1b1ac7803
Author: Jan Christoph Ebersbach <jceb@e-jc.de>
Date: Wed, 26 Oct 2016 20:11:58 +0200
Update pam_auth patch
Diffstat:
2 files changed, 162 insertions(+), 0 deletions(-)
diff --git a/tools.suckless.org/slock/patches/pam_auth.md b/tools.suckless.org/slock/patches/pam_auth.md
@@ -12,6 +12,7 @@ service. The default configuration is for ArchLinux's `login` service.
Download
--------
+* [slock-pam_auth-20161026-5974695.diff](slock-pam_auth-20161026-5974695.diff)
* [slock-pam_auth-20160909-a7619f7.diff](slock-pam_auth-20160909-a7619f7.diff)
* [slock-pam_auth.diff](slock-pam_auth.diff)
diff --git a/tools.suckless.org/slock/patches/slock-pam_auth-20161026-5974695.diff b/tools.suckless.org/slock/patches/slock-pam_auth-20161026-5974695.diff
@@ -0,0 +1,161 @@
+Author: Jan Christoph Ebersbach <jceb@e-jc.de>
+URL: http://tools.suckless.org/slock/patches/pam_auth
+Replaces shadow support with PAM authentication support.
+
+Change variable `pam_service` in `config.def.h` to the corresponding PAM
+service. The default configuration is for ArchLinux's `login` service.
+
+Index: slock-patches/slock/config.def.h
+===================================================================
+--- slock-patches.orig/slock/config.def.h
++++ slock-patches/slock/config.def.h
+@@ -6,7 +6,11 @@ static const char *colorname[NUMCOLS] =
+ "black", /* after initialization */
+ "#005577", /* during input */
+ "#CC3333", /* wrong password */
++ "#9400D3", /* waiting for PAM */
+ };
+
+ /* treat a cleared input like a wrong password */
+ static const int failonclear = 1;
++
++/* PAM service that's used for authentication */
++static const char* pam_service = "login";
+Index: slock-patches/slock/config.mk
+===================================================================
+--- slock-patches.orig/slock/config.mk
++++ slock-patches/slock/config.mk
+@@ -12,7 +12,7 @@ X11LIB = /usr/X11R6/lib
+
+ # includes and libs
+ INCS = -I. -I/usr/include -I${X11INC}
+-LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr
++LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr -lpam
+
+ # flags
+ CPPFLAGS = -DVERSION=\"${VERSION}\" -D_DEFAULT_SOURCE -DHAVE_SHADOW_H
+Index: slock-patches/slock/slock.c
+===================================================================
+--- slock-patches.orig/slock/slock.c
++++ slock-patches/slock/slock.c
+@@ -18,16 +18,22 @@
+ #include <X11/keysym.h>
+ #include <X11/Xlib.h>
+ #include <X11/Xutil.h>
++#include <security/pam_appl.h>
++#include <security/pam_misc.h>
+
+ #include "arg.h"
+ #include "util.h"
+
+ char *argv0;
++static int pam_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr);
++struct pam_conv pamc = {pam_conv, NULL};
++char passwd[256];
+
+ enum {
+ INIT,
+ INPUT,
+ FAILED,
++ PAM,
+ NUMCOLS
+ };
+
+@@ -57,6 +63,31 @@ die(const char *errstr, ...)
+ exit(1);
+ }
+
++static int
++pam_conv(int num_msg, const struct pam_message **msg,
++ struct pam_response **resp, void *appdata_ptr)
++{
++ int retval = PAM_CONV_ERR;
++ for(int i=0; i<num_msg; i++) {
++ if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF &&
++ strncmp(msg[i]->msg, "Password: ", 10) == 0) {
++ struct pam_response *resp_msg = malloc(sizeof(struct pam_response));
++ if (!resp_msg)
++ die("malloc failed\n");
++ char *password = malloc(strlen(passwd) + 1);
++ if (!password)
++ die("malloc failed\n");
++ memset(password, 0, strlen(passwd) + 1);
++ strcpy(password, passwd);
++ resp_msg->resp_retcode = 0;
++ resp_msg->resp = password;
++ resp[i] = resp_msg;
++ retval = PAM_SUCCESS;
++ }
++ }
++ return retval;
++}
++
+ #ifdef __linux__
+ #include <fcntl.h>
+ #include <linux/oom.h>
+@@ -121,6 +152,8 @@ gethash(void)
+ }
+ #endif /* HAVE_SHADOW_H */
+
++ /* pam, store user name */
++ hash = pw->pw_name;
+ return hash;
+ }
+
+@@ -129,11 +162,12 @@ readpw(Display *dpy, struct xrandr *rr,
+ const char *hash)
+ {
+ XRRScreenChangeNotifyEvent *rre;
+- char buf[32], passwd[256], *inputhash;
+- int num, screen, running, failure, oldc;
++ char buf[32];
++ int num, screen, running, failure, oldc, retval;
+ unsigned int len, color;
+ KeySym ksym;
+ XEvent ev;
++ pam_handle_t *pamh;
+
+ len = 0;
+ running = 1;
+@@ -160,10 +194,26 @@ readpw(Display *dpy, struct xrandr *rr,
+ case XK_Return:
+ passwd[len] = '\0';
+ errno = 0;
+- if (!(inputhash = crypt(passwd, hash)))
+- fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
++ retval = pam_start(pam_service, hash, &pamc, &pamh);
++ color = PAM;
++ for (screen = 0; screen < nscreens; screen++) {
++ XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[color]);
++ XClearWindow(dpy, locks[screen]->win);
++ XRaiseWindow(dpy, locks[screen]->win);
++ }
++ XSync(dpy, False);
++
++ if (retval == PAM_SUCCESS)
++ retval = pam_authenticate(pamh, 0);
++ if (retval == PAM_SUCCESS)
++ retval = pam_acct_mgmt(pamh, 0);
++
++ running = 1;
++ if (retval == PAM_SUCCESS)
++ running = 0;
+ else
+- running = !!strcmp(inputhash, hash);
++ fprintf(stderr, "slock: %s\n", pam_strerror(pamh, retval));
++ pam_end(pamh, retval);
+ if (running) {
+ XBell(dpy, 100);
+ failure = 1;
+@@ -331,10 +381,9 @@ main(int argc, char **argv) {
+ dontkillme();
+ #endif
+
++ /* the contents of hash are used to transport the current user name */
+ hash = gethash();
+ errno = 0;
+- if (!crypt("", hash))
+- die("slock: crypt: %s\n", strerror(errno));
+
+ if (!(dpy = XOpenDisplay(NULL)))
+ die("slock: cannot open display\n");