sites

public wiki contents of suckless.org
git clone git://git.suckless.org/sites
Log | Files | Refs

commit 4ea6b449eae7d8ccae420e8992638f3d83bd24af
parent 64ec7dc4002bd3fcd25eeefd7bdc72f1b1ac7803
Author: Jan Christoph Ebersbach <jceb@e-jc.de>
Date:   Wed, 26 Oct 2016 20:11:58 +0200

Update pam_auth patch

Diffstat:
Mtools.suckless.org/slock/patches/pam_auth.md | 1+
Atools.suckless.org/slock/patches/slock-pam_auth-20161026-5974695.diff | 161+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 162 insertions(+), 0 deletions(-)

diff --git a/tools.suckless.org/slock/patches/pam_auth.md b/tools.suckless.org/slock/patches/pam_auth.md @@ -12,6 +12,7 @@ service. The default configuration is for ArchLinux's `login` service. Download -------- +* [slock-pam_auth-20161026-5974695.diff](slock-pam_auth-20161026-5974695.diff) * [slock-pam_auth-20160909-a7619f7.diff](slock-pam_auth-20160909-a7619f7.diff) * [slock-pam_auth.diff](slock-pam_auth.diff) diff --git a/tools.suckless.org/slock/patches/slock-pam_auth-20161026-5974695.diff b/tools.suckless.org/slock/patches/slock-pam_auth-20161026-5974695.diff @@ -0,0 +1,161 @@ +Author: Jan Christoph Ebersbach <jceb@e-jc.de> +URL: http://tools.suckless.org/slock/patches/pam_auth +Replaces shadow support with PAM authentication support. + +Change variable `pam_service` in `config.def.h` to the corresponding PAM +service. The default configuration is for ArchLinux's `login` service. + +Index: slock-patches/slock/config.def.h +=================================================================== +--- slock-patches.orig/slock/config.def.h ++++ slock-patches/slock/config.def.h +@@ -6,7 +6,11 @@ static const char *colorname[NUMCOLS] = + "black", /* after initialization */ + "#005577", /* during input */ + "#CC3333", /* wrong password */ ++ "#9400D3", /* waiting for PAM */ + }; + + /* treat a cleared input like a wrong password */ + static const int failonclear = 1; ++ ++/* PAM service that's used for authentication */ ++static const char* pam_service = "login"; +Index: slock-patches/slock/config.mk +=================================================================== +--- slock-patches.orig/slock/config.mk ++++ slock-patches/slock/config.mk +@@ -12,7 +12,7 @@ X11LIB = /usr/X11R6/lib + + # includes and libs + INCS = -I. -I/usr/include -I${X11INC} +-LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr ++LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr -lpam + + # flags + CPPFLAGS = -DVERSION=\"${VERSION}\" -D_DEFAULT_SOURCE -DHAVE_SHADOW_H +Index: slock-patches/slock/slock.c +=================================================================== +--- slock-patches.orig/slock/slock.c ++++ slock-patches/slock/slock.c +@@ -18,16 +18,22 @@ + #include <X11/keysym.h> + #include <X11/Xlib.h> + #include <X11/Xutil.h> ++#include <security/pam_appl.h> ++#include <security/pam_misc.h> + + #include "arg.h" + #include "util.h" + + char *argv0; ++static int pam_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); ++struct pam_conv pamc = {pam_conv, NULL}; ++char passwd[256]; + + enum { + INIT, + INPUT, + FAILED, ++ PAM, + NUMCOLS + }; + +@@ -57,6 +63,31 @@ die(const char *errstr, ...) + exit(1); + } + ++static int ++pam_conv(int num_msg, const struct pam_message **msg, ++ struct pam_response **resp, void *appdata_ptr) ++{ ++ int retval = PAM_CONV_ERR; ++ for(int i=0; i<num_msg; i++) { ++ if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF && ++ strncmp(msg[i]->msg, "Password: ", 10) == 0) { ++ struct pam_response *resp_msg = malloc(sizeof(struct pam_response)); ++ if (!resp_msg) ++ die("malloc failed\n"); ++ char *password = malloc(strlen(passwd) + 1); ++ if (!password) ++ die("malloc failed\n"); ++ memset(password, 0, strlen(passwd) + 1); ++ strcpy(password, passwd); ++ resp_msg->resp_retcode = 0; ++ resp_msg->resp = password; ++ resp[i] = resp_msg; ++ retval = PAM_SUCCESS; ++ } ++ } ++ return retval; ++} ++ + #ifdef __linux__ + #include <fcntl.h> + #include <linux/oom.h> +@@ -121,6 +152,8 @@ gethash(void) + } + #endif /* HAVE_SHADOW_H */ + ++ /* pam, store user name */ ++ hash = pw->pw_name; + return hash; + } + +@@ -129,11 +162,12 @@ readpw(Display *dpy, struct xrandr *rr, + const char *hash) + { + XRRScreenChangeNotifyEvent *rre; +- char buf[32], passwd[256], *inputhash; +- int num, screen, running, failure, oldc; ++ char buf[32]; ++ int num, screen, running, failure, oldc, retval; + unsigned int len, color; + KeySym ksym; + XEvent ev; ++ pam_handle_t *pamh; + + len = 0; + running = 1; +@@ -160,10 +194,26 @@ readpw(Display *dpy, struct xrandr *rr, + case XK_Return: + passwd[len] = '\0'; + errno = 0; +- if (!(inputhash = crypt(passwd, hash))) +- fprintf(stderr, "slock: crypt: %s\n", strerror(errno)); ++ retval = pam_start(pam_service, hash, &pamc, &pamh); ++ color = PAM; ++ for (screen = 0; screen < nscreens; screen++) { ++ XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[color]); ++ XClearWindow(dpy, locks[screen]->win); ++ XRaiseWindow(dpy, locks[screen]->win); ++ } ++ XSync(dpy, False); ++ ++ if (retval == PAM_SUCCESS) ++ retval = pam_authenticate(pamh, 0); ++ if (retval == PAM_SUCCESS) ++ retval = pam_acct_mgmt(pamh, 0); ++ ++ running = 1; ++ if (retval == PAM_SUCCESS) ++ running = 0; + else +- running = !!strcmp(inputhash, hash); ++ fprintf(stderr, "slock: %s\n", pam_strerror(pamh, retval)); ++ pam_end(pamh, retval); + if (running) { + XBell(dpy, 100); + failure = 1; +@@ -331,10 +381,9 @@ main(int argc, char **argv) { + dontkillme(); + #endif + ++ /* the contents of hash are used to transport the current user name */ + hash = gethash(); + errno = 0; +- if (!crypt("", hash)) +- die("slock: crypt: %s\n", strerror(errno)); + + if (!(dpy = XOpenDisplay(NULL))) + die("slock: cannot open display\n");