Unify how we check passwords between different OSes

This commit is contained in:
Quentin Rameau 2016-09-07 13:02:42 +02:00 committed by Markus Teich
parent 9698224090
commit 04143fd68d
2 changed files with 15 additions and 41 deletions

View file

@ -20,16 +20,11 @@ CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}
LDFLAGS = -s ${LIBS} LDFLAGS = -s ${LIBS}
COMPATSRC = explicit_bzero.c COMPATSRC = explicit_bzero.c
# On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH # On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS
# On OpenBSD and Darwin remove -lcrypt from LIBS # On OpenBSD and Darwin remove -lcrypt from LIBS
#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr #LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr
#CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE #CPPFLAGS = -DVERSION=\"${VERSION}\" -D_BSD_SOURCE
#COMPATSRC = #COMPATSRC =
# compiler and linker # compiler and linker
CC = cc CC = cc
# Install mode. On BSD systems MODE=2755 and GROUP=auth
# On others MODE=4755 and GROUP=root
#MODE=2755
#GROUP=auth

47
slock.c
View file

@ -18,11 +18,6 @@
#include <X11/Xlib.h> #include <X11/Xlib.h>
#include <X11/Xutil.h> #include <X11/Xutil.h>
#if HAVE_BSD_AUTH
#include <login_cap.h>
#include <bsd_auth.h>
#endif
#include "arg.h" #include "arg.h"
#include "util.h" #include "util.h"
@ -88,7 +83,6 @@ dontkillme(void)
} }
#endif #endif
#ifndef HAVE_BSD_AUTH
/* only run as root */ /* only run as root */
static const char * static const char *
getpw(void) getpw(void)
@ -96,6 +90,7 @@ getpw(void)
const char *rval; const char *rval;
struct passwd *pw; struct passwd *pw;
/* Check if the current user has a password entry */
errno = 0; errno = 0;
if (!(pw = getpwuid(getuid()))) { if (!(pw = getpwuid(getuid()))) {
if (errno) if (errno)
@ -109,10 +104,20 @@ getpw(void)
if (rval[0] == 'x' && rval[1] == '\0') { if (rval[0] == 'x' && rval[1] == '\0') {
struct spwd *sp; struct spwd *sp;
if (!(sp = getspnam(getenv("USER")))) if (!(sp = getspnam(getenv("USER"))))
die("slock: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); die("slock: getspnam: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
rval = sp->sp_pwdp; rval = sp->sp_pwdp;
} }
#endif #else
if (rval[0] == '*' && rval[1] == '\0') {
#ifdef __OpenBSD__
if (!(pw = getpwnam_shadow(getenv("USER"))))
die("slock: getpwnam_shadow: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
rval = pw->pw_passwd;
#else
die("slock: getpwuid: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
#endif /* __OpenBSD__ */
}
#endif /* HAVE_SHADOW_H */
/* drop privileges */ /* drop privileges */
if (geteuid() == 0 && if (geteuid() == 0 &&
@ -120,14 +125,9 @@ getpw(void)
die("slock: cannot drop privileges\n"); die("slock: cannot drop privileges\n");
return rval; return rval;
} }
#endif
static void static void
#ifdef HAVE_BSD_AUTH
readpw(Display *dpy)
#else
readpw(Display *dpy, const char *pws) readpw(Display *dpy, const char *pws)
#endif
{ {
char buf[32], passwd[256], *encrypted; char buf[32], passwd[256], *encrypted;
int num, screen, running, failure; int num, screen, running, failure;
@ -163,15 +163,11 @@ readpw(Display *dpy, const char *pws)
switch (ksym) { switch (ksym) {
case XK_Return: case XK_Return:
passwd[len] = 0; passwd[len] = 0;
#ifdef HAVE_BSD_AUTH
running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
#else
errno = 0; errno = 0;
if (!(encrypted = crypt(passwd, pws))) if (!(encrypted = crypt(passwd, pws)))
fprintf(stderr, "slock: crypt: %s\n", strerror(errno)); fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
else else
running = !!strcmp(encrypted, pws); running = !!strcmp(encrypted, pws);
#endif
if (running) { if (running) {
XBell(dpy, 100); XBell(dpy, 100);
failure = True; failure = True;
@ -320,9 +316,7 @@ usage(void)
int int
main(int argc, char **argv) { main(int argc, char **argv) {
#ifndef HAVE_BSD_AUTH
const char *pws; const char *pws;
#endif
Display *dpy; Display *dpy;
int s, nlocks; int s, nlocks;
@ -338,20 +332,9 @@ main(int argc, char **argv) {
dontkillme(); dontkillme();
#endif #endif
/* Check if the current user has a password entry */
errno = 0;
if (!getpwuid(getuid())) {
if (errno == 0)
die("slock: no password entry for current user\n");
else
die("slock: getpwuid: %s\n", strerror(errno));
}
#ifndef HAVE_BSD_AUTH
pws = getpw(); pws = getpw();
if (strlen(pws) < 2) if (strlen(pws) < 2)
die("slock: failed to get user password hash.\n"); die("slock: failed to get user password hash.\n");
#endif
if (!(dpy = XOpenDisplay(NULL))) if (!(dpy = XOpenDisplay(NULL)))
die("slock: cannot open display\n"); die("slock: cannot open display\n");
@ -396,11 +379,7 @@ main(int argc, char **argv) {
} }
/* everything is now blank. Wait for the correct password */ /* everything is now blank. Wait for the correct password */
#ifdef HAVE_BSD_AUTH
readpw(dpy);
#else
readpw(dpy, pws); readpw(dpy, pws);
#endif
/* password ok, unlock everything and quit */ /* password ok, unlock everything and quit */
cleanup(dpy); cleanup(dpy);