Unify how we check passwords between different OSes
This commit is contained in:
parent
9698224090
commit
04143fd68d
2 changed files with 15 additions and 41 deletions
|
@ -20,16 +20,11 @@ CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}
|
||||||
LDFLAGS = -s ${LIBS}
|
LDFLAGS = -s ${LIBS}
|
||||||
COMPATSRC = explicit_bzero.c
|
COMPATSRC = explicit_bzero.c
|
||||||
|
|
||||||
# On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH
|
# On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS
|
||||||
# On OpenBSD and Darwin remove -lcrypt from LIBS
|
# On OpenBSD and Darwin remove -lcrypt from LIBS
|
||||||
#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr
|
#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr
|
||||||
#CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE
|
#CPPFLAGS = -DVERSION=\"${VERSION}\" -D_BSD_SOURCE
|
||||||
#COMPATSRC =
|
#COMPATSRC =
|
||||||
|
|
||||||
# compiler and linker
|
# compiler and linker
|
||||||
CC = cc
|
CC = cc
|
||||||
|
|
||||||
# Install mode. On BSD systems MODE=2755 and GROUP=auth
|
|
||||||
# On others MODE=4755 and GROUP=root
|
|
||||||
#MODE=2755
|
|
||||||
#GROUP=auth
|
|
||||||
|
|
47
slock.c
47
slock.c
|
@ -18,11 +18,6 @@
|
||||||
#include <X11/Xlib.h>
|
#include <X11/Xlib.h>
|
||||||
#include <X11/Xutil.h>
|
#include <X11/Xutil.h>
|
||||||
|
|
||||||
#if HAVE_BSD_AUTH
|
|
||||||
#include <login_cap.h>
|
|
||||||
#include <bsd_auth.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include "arg.h"
|
#include "arg.h"
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
|
|
||||||
|
@ -88,7 +83,6 @@ dontkillme(void)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef HAVE_BSD_AUTH
|
|
||||||
/* only run as root */
|
/* only run as root */
|
||||||
static const char *
|
static const char *
|
||||||
getpw(void)
|
getpw(void)
|
||||||
|
@ -96,6 +90,7 @@ getpw(void)
|
||||||
const char *rval;
|
const char *rval;
|
||||||
struct passwd *pw;
|
struct passwd *pw;
|
||||||
|
|
||||||
|
/* Check if the current user has a password entry */
|
||||||
errno = 0;
|
errno = 0;
|
||||||
if (!(pw = getpwuid(getuid()))) {
|
if (!(pw = getpwuid(getuid()))) {
|
||||||
if (errno)
|
if (errno)
|
||||||
|
@ -109,10 +104,20 @@ getpw(void)
|
||||||
if (rval[0] == 'x' && rval[1] == '\0') {
|
if (rval[0] == 'x' && rval[1] == '\0') {
|
||||||
struct spwd *sp;
|
struct spwd *sp;
|
||||||
if (!(sp = getspnam(getenv("USER"))))
|
if (!(sp = getspnam(getenv("USER"))))
|
||||||
die("slock: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
|
die("slock: getspnam: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
|
||||||
rval = sp->sp_pwdp;
|
rval = sp->sp_pwdp;
|
||||||
}
|
}
|
||||||
#endif
|
#else
|
||||||
|
if (rval[0] == '*' && rval[1] == '\0') {
|
||||||
|
#ifdef __OpenBSD__
|
||||||
|
if (!(pw = getpwnam_shadow(getenv("USER"))))
|
||||||
|
die("slock: getpwnam_shadow: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
|
||||||
|
rval = pw->pw_passwd;
|
||||||
|
#else
|
||||||
|
die("slock: getpwuid: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
|
||||||
|
#endif /* __OpenBSD__ */
|
||||||
|
}
|
||||||
|
#endif /* HAVE_SHADOW_H */
|
||||||
|
|
||||||
/* drop privileges */
|
/* drop privileges */
|
||||||
if (geteuid() == 0 &&
|
if (geteuid() == 0 &&
|
||||||
|
@ -120,14 +125,9 @@ getpw(void)
|
||||||
die("slock: cannot drop privileges\n");
|
die("slock: cannot drop privileges\n");
|
||||||
return rval;
|
return rval;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
#ifdef HAVE_BSD_AUTH
|
|
||||||
readpw(Display *dpy)
|
|
||||||
#else
|
|
||||||
readpw(Display *dpy, const char *pws)
|
readpw(Display *dpy, const char *pws)
|
||||||
#endif
|
|
||||||
{
|
{
|
||||||
char buf[32], passwd[256], *encrypted;
|
char buf[32], passwd[256], *encrypted;
|
||||||
int num, screen, running, failure;
|
int num, screen, running, failure;
|
||||||
|
@ -163,15 +163,11 @@ readpw(Display *dpy, const char *pws)
|
||||||
switch (ksym) {
|
switch (ksym) {
|
||||||
case XK_Return:
|
case XK_Return:
|
||||||
passwd[len] = 0;
|
passwd[len] = 0;
|
||||||
#ifdef HAVE_BSD_AUTH
|
|
||||||
running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
|
|
||||||
#else
|
|
||||||
errno = 0;
|
errno = 0;
|
||||||
if (!(encrypted = crypt(passwd, pws)))
|
if (!(encrypted = crypt(passwd, pws)))
|
||||||
fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
|
fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
|
||||||
else
|
else
|
||||||
running = !!strcmp(encrypted, pws);
|
running = !!strcmp(encrypted, pws);
|
||||||
#endif
|
|
||||||
if (running) {
|
if (running) {
|
||||||
XBell(dpy, 100);
|
XBell(dpy, 100);
|
||||||
failure = True;
|
failure = True;
|
||||||
|
@ -320,9 +316,7 @@ usage(void)
|
||||||
|
|
||||||
int
|
int
|
||||||
main(int argc, char **argv) {
|
main(int argc, char **argv) {
|
||||||
#ifndef HAVE_BSD_AUTH
|
|
||||||
const char *pws;
|
const char *pws;
|
||||||
#endif
|
|
||||||
Display *dpy;
|
Display *dpy;
|
||||||
int s, nlocks;
|
int s, nlocks;
|
||||||
|
|
||||||
|
@ -338,20 +332,9 @@ main(int argc, char **argv) {
|
||||||
dontkillme();
|
dontkillme();
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Check if the current user has a password entry */
|
|
||||||
errno = 0;
|
|
||||||
if (!getpwuid(getuid())) {
|
|
||||||
if (errno == 0)
|
|
||||||
die("slock: no password entry for current user\n");
|
|
||||||
else
|
|
||||||
die("slock: getpwuid: %s\n", strerror(errno));
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifndef HAVE_BSD_AUTH
|
|
||||||
pws = getpw();
|
pws = getpw();
|
||||||
if (strlen(pws) < 2)
|
if (strlen(pws) < 2)
|
||||||
die("slock: failed to get user password hash.\n");
|
die("slock: failed to get user password hash.\n");
|
||||||
#endif
|
|
||||||
|
|
||||||
if (!(dpy = XOpenDisplay(NULL)))
|
if (!(dpy = XOpenDisplay(NULL)))
|
||||||
die("slock: cannot open display\n");
|
die("slock: cannot open display\n");
|
||||||
|
@ -396,11 +379,7 @@ main(int argc, char **argv) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/* everything is now blank. Wait for the correct password */
|
/* everything is now blank. Wait for the correct password */
|
||||||
#ifdef HAVE_BSD_AUTH
|
|
||||||
readpw(dpy);
|
|
||||||
#else
|
|
||||||
readpw(dpy, pws);
|
readpw(dpy, pws);
|
||||||
#endif
|
|
||||||
|
|
||||||
/* password ok, unlock everything and quit */
|
/* password ok, unlock everything and quit */
|
||||||
cleanup(dpy);
|
cleanup(dpy);
|
||||||
|
|
Loading…
Reference in a new issue