Stop using $USER for shadow entries

This was extremely bad practice, effectively making the program behave
different depending on which architecture you are running it on.

OpenBSD offers getpwuid_shadow, but there is no getspuid for getspnam,
so we resort to using the pw_name entry in the struct passwd we filled
earlier.

This prevents slock from crashing when $USER is empty (easy to do). If
you want to run slock as a different user, don't use

	$ USER="tom" slock

but doas or sudo which were designed for this purpose.
This commit is contained in:
FRIGN 2016-09-11 23:17:53 +02:00 committed by Markus Teich
parent 9a617db716
commit dc2e8e839e

View file

@ -103,14 +103,14 @@ gethash(void)
#if HAVE_SHADOW_H #if HAVE_SHADOW_H
if (hash[0] == 'x' && hash[1] == '\0') { if (hash[0] == 'x' && hash[1] == '\0') {
struct spwd *sp; struct spwd *sp;
if (!(sp = getspnam(getenv("USER")))) if (!(sp = getspnam(pw->pw_name)))
die("slock: getspnam: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); die("slock: getspnam: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
hash = sp->sp_pwdp; hash = sp->sp_pwdp;
} }
#else #else
if (hash[0] == '*' && hash[1] == '\0') { if (hash[0] == '*' && hash[1] == '\0') {
#ifdef __OpenBSD__ #ifdef __OpenBSD__
if (!(pw = getpwnam_shadow(getenv("USER")))) if (!(pw = getpwuid_shadow(getuid())))
die("slock: getpwnam_shadow: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); die("slock: getpwnam_shadow: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
hash = pw->pw_passwd; hash = pw->pw_passwd;
#else #else