Xinqi Bao's Git
projects
/
slock.git
/ commitdiff
summary
|
log
|
commit
|
diff
|
tree
raw
|
patch
|
inline
| side by side (parent:
9698224
)
Unify how we check passwords between different OSes
author
Quentin Rameau <
[email protected]
>
Wed, 7 Sep 2016 11:02:42 +0000
(13:02 +0200)
committer
Markus Teich <
[email protected]
>
Wed, 7 Sep 2016 11:10:25 +0000
(13:10 +0200)
config.mk
patch
|
blob
|
history
slock.c
patch
|
blob
|
history
diff --git
a/config.mk
b/config.mk
index
3afc061
..
049305c
100644
(file)
--- a/
config.mk
+++ b/
config.mk
@@
-20,16
+20,11
@@
CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}
LDFLAGS = -s ${LIBS}
COMPATSRC = explicit_bzero.c
LDFLAGS = -s ${LIBS}
COMPATSRC = explicit_bzero.c
-# On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS
and add -DHAVE_BSD_AUTH
+# On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS
# On OpenBSD and Darwin remove -lcrypt from LIBS
#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr
# On OpenBSD and Darwin remove -lcrypt from LIBS
#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr
-#CPPFLAGS = -DVERSION=\"${VERSION}\" -D
HAVE_BSD_AUTH -D
_BSD_SOURCE
+#CPPFLAGS = -DVERSION=\"${VERSION}\" -D_BSD_SOURCE
#COMPATSRC =
# compiler and linker
CC = cc
#COMPATSRC =
# compiler and linker
CC = cc
-
-# Install mode. On BSD systems MODE=2755 and GROUP=auth
-# On others MODE=4755 and GROUP=root
-#MODE=2755
-#GROUP=auth
diff --git
a/slock.c
b/slock.c
index
62a9841
..
da4b099
100644
(file)
--- a/
slock.c
+++ b/
slock.c
@@
-18,11
+18,6
@@
#include <X11/Xlib.h>
#include <X11/Xutil.h>
#include <X11/Xlib.h>
#include <X11/Xutil.h>
-#if HAVE_BSD_AUTH
-#include <login_cap.h>
-#include <bsd_auth.h>
-#endif
-
#include "arg.h"
#include "util.h"
#include "arg.h"
#include "util.h"
@@
-88,7
+83,6
@@
dontkillme(void)
}
#endif
}
#endif
-#ifndef HAVE_BSD_AUTH
/* only run as root */
static const char *
getpw(void)
/* only run as root */
static const char *
getpw(void)
@@
-96,6
+90,7
@@
getpw(void)
const char *rval;
struct passwd *pw;
const char *rval;
struct passwd *pw;
+ /* Check if the current user has a password entry */
errno = 0;
if (!(pw = getpwuid(getuid()))) {
if (errno)
errno = 0;
if (!(pw = getpwuid(getuid()))) {
if (errno)
@@
-109,10
+104,20
@@
getpw(void)
if (rval[0] == 'x' && rval[1] == '\0') {
struct spwd *sp;
if (!(sp = getspnam(getenv("USER"))))
if (rval[0] == 'x' && rval[1] == '\0') {
struct spwd *sp;
if (!(sp = getspnam(getenv("USER"))))
- die("slock: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
+ die("slock:
getspnam:
cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
rval = sp->sp_pwdp;
}
rval = sp->sp_pwdp;
}
-#endif
+#else
+ if (rval[0] == '*' && rval[1] == '\0') {
+#ifdef __OpenBSD__
+ if (!(pw = getpwnam_shadow(getenv("USER"))))
+ die("slock: getpwnam_shadow: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
+ rval = pw->pw_passwd;
+#else
+ die("slock: getpwuid: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
+#endif /* __OpenBSD__ */
+ }
+#endif /* HAVE_SHADOW_H */
/* drop privileges */
if (geteuid() == 0 &&
/* drop privileges */
if (geteuid() == 0 &&
@@
-120,14
+125,9
@@
getpw(void)
die("slock: cannot drop privileges\n");
return rval;
}
die("slock: cannot drop privileges\n");
return rval;
}
-#endif
static void
static void
-#ifdef HAVE_BSD_AUTH
-readpw(Display *dpy)
-#else
readpw(Display *dpy, const char *pws)
readpw(Display *dpy, const char *pws)
-#endif
{
char buf[32], passwd[256], *encrypted;
int num, screen, running, failure;
{
char buf[32], passwd[256], *encrypted;
int num, screen, running, failure;
@@
-163,15
+163,11
@@
readpw(Display *dpy, const char *pws)
switch (ksym) {
case XK_Return:
passwd[len] = 0;
switch (ksym) {
case XK_Return:
passwd[len] = 0;
-#ifdef HAVE_BSD_AUTH
- running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
-#else
errno = 0;
if (!(encrypted = crypt(passwd, pws)))
fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
else
running = !!strcmp(encrypted, pws);
errno = 0;
if (!(encrypted = crypt(passwd, pws)))
fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
else
running = !!strcmp(encrypted, pws);
-#endif
if (running) {
XBell(dpy, 100);
failure = True;
if (running) {
XBell(dpy, 100);
failure = True;
@@
-320,9
+316,7
@@
usage(void)
int
main(int argc, char **argv) {
int
main(int argc, char **argv) {
-#ifndef HAVE_BSD_AUTH
const char *pws;
const char *pws;
-#endif
Display *dpy;
int s, nlocks;
Display *dpy;
int s, nlocks;
@@
-338,20
+332,9
@@
main(int argc, char **argv) {
dontkillme();
#endif
dontkillme();
#endif
- /* Check if the current user has a password entry */
- errno = 0;
- if (!getpwuid(getuid())) {
- if (errno == 0)
- die("slock: no password entry for current user\n");
- else
- die("slock: getpwuid: %s\n", strerror(errno));
- }
-
-#ifndef HAVE_BSD_AUTH
pws = getpw();
if (strlen(pws) < 2)
die("slock: failed to get user password hash.\n");
pws = getpw();
if (strlen(pws) < 2)
die("slock: failed to get user password hash.\n");
-#endif
if (!(dpy = XOpenDisplay(NULL)))
die("slock: cannot open display\n");
if (!(dpy = XOpenDisplay(NULL)))
die("slock: cannot open display\n");
@@
-396,11
+379,7
@@
main(int argc, char **argv) {
}
/* everything is now blank. Wait for the correct password */
}
/* everything is now blank. Wait for the correct password */
-#ifdef HAVE_BSD_AUTH
- readpw(dpy);
-#else
readpw(dpy, pws);
readpw(dpy, pws);
-#endif
/* password ok, unlock everything and quit */
cleanup(dpy);
/* password ok, unlock everything and quit */
cleanup(dpy);