Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Update
i3lock
i3lock-2.5-use-unix2_chkpwd.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File i3lock-2.5-use-unix2_chkpwd.diff of Package i3lock
Author: Stefan Seyfried <seife+obs@b1-systems.com> Date: Sat Feb 15 14:20:27 2014 +0100 add the option to use unix2_chkpwd instead of needing setgid shadow Index: i3lock-2.8/Makefile =================================================================== --- i3lock-2.8.orig/Makefile +++ i3lock-2.8/Makefile @@ -14,7 +14,11 @@ CFLAGS += -Wall CPPFLAGS += -D_GNU_SOURCE CFLAGS += $(shell $(PKG_CONFIG) --cflags cairo xcb-dpms xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11) LIBS += $(shell $(PKG_CONFIG) --libs cairo xcb-dpms xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11) +ifeq ($(USE_UNIX2_CHKPWD),1) +CFLAGS += -DUSE_UNIX2_CHKPWD=1 +else LIBS += -lpam +endif LIBS += -lev LIBS += -lm Index: i3lock-2.8/i3lock.c =================================================================== --- i3lock-2.8.orig/i3lock.c +++ i3lock-2.8/i3lock.c @@ -18,7 +18,9 @@ #include <xcb/xkb.h> #include <err.h> #include <assert.h> +#ifndef USE_UNIX2_CHKPWD #include <security/pam_appl.h> +#endif #include <getopt.h> #include <string.h> #include <ev.h> @@ -29,6 +31,13 @@ #include <cairo.h> #include <cairo/cairo-xcb.h> +#ifdef USE_UNIX2_CHKPWD +#include <sys/types.h> +#include <sys/wait.h> +#include <pwd.h> +#include <errno.h> +#endif + #include "i3lock.h" #include "xcb.h" #include "cursors.h" @@ -49,7 +58,9 @@ int inactivity_timeout = 30; uint32_t last_resolution[2]; xcb_window_t win; static xcb_cursor_t cursor; +#ifndef USE_UNIX2_CHKPWD static pam_handle_t *pam_handle; +#endif int input_position = 0; /* Holds the password you enter (in UTF-8). */ static char password[512]; @@ -235,6 +246,62 @@ static void input_done(void) { unlock_state = STATE_STARTED; redraw_screen(); +#ifdef USE_UNIX2_CHKPWD + struct passwd *pw; + + pw = getpwuid(getuid()); + if (! pw) + perror("i3lock: getpwuid() failed"); + else { + int pfd[2], status; + pid_t pid; + + if (pipe(pfd) < 0) { + perror("i3lock: pipe() failed"); + goto auth_failed; + } + + if ((pid = fork()) < 0) { + perror("i3lock: fork() failed"); + close(pfd[0]); + close(pfd[1]); + goto auth_failed; + } + + if (pid == 0) { + close(pfd[1]); + if (pfd[0] != 0) + dup2(pfd[0], 0); + + /* Helper is invoked as helper service-name [user] */ + printf("calling '/sbin/unix2_chkpwd i3lock %s'\n", pw->pw_name); + execlp("/sbin/unix2_chkpwd", "/sbin/unix2_chkpwd", "i3lock", pw->pw_name, NULL); + perror("i3lock: execlp(/sbin/unix2_chkpwd)"); + exit(1); + } + + close(pfd[0]); + /* Write out password to helper process */ + write(pfd[1], password, strlen(password)); + close(pfd[1]); + + while (waitpid(pid, &status, 0) < 0) { + if (errno == EINTR) + continue; + perror("i3lock: waitpid() failed"); + goto auth_failed; + } + + if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) + goto auth_failed; + endpwent(); + DEBUG("successfully authenticated\n"); + clear_password_memory(); + exit(0); + } + auth_failed: + endpwent(); +#else if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) { DEBUG("successfully authenticated\n"); clear_password_memory(); @@ -248,7 +315,7 @@ static void input_done(void) { exit(0); } - +#endif if (debug_mode) fprintf(stderr, "Authentication failure\n"); @@ -579,6 +646,7 @@ void handle_screen_resize(void) { redraw_screen(); } +#ifndef USE_UNIX2_CHKPWD /* * Callback function for PAM. We only react on password request callbacks. * @@ -609,6 +677,7 @@ static int conv_callback(int num_msg, co return 0; } +#endif /* * This callback is only a dummy, see xcb_prepare_cb and xcb_check_cb. @@ -764,8 +833,10 @@ int main(int argc, char *argv[]) { struct passwd *pw; char *username; char *image_path = NULL; +#ifndef USE_UNIX2_CHKPWD int ret; struct pam_conv conv = {conv_callback, NULL}; +#endif int curs_choice = CURS_NONE; int o; int optind = 0; @@ -862,12 +933,14 @@ int main(int argc, char *argv[]) { * the unlock indicator upon keypresses. */ srand(time(NULL)); +#ifndef USE_UNIX2_CHKPWD /* Initialize PAM */ if ((ret = pam_start("i3lock", username, &conv, &pam_handle)) != PAM_SUCCESS) errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret)); if ((ret = pam_set_item(pam_handle, PAM_TTY, getenv("DISPLAY"))) != PAM_SUCCESS) errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret)); +#endif /* Using mlock() as non-super-user seems only possible in Linux. Users of other * operating systems should use encrypted swap/no swap (or remove the ifdef and
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor