ftpd/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

PAM support for slock.

Browse source
This commit is contained in:
Bartek Stalewski 2021-07-16 21:46:31 +02:00
parent 07ca0d53bc
commit 8c660ea2d0
7 changed files with 237 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

8
_suckless/slock/config.def.h
View file

@ -1,17 +1,21 @@
/* user and group to drop privileges to */ /* user and group to drop privileges to */
static const char *user = "nobody"; static const char *user = "f";
static const char *group = "nogroup"; static const char *group = "users";
static const char *colorname[NUMCOLS] = { static const char *colorname[NUMCOLS] = {
[BACKGROUND] = "black", /* after initialization */ [BACKGROUND] = "black", /* after initialization */
[INIT] = "#2d2d2d", /* after initialization */ [INIT] = "#2d2d2d", /* after initialization */
[INPUT] = "#005577", /* during input */ [INPUT] = "#005577", /* during input */
[FAILED] = "#CC3333", /* wrong password */ [FAILED] = "#CC3333", /* wrong password */
[PAM] = "#005577", /* waiting for PAM */
}; };
/* treat a cleared input like a wrong password (color) */ /* treat a cleared input like a wrong password (color) */
static const int failonclear = 1; static const int failonclear = 1;
/* PAM service that's used for authentication */
static const char* pam_service = "login";
/* insert grid pattern with scale 1:1, the size can be changed with logosize */ /* insert grid pattern with scale 1:1, the size can be changed with logosize */
static const int logosize = 75; static const int logosize = 75;
static const int logow = 12; /* grid width and height for right center alignment*/ static const int logow = 12; /* grid width and height for right center alignment*/

8
_suckless/slock/config.h
View file

@ -1,17 +1,21 @@
/* user and group to drop privileges to */ /* user and group to drop privileges to */
static const char *user = "nobody"; static const char *user = "f";
static const char *group = "nogroup"; static const char *group = "users";
static const char *colorname[NUMCOLS] = { static const char *colorname[NUMCOLS] = {
[BACKGROUND] = "black", /* after initialization */ [BACKGROUND] = "black", /* after initialization */
[INIT] = "#2d2d2d", /* after initialization */ [INIT] = "#2d2d2d", /* after initialization */
[INPUT] = "#005577", /* during input */ [INPUT] = "#005577", /* during input */
[FAILED] = "#CC3333", /* wrong password */ [FAILED] = "#CC3333", /* wrong password */
[PAM] = "#005577", /* waiting for PAM */
}; };
/* treat a cleared input like a wrong password (color) */ /* treat a cleared input like a wrong password (color) */
static const int failonclear = 1; static const int failonclear = 1;
/* PAM service that's used for authentication */
static const char* pam_service = "login";
/* insert grid pattern with scale 1:1, the size can be changed with logosize */ /* insert grid pattern with scale 1:1, the size can be changed with logosize */
static const int logosize = 75; static const int logosize = 75;
static const int logow = 12; /* grid width and height for right center alignment*/ static const int logow = 12; /* grid width and height for right center alignment*/

2
_suckless/slock/config.mk
View file

@ -20,7 +20,7 @@ FREETYPEINC = /usr/include/freetype2
# includes and libs # includes and libs
INCS = -I. -I/usr/include -I${X11INC} -I${FREETYPEINC} INCS = -I. -I/usr/include -I${X11INC} -I${FREETYPEINC}
LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 ${XINERAMALIBS} ${FREETYPELIBS} -lXext -lXrandr LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 ${XINERAMALIBS} ${FREETYPELIBS} -lXext -lXrandr -lpam
# flags # flags
CPPFLAGS = -DVERSION=\"${VERSION}\" -D_DEFAULT_SOURCE -DHAVE_SHADOW_H ${XINERAMAFLAGS} CPPFLAGS = -DVERSION=\"${VERSION}\" -D_DEFAULT_SOURCE -DHAVE_SHADOW_H ${XINERAMAFLAGS}

0
_suckless/slock/patches/slock-dwmlogo-20210324.diff → _suckless/slock/patches/01-slock-dwmlogo-20210324.diff
View file

154
_suckless/slock/patches/02-slock-pam_auth-20190207-35633d4.diff Normal file
View file

@ -0,0 +1,154 @@
diff --git a/config.def.h b/config.def.h
index 9855e21..19e7f62 100644
--- a/config.def.h
+++ b/config.def.h
@@ -6,7 +6,11 @@ static const char *colorname[NUMCOLS] = {
[INIT] = "black", /* after initialization */
[INPUT] = "#005577", /* during input */
[FAILED] = "#CC3333", /* wrong password */
+ [PAM] = "#9400D3", /* waiting for PAM */
};
/* treat a cleared input like a wrong password (color) */
static const int failonclear = 1;
+
+/* PAM service that's used for authentication */
+static const char* pam_service = "login";
diff --git a/config.mk b/config.mk
index 74429ae..6e82074 100644
--- a/config.mk
+++ b/config.mk
@@ -12,7 +12,7 @@ X11LIB = /usr/X11R6/lib
# includes and libs
INCS = -I. -I/usr/include -I${X11INC}
-LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr
+LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr -lpam
# flags
CPPFLAGS = -DVERSION=\"${VERSION}\" -D_DEFAULT_SOURCE -DHAVE_SHADOW_H
diff --git a/slock.c b/slock.c
index 5ae738c..3a8da42 100644
--- a/slock.c
+++ b/slock.c
@@ -18,16 +18,22 @@
#include <X11/keysym.h>
#include <X11/Xlib.h>
#include <X11/Xutil.h>
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
#include "arg.h"
#include "util.h"
char *argv0;
+static int pam_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr);
+struct pam_conv pamc = {pam_conv, NULL};
+char passwd[256];
enum {
INIT,
INPUT,
FAILED,
+ PAM,
NUMCOLS
};
@@ -57,6 +63,31 @@ die(const char *errstr, ...)
exit(1);
}
+static int
+pam_conv(int num_msg, const struct pam_message **msg,
+ struct pam_response **resp, void *appdata_ptr)
+{
+ int retval = PAM_CONV_ERR;
+ for(int i=0; i<num_msg; i++) {
+ if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF &&
+ strncmp(msg[i]->msg, "Password: ", 10) == 0) {
+ struct pam_response *resp_msg = malloc(sizeof(struct pam_response));
+ if (!resp_msg)
+ die("malloc failed\n");
+ char *password = malloc(strlen(passwd) + 1);
+ if (!password)
+ die("malloc failed\n");
+ memset(password, 0, strlen(passwd) + 1);
+ strcpy(password, passwd);
+ resp_msg->resp_retcode = 0;
+ resp_msg->resp = password;
+ resp[i] = resp_msg;
+ retval = PAM_SUCCESS;
+ }
+ }
+ return retval;
+}
+
#ifdef __linux__
#include <fcntl.h>
#include <linux/oom.h>
@@ -121,6 +152,8 @@ gethash(void)
}
#endif /* HAVE_SHADOW_H */
+ /* pam, store user name */
+ hash = pw->pw_name;
return hash;
}
@@ -129,11 +162,12 @@ readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens,
const char *hash)
{
XRRScreenChangeNotifyEvent *rre;
- char buf[32], passwd[256], *inputhash;
- int num, screen, running, failure, oldc;
+ char buf[32];
+ int num, screen, running, failure, oldc, retval;
unsigned int len, color;
KeySym ksym;
XEvent ev;
+ pam_handle_t *pamh;
len = 0;
running = 1;
@@ -160,10 +194,26 @@ readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens,
case XK_Return:
passwd[len] = '\0';
errno = 0;
- if (!(inputhash = crypt(passwd, hash)))
- fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
+ retval = pam_start(pam_service, hash, &pamc, &pamh);
+ color = PAM;
+ for (screen = 0; screen < nscreens; screen++) {
+ XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[color]);
+ XClearWindow(dpy, locks[screen]->win);
+ XRaiseWindow(dpy, locks[screen]->win);
+ }
+ XSync(dpy, False);
+
+ if (retval == PAM_SUCCESS)
+ retval = pam_authenticate(pamh, 0);
+ if (retval == PAM_SUCCESS)
+ retval = pam_acct_mgmt(pamh, 0);
+
+ running = 1;
+ if (retval == PAM_SUCCESS)
+ running = 0;
else
- running = !!strcmp(inputhash, hash);
+ fprintf(stderr, "slock: %s\n", pam_strerror(pamh, retval));
+ pam_end(pamh, retval);
if (running) {
XBell(dpy, 100);
failure = 1;
@@ -339,10 +389,9 @@ main(int argc, char **argv) {
dontkillme();
#endif
+ /* the contents of hash are used to transport the current user name */
hash = gethash();
errno = 0;
- if (!crypt("", hash))
- die("slock: crypt: %s\n", strerror(errno));
if (!(dpy = XOpenDisplay(NULL)))
die("slock: cannot open display\n");

75
_suckless/slock/slock.c
View file

@ -23,17 +23,23 @@
#include <X11/Xlib.h> #include <X11/Xlib.h>
#include <X11/Xutil.h> #include <X11/Xutil.h>
#include <X11/Xft/Xft.h> #include <X11/Xft/Xft.h>
#include <security/pam_appl.h>
#include <security/pam_misc.h>
#include "arg.h" #include "arg.h"
#include "util.h" #include "util.h"
char *argv0; char *argv0;
static int pam_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr);
struct pam_conv pamc = {pam_conv, NULL};
char passwd[256];
enum { enum {
BACKGROUND, BACKGROUND,
INIT, INIT,
INPUT, INPUT,
FAILED, FAILED,
PAM,
NUMCOLS NUMCOLS
}; };
@ -68,6 +74,31 @@ die(const char *errstr, ...)
exit(1); exit(1);
} }
static int
pam_conv(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr)
{
int retval = PAM_CONV_ERR;
for(int i=0; i<num_msg; i++) {
if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF &&
strncmp(msg[i]->msg, "Password: ", 10) == 0) {
struct pam_response *resp_msg = malloc(sizeof(struct pam_response));
if (!resp_msg)
die("malloc failed\n");
char *password = malloc(strlen(passwd) + 1);
if (!password)
die("malloc failed\n");
memset(password, 0, strlen(passwd) + 1);
strcpy(password, passwd);
resp_msg->resp_retcode = 0;
resp_msg->resp = password;
resp[i] = resp_msg;
retval = PAM_SUCCESS;
}
}
return retval;
}
#ifdef __linux__ #ifdef __linux__
#include <fcntl.h> #include <fcntl.h>
#include <linux/oom.h> #include <linux/oom.h>
@ -132,6 +163,8 @@ gethash(void)
} }
#endif /* HAVE_SHADOW_H */ #endif /* HAVE_SHADOW_H */
/* pam, store user name */
hash = pw->pw_name;
return hash; return hash;
} }
@ -166,11 +199,12 @@ readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens,
const char *hash) const char *hash)
{ {
XRRScreenChangeNotifyEvent *rre; XRRScreenChangeNotifyEvent *rre;
char buf[32], passwd[256], *inputhash; char buf[32];
int num, screen, running, failure, oldc; int num, screen, running, failure, oldc, retval;
unsigned int len, color; unsigned int len, color;
KeySym ksym; KeySym ksym;
XEvent ev; XEvent ev;
pam_handle_t *pamh;
len = 0; len = 0;
running = 1; running = 1;
@ -197,10 +231,26 @@ readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens,
case XK_Return: case XK_Return:
passwd[len] = '\0'; passwd[len] = '\0';
errno = 0; errno = 0;
if (!(inputhash = crypt(passwd, hash))) retval = pam_start(pam_service, hash, &pamc, &pamh);
fprintf(stderr, "slock: crypt: %s\n", strerror(errno)); color = PAM;
for (screen = 0; screen < nscreens; screen++) {
XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[color]);
XClearWindow(dpy, locks[screen]->win);
XRaiseWindow(dpy, locks[screen]->win);
}
XSync(dpy, False);
if (retval == PAM_SUCCESS)
retval = pam_authenticate(pamh, 0);
if (retval == PAM_SUCCESS)
retval = pam_acct_mgmt(pamh, 0);
running = 1;
if (retval == PAM_SUCCESS)
running = 0;
else else
running = !!strcmp(inputhash, hash); fprintf(stderr, "slock: %s\n", pam_strerror(pamh, retval));
pam_end(pamh, retval);
if (running) { if (running) {
XBell(dpy, 100); XBell(dpy, 100);
failure = 1; failure = 1;
@ -214,7 +264,7 @@ readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens,
break; break;
case XK_BackSpace: case XK_BackSpace:
if (len) if (len)
passwd[len--] = '\0'; passwd[--len] = '\0';
break; break;
default: default:
if (num && !iscntrl((int)buf[0]) && if (num && !iscntrl((int)buf[0]) &&
@ -235,14 +285,22 @@ readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens,
rre = (XRRScreenChangeNotifyEvent*)&ev; rre = (XRRScreenChangeNotifyEvent*)&ev;
for (screen = 0; screen < nscreens; screen++) { for (screen = 0; screen < nscreens; screen++) {
if (locks[screen]->win == rre->window) { if (locks[screen]->win == rre->window) {
if (rre->rotation == RR_Rotate_90 ||
rre->rotation == RR_Rotate_270)
XResizeWindow(dpy, locks[screen]->win,
rre->height, rre->width);
else
XResizeWindow(dpy, locks[screen]->win, XResizeWindow(dpy, locks[screen]->win,
rre->width, rre->height); rre->width, rre->height);
XClearWindow(dpy, locks[screen]->win); XClearWindow(dpy, locks[screen]->win);
break;
} }
} }
} else for (screen = 0; screen < nscreens; screen++) } else {
for (screen = 0; screen < nscreens; screen++)
XRaiseWindow(dpy, locks[screen]->win); XRaiseWindow(dpy, locks[screen]->win);
} }
}
} }
static struct lock * static struct lock *
@ -391,10 +449,9 @@ main(int argc, char **argv) {
dontkillme(); dontkillme();
#endif #endif
/* the contents of hash are used to transport the current user name */
hash = gethash(); hash = gethash();
errno = 0; errno = 0;
if (!crypt("", hash))
die("slock: crypt: %s\n", strerror(errno));
if (!(dpy = XOpenDisplay(NULL))) if (!(dpy = XOpenDisplay(NULL)))
die("slock: cannot open display\n"); die("slock: cannot open display\n");