[hackers] [slock] Unify how we check passwords between different OSes

From: Quentin Rameau <quinq_AT_fifth.space>
Date: Tue, 6 Sep 2016 20:52:05 +0200

---
 slock.c | 42 +++++++++---------------------------------
 1 file changed, 9 insertions(+), 33 deletions(-)
diff --git a/slock.c b/slock.c
index 08ada6f..f77f897 100644
--- a/slock.c
+++ b/slock.c
_AT_@ -18,11 +18,6 @@
 #include <X11/Xlib.h>
 #include <X11/Xutil.h>
 
-#if HAVE_BSD_AUTH
-#include <login_cap.h>
-#include <bsd_auth.h>
-#endif
-
 #include "arg.h"
 #include "util.h"
 
_AT_@ -88,7 +83,6 @@ dontkillme(void)
 }
 #endif
 
-#ifndef HAVE_BSD_AUTH
 /* only run as root */
 static const char *
 getpw(void)
_AT_@ -96,10 +90,11 @@ getpw(void)
 	const char *rval;
 	struct passwd *pw;
 
+	/* Check if the current user has a password entry */
 	errno = 0;
 	if (!(pw = getpwuid(getuid()))) {
 		if (errno)
-			die("getpwuid: %s\n", strerror(errno));
+			die("slock: getpwuid: %s\n", strerror(errno));
 		else
 			die("cannot retrieve password entry\n");
 	}
_AT_@ -112,6 +107,13 @@ getpw(void)
 			die("cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
 		rval = sp->sp_pwdp;
 	}
+#elif __OpenBSD__
+	if (rval[0] == '*' && rval[1] == '\0') {
+		struct passwd *sp;
+		if (!(sp = getpwnam_shadow(getenv("USER"))))
+			die("cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
+		rval = sp->pw_passwd;
+	}
 #endif
 
 	/* drop privileges */
_AT_@ -120,14 +122,9 @@ getpw(void)
 		die("cannot drop privileges\n");
 	return rval;
 }
-#endif
 
 static void
-#ifdef HAVE_BSD_AUTH
-readpw(Display *dpy)
-#else
 readpw(Display *dpy, const char *pws)
-#endif
 {
 	char buf[32], passwd[256], *encrypted;
 	int num, screen, running, failure;
_AT_@ -163,15 +160,11 @@ readpw(Display *dpy, const char *pws)
 			switch (ksym) {
 			case XK_Return:
 				passwd[len] = 0;
-#ifdef HAVE_BSD_AUTH
-				running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
-#else
 				errno = 0;
 				if (!(encrypted = crypt(passwd, pws)))
 					fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
 				else
 					running = !!strcmp(encrypted, pws);
-#endif
 				if (running) {
 					XBell(dpy, 100);
 					failure = True;
_AT_@ -320,9 +313,7 @@ usage(void)
 
 int
 main(int argc, char **argv) {
-#ifndef HAVE_BSD_AUTH
 	const char *pws;
-#endif
 	Display *dpy;
 	int s, nlocks;
 
_AT_@ -338,20 +329,9 @@ main(int argc, char **argv) {
 	dontkillme();
 #endif
 
-	/* Check if the current user has a password entry */
-	errno = 0;
-	if (!getpwuid(getuid())) {
-		if (errno == 0)
-			die("slock: no password entry for current user\n");
-		else
-			die("slock: getpwuid: %s\n", strerror(errno));
-	}
-
-#ifndef HAVE_BSD_AUTH
 	pws = getpw();
 	if (strlen(pws) < 2)
 		die("slock: failed to get user password hash.\n");
-#endif
 
 	if (!(dpy = XOpenDisplay(NULL)))
 		die("slock: cannot open display\n");
_AT_@ -396,11 +376,7 @@ main(int argc, char **argv) {
 	}
 
 	/* everything is now blank. Wait for the correct password */
-#ifdef HAVE_BSD_AUTH
-	readpw(dpy);
-#else
 	readpw(dpy, pws);
-#endif
 
 	/* password ok, unlock everything and quit */
 	cleanup(dpy);
-- 
2.9.0
Received on Tue Sep 06 2016 - 20:52:05 CEST

This archive was generated by hypermail 2.3.0 : Tue Sep 06 2016 - 21:00:20 CEST