[hackers] [slock] Unify how we check passwords between different OSes || Quentin Rameau

From: <git_AT_suckless.org>
Date: Wed, 7 Sep 2016 13:15:11 +0200 (CEST)

commit 04143fd68dbc656905714eff5c208fadb3464e25
Author: Quentin Rameau <quinq_AT_fifth.space>
AuthorDate: Wed Sep 7 13:02:42 2016 +0200
Commit: Markus Teich <markus.teich_AT_stusta.mhn.de>
CommitDate: Wed Sep 7 13:10:25 2016 +0200

    Unify how we check passwords between different OSes

diff --git a/config.mk b/config.mk
index 3afc061..049305c 100644
--- a/config.mk
+++ b/config.mk
_AT_@ -20,16 +20,11 @@ CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}
 LDFLAGS = -s ${LIBS}
 COMPATSRC = explicit_bzero.c
 
-# On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH
+# On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS
 # On OpenBSD and Darwin remove -lcrypt from LIBS
 #LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr
-#CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE
+#CPPFLAGS = -DVERSION=\"${VERSION}\" -D_BSD_SOURCE
 #COMPATSRC =
 
 # compiler and linker
 CC = cc
-
-# Install mode. On BSD systems MODE=2755 and GROUP=auth
-# On others MODE=4755 and GROUP=root
-#MODE=2755
-#GROUP=auth
diff --git a/slock.c b/slock.c
index 62a9841..da4b099 100644
--- a/slock.c
+++ b/slock.c
_AT_@ -18,11 +18,6 @@
 #include <X11/Xlib.h>
 #include <X11/Xutil.h>
 
-#if HAVE_BSD_AUTH
-#include <login_cap.h>
-#include <bsd_auth.h>
-#endif
-
 #include "arg.h"
 #include "util.h"
 
_AT_@ -88,7 +83,6 @@ dontkillme(void)
 }
 #endif
 
-#ifndef HAVE_BSD_AUTH
 /* only run as root */
 static const char *
 getpw(void)
_AT_@ -96,6 +90,7 @@ getpw(void)
         const char *rval;
         struct passwd *pw;
 
+ /* Check if the current user has a password entry */
         errno = 0;
         if (!(pw = getpwuid(getuid()))) {
                 if (errno)
_AT_@ -109,10 +104,20 @@ getpw(void)
         if (rval[0] == 'x' && rval[1] == '\0') {
                 struct spwd *sp;
                 if (!(sp = getspnam(getenv("USER"))))
- die("slock: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
+ die("slock: getspnam: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
                 rval = sp->sp_pwdp;
         }
-#endif
+#else
+ if (rval[0] == '*' && rval[1] == '\0') {
+#ifdef __OpenBSD__
+ if (!(pw = getpwnam_shadow(getenv("USER"))))
+ die("slock: getpwnam_shadow: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
+ rval = pw->pw_passwd;
+#else
+ die("slock: getpwuid: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
+#endif /* __OpenBSD__ */
+ }
+#endif /* HAVE_SHADOW_H */
 
         /* drop privileges */
         if (geteuid() == 0 &&
_AT_@ -120,14 +125,9 @@ getpw(void)
                 die("slock: cannot drop privileges\n");
         return rval;
 }
-#endif
 
 static void
-#ifdef HAVE_BSD_AUTH
-readpw(Display *dpy)
-#else
 readpw(Display *dpy, const char *pws)
-#endif
 {
         char buf[32], passwd[256], *encrypted;
         int num, screen, running, failure;
_AT_@ -163,15 +163,11 @@ readpw(Display *dpy, const char *pws)
                         switch (ksym) {
                         case XK_Return:
                                 passwd[len] = 0;
-#ifdef HAVE_BSD_AUTH
- running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
-#else
                                 errno = 0;
                                 if (!(encrypted = crypt(passwd, pws)))
                                         fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
                                 else
                                         running = !!strcmp(encrypted, pws);
-#endif
                                 if (running) {
                                         XBell(dpy, 100);
                                         failure = True;
_AT_@ -320,9 +316,7 @@ usage(void)
 
 int
 main(int argc, char **argv) {
-#ifndef HAVE_BSD_AUTH
         const char *pws;
-#endif
         Display *dpy;
         int s, nlocks;
 
_AT_@ -338,20 +332,9 @@ main(int argc, char **argv) {
         dontkillme();
 #endif
 
- /* Check if the current user has a password entry */
- errno = 0;
- if (!getpwuid(getuid())) {
- if (errno == 0)
- die("slock: no password entry for current user\n");
- else
- die("slock: getpwuid: %s\n", strerror(errno));
- }
-
-#ifndef HAVE_BSD_AUTH
         pws = getpw();
         if (strlen(pws) < 2)
                 die("slock: failed to get user password hash.\n");
-#endif
 
         if (!(dpy = XOpenDisplay(NULL)))
                 die("slock: cannot open display\n");
_AT_@ -396,11 +379,7 @@ main(int argc, char **argv) {
         }
 
         /* everything is now blank. Wait for the correct password */
-#ifdef HAVE_BSD_AUTH
- readpw(dpy);
-#else
         readpw(dpy, pws);
-#endif
 
         /* password ok, unlock everything and quit */
         cleanup(dpy);
Received on Wed Sep 07 2016 - 13:15:11 CEST

This archive was generated by hypermail 2.3.0 : Wed Sep 07 2016 - 13:24:15 CEST