[wiki] [sites] Add pam_auth patch || Jan Christoph Ebersbach

From: <git_AT_suckless.org>
Date: Mon, 16 May 2016 17:14:17 +0200

commit f63b6422a7bd10abd78c52a254a4caee13825d26
Author: Jan Christoph Ebersbach <jceb_AT_e-jc.de>
Date: Mon May 16 17:13:56 2016 +0200

    Add pam_auth patch

diff --git a/tools.suckless.org/slock/patches/pam_auth.md b/tools.suckless.org/slock/patches/pam_auth.md
new file mode 100644
index 0000000..4e6e189
--- /dev/null
+++ b/tools.suckless.org/slock/patches/pam_auth.md
_AT_@ -0,0 +1,20 @@
+PAM auth
+=========
+
+Description
+-----------
+
+Replaces shadow support with PAM authentication support.
+
+Change variable `pam_service` in `config.def.h` to the corresponding PAM
+service. The default configuration is for ArchLinux's `login` service.
+
+Download
+--------
+
+* [slock-pam_auth.diff](slock-pam_auth.diff)
+
+Authors
+-------
+
+* Jan Christoph Ebersbach <[jceb_AT_e-jc.de](mailto:jceb_AT_e-jc.de)>
diff --git a/tools.suckless.org/slock/patches/slock-pam_auth.diff b/tools.suckless.org/slock/patches/slock-pam_auth.diff
new file mode 100644
index 0000000..7cc1983
--- /dev/null
+++ b/tools.suckless.org/slock/patches/slock-pam_auth.diff
_AT_@ -0,0 +1,125 @@
+Author: Jan Christoph Ebersbach <jceb_AT_e-jc.de>
+URL: http://tools.suckless.org/slock/patches/pam_auth
+Replaces shadow support with PAM authentication support.
+
+Change variable `pam_service` in `config.def.h` to the corresponding PAM
+service. The default configuration is for ArchLinux's `login` service.
+
+diff --git a/config.def.h b/config.def.h
+index eae2d9a..085968d 100644
+--- a/config.def.h
++++ b/config.def.h
+_AT_@ -6,3 +6,6 @@ static const char *colorname[NUMCOLS] = {
+
+ /* treat a cleared input like a wrong password */
+ static const int failonclear = 1;
++
++/* PAM service that's used for authentication */
++static const char* pam_service = "login";
+diff --git a/config.mk b/config.mk
+index f93879e..e054879 100644
+--- a/config.mk
++++ b/config.mk
+_AT_@ -12,7 +12,7 @@ X11LIB = /usr/X11R6/lib
+
+ # includes and libs
+ INCS = -I. -I/usr/include -I${X11INC}
+-LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr
++LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr -lpam
+
+ # flags
+ CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H
+diff --git a/slock.c b/slock.c
+index c9cdee2..2abf467 100644
+--- a/slock.c
++++ b/slock.c
+_AT_@ -17,6 +17,8 @@
+ #include <X11/keysym.h>
+ #include <X11/Xlib.h>
+ #include <X11/Xutil.h>
++#include <security/pam_appl.h>
++#include <security/pam_misc.h>
+
+ #if HAVE_BSD_AUTH
+ #include <login_cap.h>
+_AT_@ -39,6 +41,9 @@ typedef struct {
+ unsigned long colors[NUMCOLS];
+ } Lock;
+
++static int pam_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr);
++struct pam_conv pamc = {pam_conv, NULL};
++char passwd[256];
+ static Lock **locks;
+ static int nscreens;
+ static Bool running = True;
+_AT_@ -112,6 +117,31 @@ getpw(void)
+ }
+ #endif
+
++static int
++pam_conv(int num_msg, const struct pam_message **msg,
++ struct pam_response **resp, void *appdata_ptr)
++{
++ int retval = PAM_CONV_ERR;
++ for(int i=0; i<num_msg; i++) {
++ if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF &&
++ strncmp(msg[i]->msg, "Password: ", 10) == 0) {
++ struct pam_response *resp_msg = malloc(sizeof(struct pam_response));
++ if (!resp_msg)
++ die("malloc failed");
++ char *password = malloc(strlen(passwd) + 1);
++ if (!password)
++ die("malloc failed");
++ memset(password, 0, strlen(passwd) + 1);
++ strcpy(password, passwd);
++ resp_msg->resp_retcode = 0;
++ resp_msg->resp = password;
++ resp[i] = resp_msg;
++ retval = PAM_SUCCESS;
++ }
++ }
++ return retval;
++}
++
+ static void
+ #ifdef HAVE_BSD_AUTH
+ readpw(Display *dpy)
+_AT_@ -119,12 +149,15 @@ readpw(Display *dpy)
+ readpw(Display *dpy, const char *pws)
+ #endif
+ {
+- char buf[32], passwd[256];
+- int num, screen;
++ char buf[32];
++ struct passwd* pw;
++ int num, screen, retval;
+ unsigned int len, color;
+ KeySym ksym;
+ XEvent ev;
+ static int oldc = INIT;
++ pam_handle_t *pamh;
++
+
+ len = 0;
+ running = True;
+_AT_@ -155,7 +188,19 @@ readpw(Display *dpy, const char *pws)
+ #ifdef HAVE_BSD_AUTH
+ running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd);
+ #else
+- running = !!strcmp(crypt(passwd, pws), pws);
++ pw = getpwuid(getuid());
++ retval = pam_start(pam_service, pw->pw_name, &pamc, &pamh);
++ if (retval == PAM_SUCCESS)
++ retval = pam_authenticate(pamh, 0);
++ if (retval == PAM_SUCCESS)
++ retval = pam_acct_mgmt(pamh, 0);
++
++ running = 1;
++ if (retval == PAM_SUCCESS)
++ running = 0;
++ else
++ fprintf(stderr, "slock: %s
", pam_strerror(pamh, retval));
++ pam_end(pamh, retval);
+ #endif
+ if (running) {
+ XBell(dpy, 100);
Received on Mon May 16 2016 - 17:14:17 CEST