xtrlock-pam/pam.patch

   1 --- xtrlock-2.0/Makefile.noimake        1995-11-07 15:51:48.000000000 +0100
   2 +++ xtrlock-2.0/Makefile.noimake        2006-08-02 10:14:46.901687000 +0200
   3 @@ -13,17 +13,42 @@
   4  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   5  # GNU General Public License for more details.
   6
   7 -LDLIBS=-lX11
   8 -CC=gcc
   9 -CFLAGS=-Wall
  10 +PAM_LDLIBS = -lpam
  11 +PAM_CFLAGS = -DPAM_PWD
  12 +
  13 +ifdef SHADOW
  14 +SHADOW_LDLIBS =
  15 +SHADOW_CFLAGS = -DSHADOW_PWD
  16 +else
  17 +SHADOW_LDLIBS =
  18 +SHADOW_CFLAGS =
  19 +endif
  20 +
  21 +CC ?= gcc
  22 +override CFLAGS += -Wall $(PAM_CFLAGS) $(SHADOW_CFLAGS)
  23 +override LDFLAGS += -L/usr/X11R6/lib
  24 +override LDLIBS += -lX11 -lcrypt $(PAM_LDLIBS) $(SHADOW_LDLIBS)
  25 +
  26  INSTALL=install
  27
  28 -xtrlock:       xtrlock.o
  29 +first : xtrlock
  30
  31 -xtrlock.o:     xtrlock.c lock.bitmap mask.bitmap patchlevel.h
  32 +clean :
  33 +       rm -fr *.o
  34 +
  35 +distclean:
  36 +       rm -fr *.o xtrlock
  37
  38  install:       xtrlock
  39                 $(INSTALL) -c -m 755 xtrlock /usr/bin/X11
  40
  41  install.man:
  42                 $(INSTALL) -c -m 644 xtrlock.man /usr/man/man1/xtrlock.1x
  43 +
  44 +#
  45 +##########################################################
  46 +xtrlock:       xtrlock.o
  47 +
  48 +xtrlock.o:     xtrlock.c lock.bitmap mask.bitmap patchlevel.h
  49 +
  50 +
  51 --- xtrlock-2.0/xtrlock.c       2005-01-17 11:43:05.000000000 +0100
  52 +++ xtrlock-2.0/xtrlock.c       2006-08-02 10:18:15.264274000 +0200
  53 @@ -1,21 +1,24 @@
  54 -/*
  55 - * xtrlock.c
  56 - *
  57 - * X Transparent Lock
  58 - *
  59 - * Copyright (C)1993,1994 Ian Jackson
  60 - *
  61 - * This is free software; you can redistribute it and/or modify
  62 - * it under the terms of the GNU General Public License as published by
  63 - * the Free Software Foundation; either version 2, or (at your option)
  64 - * any later version.
  65 - *
  66 - * This is distributed in the hope that it will be useful,
  67 - * but WITHOUT ANY WARRANTY; without even the implied warranty of
  68 - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  69 - * GNU General Public License for more details.
  70 - */
  71 +/*------------------------------------------------------------------*\
  72 +   xtrlock.c
  73
  74 +  X Transparent Lock
  75 +
  76 +  Copyright (C)1993,1994 Ian Jackson
  77 +
  78 +  This is free software; you can redistribute it and/or modify
  79 +  it under the terms of the GNU General Public License as published by
  80 +  the Free Software Foundation; either version 2, or (at your option)
  81 +  any later version.
  82 +
  83 +  This is distributed in the hope that it will be useful,
  84 +  but WITHOUT ANY WARRANTY; without even the implied warranty of
  85 +  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  86 +  GNU General Public License for more details.
  87 +
  88 +\*------------------------------------------------------------------*/
  89 +
  90 +/*------------------------------------------------------------------*\
  91 +\*------------------------------------------------------------------*/
  92  #include <X11/X.h>
  93  #include <X11/Xlib.h>
  94  #include <X11/Xutil.h>
  95 @@ -39,21 +42,121 @@
  96
  97  #ifdef SHADOW_PWD
  98  #include <shadow.h>
  99 -#endif
 100 +#endif /* SHADOW_PWD */
 101 +
 102 +#ifdef PAM_PWD
 103 +#include <security/pam_appl.h>
 104 +/* #include <security/pam_misc.h> */
 105 +#endif /* PAM_PWD */
 106 +
 107 +/*----------------------------------------------*\
 108 +\*----------------------------------------------*/
 109
 110  #include "lock.bitmap"
 111  #include "mask.bitmap"
 112  #include "patchlevel.h"
 113
 114 -Display *display;
 115 -Window window, root;
 116 +/*------------------------------------------------------------------*\
 117 +    globals
 118 +\*------------------------------------------------------------------*/
 119
 120  #define TIMEOUTPERATTEMPT 30000
 121  #define MAXGOODWILL  (TIMEOUTPERATTEMPT*5)
 122  #define INITIALGOODWILL MAXGOODWILL
 123  #define GOODWILLPORTION 0.3
 124
 125 +Display *display;
 126 +Window window, root;
 127  struct passwd *pw;
 128 +
 129 +
 130 +/*------------------------------------------------------------------*\
 131 +    pam-related stuff
 132 +
 133 +    taken from pure-ftpd's authstuff, but you can see similar stuff
 134 +    in xlockmore, openssh and basicly all pam-related apps :)
 135 +\*------------------------------------------------------------------*/
 136 +#ifdef PAM_PWD
 137 +#define PAM_YN { \
 138 +    if (PAM_error != 0 || pam_error != PAM_SUCCESS) { \
 139 +        fprintf(stderr, "pam error: %s\n", pam_strerror(pam_handle, pam_error)); \
 140 +        pam_end(pam_handle, pam_error); \
 141 +        return 0;\
 142 +    } \
 143 +}
 144 +
 145 +#define GET_MEM \
 146 +    size += sizeof(struct pam_response); \
 147 +    if ((reply = realloc(reply, size)) == NULL) { \
 148 +        PAM_error = 1; \
 149 +        return PAM_CONV_ERR; \
 150 +    }
 151 +
 152 +static const char* PAM_username = NULL;
 153 +static const char* PAM_password = NULL;
 154 +static int PAM_error = 0;
 155 +static int pam_error = PAM_SUCCESS;
 156 +
 157 +static int PAM_conv(int num_msg, const struct pam_message **msgs,
 158 +                     struct pam_response **resp, void *appdata_ptr) {
 159 +
 160 +    int count = 0;
 161 +    unsigned int replies = 0U;
 162 +    struct pam_response *reply = NULL;
 163 +    size_t size = (size_t) 0U;
 164 +
 165 +    (void) appdata_ptr;
 166 +    *resp = NULL;
 167 +    for (count = 0; count < num_msg; count++) {
 168 +        switch (msgs[count]->msg_style) {
 169 +        case PAM_PROMPT_ECHO_ON:
 170 +            GET_MEM;
 171 +            memset(&reply[replies], 0, sizeof reply[replies]);
 172 +            if ((reply[replies].resp = strdup(PAM_username)) == NULL) {
 173 +#ifdef PAM_BUF_ERR
 174 +                reply[replies].resp_retcode = PAM_BUF_ERR;
 175 +#endif
 176 +                PAM_error = 1;
 177 +                return PAM_CONV_ERR;
 178 +            }
 179 +            reply[replies++].resp_retcode = PAM_SUCCESS;
 180 +            /* PAM frees resp */
 181 +            break;
 182 +        case PAM_PROMPT_ECHO_OFF:
 183 +            GET_MEM;
 184 +            memset(&reply[replies], 0, sizeof reply[replies]);
 185 +            if ((reply[replies].resp = strdup(PAM_password)) == NULL) {
 186 +#ifdef PAM_BUF_ERR
 187 +                reply[replies].resp_retcode = PAM_BUF_ERR;
 188 +#endif
 189 +                PAM_error = 1;
 190 +                return PAM_CONV_ERR;
 191 +            }
 192 +            reply[replies++].resp_retcode = PAM_SUCCESS;
 193 +            /* PAM frees resp */
 194 +            break;
 195 +        case PAM_TEXT_INFO:
 196 +            /* ignore it... */
 197 +            break;
 198 +        case PAM_ERROR_MSG:
 199 +        default:
 200 +            /* Must be an error of some sort... */
 201 +            free(reply);
 202 +            PAM_error = 1;
 203 +            return PAM_CONV_ERR;
 204 +        }
 205 +    }
 206 +    *resp = reply;
 207 +    return PAM_SUCCESS;
 208 +}
 209 +
 210 +static struct pam_conv PAM_conversation = {
 211 +    &PAM_conv, NULL
 212 +};
 213 +#endif
 214 +/*------------------------------------------------------------------*\
 215 +\*------------------------------------------------------------------*/
 216 +
 217  int passwordok(const char *s) {
 218  #if 0
 219    char key[3];
 220 @@ -67,8 +170,21 @@
 221  #else
 222    /* simpler, and should work with crypt() algorithms using longer
 223       salt strings (like the md5-based one on freebsd).  --marekm */
 224 +#ifdef PAM_PWD
 225 +     pam_handle_t* pam_handle = NULL;
 226 +     PAM_username = pw->pw_name;
 227 +     PAM_password = s;
 228 +     pam_error = pam_start("xlock", PAM_username, &PAM_conversation, &pam_handle);
 229 +     PAM_YN;
 230 +     pam_error = pam_authenticate(pam_handle, 0);
 231 +     PAM_YN;
 232 +     pam_error = pam_end(pam_handle, pam_error);
 233 +     PAM_YN;
 234 +     return 1;
 235 +#else
 236    return !strcmp(crypt(s, pw->pw_passwd), pw->pw_passwd);
 237  #endif
 238 +#endif
 239  }
 240
 241  int main(int argc, char **argv){
 242 @@ -82,17 +198,23 @@
 243    Pixmap csr_source,csr_mask;
 244    XColor csr_fg, csr_bg, dummy;
 245    int ret;
 246 +
 247  #ifdef SHADOW_PWD
 248    struct spwd *sp;
 249  #endif
 250
 251    if (argc != 1) {
 252 -    fprintf(stderr,"xtrlock (version %s): no arguments allowed\n",program_version);
 253 +        fprintf(stderr, "xtrlock (version %s): no arguments allowed\n",
 254 +                program_version);
 255      exit(1);
 256    }
 257
 258 -  errno=0;  pw= getpwuid(getuid());
 259 -  if (!pw) { perror("password entry for uid not found"); exit(1); }
 260 +    errno = 0;
 261 +    pw = getpwuid(getuid());
 262 +    if (!pw) {
 263 +        perror("password entry for uid not found");
 264 +        exit(1);
 265 +    }
 266  #ifdef SHADOW_PWD
 267    sp = getspnam(pw->pw_name);
 268    if (sp)
 269 @@ -107,10 +229,11 @@
 270    /* we can be installed setuid root to support shadow passwords,
 271       and we don't need root privileges any longer.  --marekm */
 272    setuid(getuid());
 273 -
 274 +#ifndef PAM_PWD
 275    if (strlen(pw->pw_passwd) < 13) {
 276      fputs("password entry has no pwd\n",stderr); exit(1);
 277    }
 278 +#endif
 279
 280    display= XOpenDisplay(0);
 281