[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

xtrlock package, patch for pam authorization attached



Hello,

A patch for using pam authorization. It is not "in the spirit" of
pam since password authorization is assumed, but I did not want
to use the suid-bit or modify the original code too much.

Activated by compiling with "-DPAM". An option "-a" is added for
testing the authorization (it is annoying to accidently lock X while
testing).

It identifies as "xlock", so the same pam entry can be used, e.g
a /etc/pam.d/xlock file containing;

#%PAM-1.0
auth       required     /lib/security/pam_stack.so service=system-auth


Best Regards,
Lars Ekman


diff -Naur xtrlock-2.0.org/Makefile.noimake xtrlock-2.0/Makefile.noimake
--- xtrlock-2.0.org/Makefile.noimake	1995-11-07 15:51:48.000000000 +0100
+++ xtrlock-2.0/Makefile.noimake	2004-03-14 12:46:16.000000000 +0100
@@ -13,9 +13,9 @@
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 
-LDLIBS=-lX11
+LDLIBS=-L/usr/X11R6/lib -lX11 -lpam -lpam_misc
 CC=gcc
-CFLAGS=-Wall
+CFLAGS=-Wall -DPAM
 INSTALL=install
 
 xtrlock:	xtrlock.o
diff -Naur xtrlock-2.0.org/xtrlock.c xtrlock-2.0/xtrlock.c
--- xtrlock-2.0.org/xtrlock.c	2002-09-01 06:46:29.000000000 +0200
+++ xtrlock-2.0/xtrlock.c	2004-03-14 13:39:06.000000000 +0100
@@ -54,6 +54,45 @@
 #define GOODWILLPORTION 0.3
 
 struct passwd *pw;
+#ifdef PAM
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+static char const* thepasswd = 0;
+static int conv(
+    int num_msg, const struct pam_message **msg,
+    struct pam_response **resp, void *appdata_ptr)
+{
+    int i;
+    struct pam_response* r;
+    if (num_msg < 1 || msg[i]->msg_style != PAM_PROMPT_ECHO_OFF)
+	return PAM_CONV_ERR;
+    r = (struct pam_response*)calloc(num_msg, sizeof(struct pam_response));
+    if (r == NULL) return PAM_CONV_ERR;
+    r[0].resp = strdup(thepasswd);
+    *resp = r;
+    return PAM_SUCCESS;
+}
+
+int passwordok(const char *s) 
+{
+    int rc;
+    pam_handle_t* pamh;
+    struct pam_conv pam_conversation = {conv, 0};
+
+    if (s == 0) {
+	pam_conversation.conv = misc_conv;
+    }
+
+    thepasswd = s;
+    rc = pam_start("xlock", pw->pw_name, &pam_conversation, &pamh);
+    if (rc != PAM_SUCCESS) return 0;
+
+    rc = pam_authenticate(pamh, 0);
+    (void)pam_end(pamh, PAM_SUCCESS);
+    return (rc == PAM_SUCCESS);
+}
+#else
 int passwordok(const char *s) {
 #if 0
   char key[3];
@@ -70,6 +109,7 @@
   return !strcmp(crypt(s, pw->pw_passwd), pw->pw_passwd);
 #endif
 }
+#endif
 
 int main(int argc, char **argv){
   XEvent ev;
@@ -86,11 +126,12 @@
   struct spwd *sp;
 #endif
 
+#ifndef PAM  
   if (argc != 1) {
     fprintf(stderr,"xtrlock (version %s): no arguments allowed\n",program_version);
     exit(1);
   }
-  
+
   errno=0;  pw= getpwuid(getuid());
   if (!pw) { perror("password entry for uid not found"); exit(1); }
 #ifdef SHADOW_PWD
@@ -111,7 +152,19 @@
   if (strlen(pw->pw_passwd) < 13) {
     fputs("password entry has no pwd\n",stderr); exit(1);
   }
-  
+#else
+  errno=0;  pw= getpwuid(getuid());
+  if (!pw) { perror("password entry for uid not found"); exit(1); }
+  if (argc != 1) {
+    if (strcmp(argv[1], "-a") == 0)
+	printf("Authentication: %s\n", passwordok(0)?"OK":"FAILED");
+    else
+	fprintf(stderr,"xtrlock (version %s): no arguments allowed\n",
+		program_version);
+    exit(1);
+  }
+#endif
+
   display= XOpenDisplay(0);
 
   if (display==NULL) {
@@ -204,6 +257,7 @@
       }
       break;
     default:
+	;
     }
   }
  loop_x:

Reply to: