xtrlock package, patch for pam authorization attached
Hello,
A patch for using pam authorization. It is not "in the spirit" of
pam since password authorization is assumed, but I did not want
to use the suid-bit or modify the original code too much.
Activated by compiling with "-DPAM". An option "-a" is added for
testing the authorization (it is annoying to accidently lock X while
testing).
It identifies as "xlock", so the same pam entry can be used, e.g
a /etc/pam.d/xlock file containing;
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
Best Regards,
Lars Ekman
diff -Naur xtrlock-2.0.org/Makefile.noimake xtrlock-2.0/Makefile.noimake
--- xtrlock-2.0.org/Makefile.noimake 1995-11-07 15:51:48.000000000 +0100
+++ xtrlock-2.0/Makefile.noimake 2004-03-14 12:46:16.000000000 +0100
@@ -13,9 +13,9 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
-LDLIBS=-lX11
+LDLIBS=-L/usr/X11R6/lib -lX11 -lpam -lpam_misc
CC=gcc
-CFLAGS=-Wall
+CFLAGS=-Wall -DPAM
INSTALL=install
xtrlock: xtrlock.o
diff -Naur xtrlock-2.0.org/xtrlock.c xtrlock-2.0/xtrlock.c
--- xtrlock-2.0.org/xtrlock.c 2002-09-01 06:46:29.000000000 +0200
+++ xtrlock-2.0/xtrlock.c 2004-03-14 13:39:06.000000000 +0100
@@ -54,6 +54,45 @@
#define GOODWILLPORTION 0.3
struct passwd *pw;
+#ifdef PAM
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+static char const* thepasswd = 0;
+static int conv(
+ int num_msg, const struct pam_message **msg,
+ struct pam_response **resp, void *appdata_ptr)
+{
+ int i;
+ struct pam_response* r;
+ if (num_msg < 1 || msg[i]->msg_style != PAM_PROMPT_ECHO_OFF)
+ return PAM_CONV_ERR;
+ r = (struct pam_response*)calloc(num_msg, sizeof(struct pam_response));
+ if (r == NULL) return PAM_CONV_ERR;
+ r[0].resp = strdup(thepasswd);
+ *resp = r;
+ return PAM_SUCCESS;
+}
+
+int passwordok(const char *s)
+{
+ int rc;
+ pam_handle_t* pamh;
+ struct pam_conv pam_conversation = {conv, 0};
+
+ if (s == 0) {
+ pam_conversation.conv = misc_conv;
+ }
+
+ thepasswd = s;
+ rc = pam_start("xlock", pw->pw_name, &pam_conversation, &pamh);
+ if (rc != PAM_SUCCESS) return 0;
+
+ rc = pam_authenticate(pamh, 0);
+ (void)pam_end(pamh, PAM_SUCCESS);
+ return (rc == PAM_SUCCESS);
+}
+#else
int passwordok(const char *s) {
#if 0
char key[3];
@@ -70,6 +109,7 @@
return !strcmp(crypt(s, pw->pw_passwd), pw->pw_passwd);
#endif
}
+#endif
int main(int argc, char **argv){
XEvent ev;
@@ -86,11 +126,12 @@
struct spwd *sp;
#endif
+#ifndef PAM
if (argc != 1) {
fprintf(stderr,"xtrlock (version %s): no arguments allowed\n",program_version);
exit(1);
}
-
+
errno=0; pw= getpwuid(getuid());
if (!pw) { perror("password entry for uid not found"); exit(1); }
#ifdef SHADOW_PWD
@@ -111,7 +152,19 @@
if (strlen(pw->pw_passwd) < 13) {
fputs("password entry has no pwd\n",stderr); exit(1);
}
-
+#else
+ errno=0; pw= getpwuid(getuid());
+ if (!pw) { perror("password entry for uid not found"); exit(1); }
+ if (argc != 1) {
+ if (strcmp(argv[1], "-a") == 0)
+ printf("Authentication: %s\n", passwordok(0)?"OK":"FAILED");
+ else
+ fprintf(stderr,"xtrlock (version %s): no arguments allowed\n",
+ program_version);
+ exit(1);
+ }
+#endif
+
display= XOpenDisplay(0);
if (display==NULL) {
@@ -204,6 +257,7 @@
}
break;
default:
+ ;
}
}
loop_x:
Reply to: