155 lines
4.2 KiB
Diff
155 lines
4.2 KiB
Diff
|
diff --git a/config.def.h b/config.def.h
|
||
|
index 9855e21..19e7f62 100644
|
||
|
--- a/config.def.h
|
||
|
+++ b/config.def.h
|
||
|
@@ -6,7 +6,11 @@ static const char *colorname[NUMCOLS] = {
|
||
|
[INIT] = "black", /* after initialization */
|
||
|
[INPUT] = "#005577", /* during input */
|
||
|
[FAILED] = "#CC3333", /* wrong password */
|
||
|
+ [PAM] = "#9400D3", /* waiting for PAM */
|
||
|
};
|
||
|
|
||
|
/* treat a cleared input like a wrong password (color) */
|
||
|
static const int failonclear = 1;
|
||
|
+
|
||
|
+/* PAM service that's used for authentication */
|
||
|
+static const char* pam_service = "login";
|
||
|
diff --git a/config.mk b/config.mk
|
||
|
index 74429ae..6e82074 100644
|
||
|
--- a/config.mk
|
||
|
+++ b/config.mk
|
||
|
@@ -12,7 +12,7 @@ X11LIB = /usr/X11R6/lib
|
||
|
|
||
|
# includes and libs
|
||
|
INCS = -I. -I/usr/include -I${X11INC}
|
||
|
-LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr
|
||
|
+LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr -lpam
|
||
|
|
||
|
# flags
|
||
|
CPPFLAGS = -DVERSION=\"${VERSION}\" -D_DEFAULT_SOURCE -DHAVE_SHADOW_H
|
||
|
diff --git a/slock.c b/slock.c
|
||
|
index 5ae738c..3a8da42 100644
|
||
|
--- a/slock.c
|
||
|
+++ b/slock.c
|
||
|
@@ -18,16 +18,22 @@
|
||
|
#include <X11/keysym.h>
|
||
|
#include <X11/Xlib.h>
|
||
|
#include <X11/Xutil.h>
|
||
|
+#include <security/pam_appl.h>
|
||
|
+#include <security/pam_misc.h>
|
||
|
|
||
|
#include "arg.h"
|
||
|
#include "util.h"
|
||
|
|
||
|
char *argv0;
|
||
|
+static int pam_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr);
|
||
|
+struct pam_conv pamc = {pam_conv, NULL};
|
||
|
+char passwd[256];
|
||
|
|
||
|
enum {
|
||
|
INIT,
|
||
|
INPUT,
|
||
|
FAILED,
|
||
|
+ PAM,
|
||
|
NUMCOLS
|
||
|
};
|
||
|
|
||
|
@@ -57,6 +63,31 @@ die(const char *errstr, ...)
|
||
|
exit(1);
|
||
|
}
|
||
|
|
||
|
+static int
|
||
|
+pam_conv(int num_msg, const struct pam_message **msg,
|
||
|
+ struct pam_response **resp, void *appdata_ptr)
|
||
|
+{
|
||
|
+ int retval = PAM_CONV_ERR;
|
||
|
+ for(int i=0; i<num_msg; i++) {
|
||
|
+ if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF &&
|
||
|
+ strncmp(msg[i]->msg, "Password: ", 10) == 0) {
|
||
|
+ struct pam_response *resp_msg = malloc(sizeof(struct pam_response));
|
||
|
+ if (!resp_msg)
|
||
|
+ die("malloc failed\n");
|
||
|
+ char *password = malloc(strlen(passwd) + 1);
|
||
|
+ if (!password)
|
||
|
+ die("malloc failed\n");
|
||
|
+ memset(password, 0, strlen(passwd) + 1);
|
||
|
+ strcpy(password, passwd);
|
||
|
+ resp_msg->resp_retcode = 0;
|
||
|
+ resp_msg->resp = password;
|
||
|
+ resp[i] = resp_msg;
|
||
|
+ retval = PAM_SUCCESS;
|
||
|
+ }
|
||
|
+ }
|
||
|
+ return retval;
|
||
|
+}
|
||
|
+
|
||
|
#ifdef __linux__
|
||
|
#include <fcntl.h>
|
||
|
#include <linux/oom.h>
|
||
|
@@ -121,6 +152,8 @@ gethash(void)
|
||
|
}
|
||
|
#endif /* HAVE_SHADOW_H */
|
||
|
|
||
|
+ /* pam, store user name */
|
||
|
+ hash = pw->pw_name;
|
||
|
return hash;
|
||
|
}
|
||
|
|
||
|
@@ -129,11 +162,12 @@ readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens,
|
||
|
const char *hash)
|
||
|
{
|
||
|
XRRScreenChangeNotifyEvent *rre;
|
||
|
- char buf[32], passwd[256], *inputhash;
|
||
|
- int num, screen, running, failure, oldc;
|
||
|
+ char buf[32];
|
||
|
+ int num, screen, running, failure, oldc, retval;
|
||
|
unsigned int len, color;
|
||
|
KeySym ksym;
|
||
|
XEvent ev;
|
||
|
+ pam_handle_t *pamh;
|
||
|
|
||
|
len = 0;
|
||
|
running = 1;
|
||
|
@@ -160,10 +194,26 @@ readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens,
|
||
|
case XK_Return:
|
||
|
passwd[len] = '\0';
|
||
|
errno = 0;
|
||
|
- if (!(inputhash = crypt(passwd, hash)))
|
||
|
- fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
|
||
|
+ retval = pam_start(pam_service, hash, &pamc, &pamh);
|
||
|
+ color = PAM;
|
||
|
+ for (screen = 0; screen < nscreens; screen++) {
|
||
|
+ XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[color]);
|
||
|
+ XClearWindow(dpy, locks[screen]->win);
|
||
|
+ XRaiseWindow(dpy, locks[screen]->win);
|
||
|
+ }
|
||
|
+ XSync(dpy, False);
|
||
|
+
|
||
|
+ if (retval == PAM_SUCCESS)
|
||
|
+ retval = pam_authenticate(pamh, 0);
|
||
|
+ if (retval == PAM_SUCCESS)
|
||
|
+ retval = pam_acct_mgmt(pamh, 0);
|
||
|
+
|
||
|
+ running = 1;
|
||
|
+ if (retval == PAM_SUCCESS)
|
||
|
+ running = 0;
|
||
|
else
|
||
|
- running = !!strcmp(inputhash, hash);
|
||
|
+ fprintf(stderr, "slock: %s\n", pam_strerror(pamh, retval));
|
||
|
+ pam_end(pamh, retval);
|
||
|
if (running) {
|
||
|
XBell(dpy, 100);
|
||
|
failure = 1;
|
||
|
@@ -339,10 +389,9 @@ main(int argc, char **argv) {
|
||
|
dontkillme();
|
||
|
#endif
|
||
|
|
||
|
+ /* the contents of hash are used to transport the current user name */
|
||
|
hash = gethash();
|
||
|
errno = 0;
|
||
|
- if (!crypt("", hash))
|
||
|
- die("slock: crypt: %s\n", strerror(errno));
|
||
|
|
||
|
if (!(dpy = XOpenDisplay(NULL)))
|
||
|
die("slock: cannot open display\n");
|