- remove the unfinished bsd_auth support for now ; I got late on this and
I'd rather finish/modify it outside of the tree when I have more time. ok jasper@
This commit is contained in:
ajacoutot
parent
44a008f72d
commit
9959eb2a5f
@ -1,4 +1,4 @@
|
||||
# $OpenBSD: Makefile,v 1.52 2008/11/29 11:29:07 ajacoutot Exp $
|
||||
# $OpenBSD: Makefile,v 1.53 2008/12/28 15:45:31 ajacoutot Exp $
|
||||
|
||||
COMMENT-main= screen saver and locker for the X Window System
|
||||
COMMENT-data= graphical demos (savers) for screensavers
|
||||
@ -6,7 +6,7 @@ COMMENT-gle= OpenGL Extrusion library support for screensaver-data
|
||||
|
||||
V= 5.07
|
||||
DISTNAME= xscreensaver-${V}
|
||||
PKGNAME-main= ${DISTNAME}p3
|
||||
PKGNAME-main= ${DISTNAME}p4
|
||||
PKGNAME-data= xscreensaver-data-${V}
|
||||
PKGNAME-gle= xscreensaver-gle-${V}
|
||||
|
||||
@ -83,7 +83,6 @@ CONFIGURE_ARGS+= --without-gle
|
||||
.endif
|
||||
|
||||
post-extract:
|
||||
cp ${FILESDIR}/passwd-bsd_auth.c ${WRKSRC}/driver/
|
||||
cp ${FILESDIR}/migrate-xscreensaver-config.sh ${WRKSRC}/hacks/config
|
||||
cp ${FILESDIR}/xscreensaver-config.xsl ${WRKSRC}/hacks/config
|
||||
|
||||
|
||||
@ -1,83 +0,0 @@
|
||||
/* $OpenBSD: passwd-bsd_auth.c,v 1.3 2008/11/04 15:28:41 ajacoutot Exp $
|
||||
* passwd-bsd_auth.c --- verifying typed passwords with bsd_auth(3)
|
||||
*
|
||||
* Copyright (c) 2008 Antoine Jacoutot <ajacoutot@openbsd.org>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#ifndef NO_LOCKING /* whole file */
|
||||
|
||||
#include <stdio.h>
|
||||
#include <signal.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#ifdef HAVE_UNISTD_H
|
||||
# include <unistd.h>
|
||||
#endif
|
||||
#include <pwd.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <login_cap.h>
|
||||
#include <bsd_auth.h>
|
||||
|
||||
/* xscreensaver.h */
|
||||
#ifdef HAVE_SIGACTION
|
||||
extern sigset_t block_sigchld (void);
|
||||
#else /* !HAVE_SIGACTION */
|
||||
extern int block_sigchld (void);
|
||||
#endif /* !HAVE_SIGACTION */
|
||||
extern void unblock_sigchld (void);
|
||||
|
||||
extern int bsdauth_passwd_valid_p (const char *typed_passwd, int verbose_p);
|
||||
|
||||
int
|
||||
bsdauth_passwd_valid_p (const char *typed_passwd, int verbose_p)
|
||||
{
|
||||
int res;
|
||||
struct passwd *pw;
|
||||
|
||||
pw = getpwuid(getuid());
|
||||
|
||||
if (pw != NULL) {
|
||||
block_sigchld();
|
||||
|
||||
/*
|
||||
XXX It should be possible to specify an authentication style by
|
||||
appending it to the user's name with a single colon (`:') as a separator
|
||||
but xscreensaver does not allow to modify username (yet?).
|
||||
*/
|
||||
#ifdef ALLOW_ROOT_PASSWD
|
||||
res = (auth_userokay(pw->pw_name, NULL, "auth-xscreensaver", typed_passwd)) ||
|
||||
(auth_userokay("root", "passwd", "auth-xscreensaver", typed_passwd));
|
||||
#else
|
||||
res = (auth_userokay(pw->pw_name, NULL, "auth-xscreensaver", typed_passwd));
|
||||
#endif
|
||||
|
||||
unblock_sigchld();
|
||||
|
||||
if (res)
|
||||
return 1;
|
||||
else
|
||||
return 0;
|
||||
} else {
|
||||
fprintf(stderr, "getpwuid: couldn't get user ID.\n");
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* NO_LOCKING -- whole file */
|
||||
@ -1,14 +0,0 @@
|
||||
$OpenBSD: patch-config_h_in,v 1.1 2008/10/27 19:49:39 ajacoutot Exp $
|
||||
--- config.h.in.orig Sat Oct 25 00:54:48 2008
|
||||
+++ config.h.in Sat Oct 25 00:56:33 2008
|
||||
@@ -440,6 +440,10 @@
|
||||
/* Define if you have PAM and pam_strerror() requires two arguments. */
|
||||
#undef PAM_STRERROR_TWO_ARGS
|
||||
|
||||
+/* Define if you want to use bsd_auth(3) authentication to lock/unlock
|
||||
+ the screen instead of your local password. */
|
||||
+#undef BSD_AUTH
|
||||
+
|
||||
/* Set the name of the password helper program, if any */
|
||||
#undef PASSWD_HELPER_PROGRAM
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
$OpenBSD: patch-configure,v 1.9 2008/10/27 19:49:39 ajacoutot Exp $
|
||||
$OpenBSD: patch-configure,v 1.10 2008/12/28 15:45:31 ajacoutot Exp $
|
||||
--- configure.orig Mon Aug 11 07:11:59 2008
|
||||
+++ configure Sun Oct 26 13:43:50 2008
|
||||
@@ -9372,7 +9372,7 @@ if test "${ac_cv_lib_intl_bindtextdomain+set}" = set;
|
||||
@ -54,19 +54,3 @@ $OpenBSD: patch-configure,v 1.9 2008/10/27 19:49:39 ajacoutot Exp $
|
||||
fi
|
||||
|
||||
fi
|
||||
@@ -20179,6 +20179,15 @@ fi
|
||||
PASSWD_SRCS="$PASSWD_SRCS \$(PWENT_SRCS)"
|
||||
PASSWD_OBJS="$PASSWD_OBJS \$(PWENT_OBJS)"
|
||||
|
||||
+# OpenBSD uses bsd_auth(3)
|
||||
+case "$host" in
|
||||
+ *-openbsd*)
|
||||
+ PASSWD_SRCS="$PASSWD_SRCS \$(BSD_AUTH_SRCS)"
|
||||
+ PASSWD_OBJS="$PASSWD_OBJS \$(BSD_AUTH_OBJS)"
|
||||
+ cat >>confdefs.h <<\_ACEOF
|
||||
+#define BSD_AUTH 1
|
||||
+_ACEOF
|
||||
+esac
|
||||
|
||||
if test "$enable_locking" = yes; then
|
||||
LOCK_SRCS='$(LOCK_SRCS_1) $(PASSWD_SRCS)'
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
$OpenBSD: patch-driver_Makefile_in,v 1.4 2008/10/27 19:49:39 ajacoutot Exp $
|
||||
$OpenBSD: patch-driver_Makefile_in,v 1.5 2008/12/28 15:45:31 ajacoutot Exp $
|
||||
--- driver/Makefile.in.orig Mon Aug 11 07:11:59 2008
|
||||
+++ driver/Makefile.in Thu Oct 23 15:51:54 2008
|
||||
@@ -10,7 +10,7 @@ VPATH = @srcdir@
|
||||
@ -10,13 +10,3 @@ $OpenBSD: patch-driver_Makefile_in,v 1.4 2008/10/27 19:49:39 ajacoutot Exp $
|
||||
prefix = @prefix@
|
||||
exec_prefix = @exec_prefix@
|
||||
bindir = @bindir@
|
||||
@@ -108,6 +108,9 @@ PAM_OBJS = passwd-pam.o
|
||||
|
||||
PWHELPER_SRCS = passwd-helper.c
|
||||
PWHELPER_OBJS = passwd-helper.o
|
||||
+
|
||||
+BSD_AUTH_SRCS = passwd-bsd_auth.c
|
||||
+BSD_AUTH_OBJS = passwd-bsd_auth.o
|
||||
|
||||
LOCK_SRCS_1 = lock.c passwd.c
|
||||
LOCK_OBJS_1 = lock.o passwd.o
|
||||
|
||||
@ -1,16 +0,0 @@
|
||||
$OpenBSD: patch-driver_passwd-pwent_c,v 1.1 2008/10/27 19:49:39 ajacoutot Exp $
|
||||
--- driver/passwd-pwent.c.orig Thu Oct 23 16:10:09 2008
|
||||
+++ driver/passwd-pwent.c Thu Oct 23 16:13:00 2008
|
||||
@@ -200,10 +200,10 @@ get_encrypted_passwd(const char *user)
|
||||
*s = 0;
|
||||
}
|
||||
|
||||
-#ifndef HAVE_PAM
|
||||
+#if !defined(HAVE_PAM) && !defined(BSD_AUTH)
|
||||
/* We only issue this warning if not compiled with support for PAM.
|
||||
If we're using PAM, it's not unheard of that normal pwent passwords
|
||||
- would be unavailable. */
|
||||
+ would be unavailable. This is also true if we use bsd_auth(3). */
|
||||
|
||||
if (!result)
|
||||
fprintf (stderr, "%s: couldn't get password of \"%s\"\n",
|
||||
@ -1,24 +0,0 @@
|
||||
$OpenBSD: patch-driver_passwd_c,v 1.1 2008/10/27 19:49:39 ajacoutot Exp $
|
||||
--- driver/passwd.c.orig Sun Mar 2 06:04:35 2008
|
||||
+++ driver/passwd.c Sat Oct 25 01:04:27 2008
|
||||
@@ -78,6 +78,9 @@ extern void pam_try_unlock (saver_info *si, Bool verbo
|
||||
extern Bool ext_priv_init (int argc, char **argv, Bool verbose_p);
|
||||
extern Bool ext_passwd_valid_p (const char *typed_passwd, Bool verbose_p);
|
||||
#endif
|
||||
+#ifdef BSD_AUTH
|
||||
+extern Bool bsdauth_passwd_valid_p (const char *typed_passwd, Bool verbose_p);
|
||||
+#endif
|
||||
extern Bool pwent_lock_init (int argc, char **argv, Bool verbose_p);
|
||||
extern Bool pwent_priv_init (int argc, char **argv, Bool verbose_p);
|
||||
extern Bool pwent_passwd_valid_p (const char *typed_passwd, Bool verbose_p);
|
||||
@@ -104,6 +107,10 @@ struct auth_methods methods[] = {
|
||||
{ "external", 0, ext_priv_init, ext_passwd_valid_p, 0,
|
||||
False, False },
|
||||
# endif
|
||||
+# ifdef BSD_AUTH
|
||||
+ { "bsd_auth", 0, 0, bsdauth_passwd_valid_p, 0,
|
||||
+ False, False },
|
||||
+#endif
|
||||
{ "normal", pwent_lock_init, pwent_priv_init, pwent_passwd_valid_p, 0,
|
||||
False, False }
|
||||
};
|
||||
@ -1,25 +0,0 @@
|
||||
$OpenBSD: patch-driver_setuid_c,v 1.1 2008/10/27 19:49:39 ajacoutot Exp $
|
||||
--- driver/setuid.c.orig Thu Feb 9 03:33:29 2006
|
||||
+++ driver/setuid.c Sun Oct 26 13:48:27 2008
|
||||
@@ -260,9 +260,21 @@ hack_uid (saver_info *si)
|
||||
|
||||
si->orig_uid = strdup (uid_gid_string (euid, egid));
|
||||
|
||||
+#ifdef BSD_AUTH
|
||||
+# ifdef __OpenBSD__ /* needs to run setgid auth (11) */
|
||||
+ if (uid != euid || egid != 11)
|
||||
+ if (set_ids_by_number (uid, 11, &si->uid_message) != 0)
|
||||
+ {
|
||||
+ fprintf (stderr,
|
||||
+ "Error: xscreensaver needs to be installed setgid \"auth\" under OpenBSD.\n");
|
||||
+ saver_exit (si, 1, 0);
|
||||
+ }
|
||||
+# endif
|
||||
+#else /* !BSD_AUTH */
|
||||
if (uid != euid || gid != egid)
|
||||
if (set_ids_by_number (uid, gid, &si->uid_message) != 0)
|
||||
saver_exit (si, 1, 0);
|
||||
+#endif
|
||||
}
|
||||
|
||||
|
||||
@ -1,4 +0,0 @@
|
||||
xscreensaver is not installed setuid anymore which will prevent
|
||||
unlocking the screen using the root password. If you need this behavior
|
||||
back, you can add the setuid bit to the xscreensaver binary. As root:
|
||||
chmod u+s ${PREFIX}/bin/xscreensaver
|
||||
@ -1,11 +1,9 @@
|
||||
@comment $OpenBSD: PLIST-main,v 1.1 2008/11/29 11:29:07 ajacoutot Exp $
|
||||
@comment $OpenBSD: PLIST-main,v 1.2 2008/12/28 15:45:31 ajacoutot Exp $
|
||||
@pkgpath x11/xscreensaver,no_gle
|
||||
@pkgpath x11/xscreensaver
|
||||
@mode g+s
|
||||
@group auth
|
||||
@mode 4755
|
||||
bin/xscreensaver
|
||||
@mode
|
||||
@group
|
||||
@bin bin/xscreensaver-command
|
||||
@bin bin/xscreensaver-demo
|
||||
@bin bin/xscreensaver-getimage
|
||||
|
||||
Loading…
Reference in New Issue
Block a user