e5418e60c1
upstream. ok tb@ gsoares@ Note: if using this with i3 like this: bindsym $mod+Mod1+l exec "slock" you'll need to add --release: bindsym --release $mod+Mod1+l exec "slock"
120 lines
2.8 KiB
Plaintext
120 lines
2.8 KiB
Plaintext
$OpenBSD: patch-slock_c,v 1.4 2020/05/24 17:24:24 sthen Exp $
|
|
|
|
Add back bsd-auth support, removed in 04143fd68dbc
|
|
|
|
Index: slock.c
|
|
--- slock.c.orig
|
|
+++ slock.c
|
|
@@ -19,6 +19,11 @@
|
|
#include <X11/Xlib.h>
|
|
#include <X11/Xutil.h>
|
|
|
|
+#if HAVE_BSD_AUTH
|
|
+#include <login_cap.h>
|
|
+#include <bsd_auth.h>
|
|
+#endif
|
|
+
|
|
#include "arg.h"
|
|
#include "util.h"
|
|
|
|
@@ -83,6 +88,7 @@ dontkillme(void)
|
|
}
|
|
#endif
|
|
|
|
+#ifndef HAVE_BSD_AUTH
|
|
static const char *
|
|
gethash(void)
|
|
{
|
|
@@ -123,13 +129,21 @@ gethash(void)
|
|
|
|
return hash;
|
|
}
|
|
+#endif /* HAVE_BSD_AUTH */
|
|
|
|
static void
|
|
+#ifdef HAVE_BSD_AUTH
|
|
+readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens)
|
|
+#else
|
|
readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens,
|
|
const char *hash)
|
|
+#endif
|
|
{
|
|
XRRScreenChangeNotifyEvent *rre;
|
|
- char buf[32], passwd[256], *inputhash;
|
|
+ char buf[32], passwd[256];
|
|
+#ifndef HAVE_BSD_AUTH
|
|
+ char *inputhash;
|
|
+#endif
|
|
int num, screen, running, failure, oldc;
|
|
unsigned int len, color;
|
|
KeySym ksym;
|
|
@@ -160,10 +174,14 @@ readpw(Display *dpy, struct xrandr *rr, struct lock **
|
|
case XK_Return:
|
|
passwd[len] = '\0';
|
|
errno = 0;
|
|
+#ifdef HAVE_BSD_AUTH
|
|
+ running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
|
|
+#else
|
|
if (!(inputhash = crypt(passwd, hash)))
|
|
fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
|
|
else
|
|
running = !!strcmp(inputhash, hash);
|
|
+#endif
|
|
if (running) {
|
|
XBell(dpy, 100);
|
|
failure = 1;
|
|
@@ -303,7 +321,9 @@ main(int argc, char **argv) {
|
|
struct group *grp;
|
|
uid_t duid;
|
|
gid_t dgid;
|
|
+#ifndef HAVE_BSD_AUTH
|
|
const char *hash;
|
|
+#endif
|
|
Display *dpy;
|
|
int s, nlocks, nscreens;
|
|
|
|
@@ -331,14 +351,23 @@ main(int argc, char **argv) {
|
|
dontkillme();
|
|
#endif
|
|
|
|
+#ifndef HAVE_BSD_AUTH
|
|
hash = gethash();
|
|
errno = 0;
|
|
if (!crypt("", hash))
|
|
die("slock: crypt: %s\n", strerror(errno));
|
|
+#endif
|
|
|
|
if (!(dpy = XOpenDisplay(NULL)))
|
|
die("slock: cannot open display\n");
|
|
|
|
+/*
|
|
+ * don't drop groups for bsd-auth, slock runs as the user's normal
|
|
+ * uid, and requires gid auth from the setgid bit. (without bsd-auth
|
|
+ * slock needs to start with uid root or gid _shadow to read spwd.db,
|
|
+ * and is unable to use non-password methods)
|
|
+ */
|
|
+#ifndef HAVE_BSD_AUTH
|
|
/* drop privileges */
|
|
if (setgroups(0, NULL) < 0)
|
|
die("slock: setgroups: %s\n", strerror(errno));
|
|
@@ -346,6 +375,7 @@ main(int argc, char **argv) {
|
|
die("slock: setgid: %s\n", strerror(errno));
|
|
if (setuid(duid) < 0)
|
|
die("slock: setuid: %s\n", strerror(errno));
|
|
+#endif
|
|
|
|
/* check for Xrandr support */
|
|
rr.active = XRRQueryExtension(dpy, &rr.evbase, &rr.errbase);
|
|
@@ -381,7 +411,11 @@ main(int argc, char **argv) {
|
|
}
|
|
|
|
/* everything is now blank. Wait for the correct password */
|
|
+#ifdef HAVE_BSD_AUTH
|
|
+ readpw(dpy, &rr, locks, nscreens);
|
|
+#else
|
|
readpw(dpy, &rr, locks, nscreens, hash);
|
|
+#endif
|
|
|
|
return 0;
|
|
}
|