Attachment #180251 for bug #217270

Lines 2-8 Link Here

(-)Makefile (-1 / +1 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= slock	4	PORTNAME= slock
5	PORTVERSION= 1.3	5	PORTVERSION= 1.4
6	CATEGORIES= x11	6	CATEGORIES= x11
7	MASTER_SITES= http://dl.suckless.org/tools/	7	MASTER_SITES= http://dl.suckless.org/tools/
8		8

Lines 1-2 Link Here

(-)distinfo (-2 / +3 lines)
1	SHA256 (slock-1.3.tar.gz) = bab4a3aea4046aa0fd0361c3649b79b90ca531bc5dfae3c4a6c0fe436152bd18	1	TIMESTAMP = 1487670784
2	SIZE (slock-1.3.tar.gz) = 5943	2	SHA256 (slock-1.4.tar.gz) = b53849dbc60109a987d7a49b8da197305c29307fd74c12dc18af0d3044392e6a
		3	SIZE (slock-1.4.tar.gz) = 6889

Lines 1-11 Link Here

(-)files/patch-config.mk (-7 / +9 lines)
1	--- config.mk.orig 2013-10-09 16:23:24.000000000 +0200	1	--- config.mk.orig 2016-11-20 00:31:23 UTC
2	+++ config.mk 2013-10-09 16:25:18.000000000 +0200	2	+++ config.mk
3	@@ -18,6 +18,9 @@	3	@@ -22,6 +22,10 @@ COMPATSRC = explicit_bzero.c
4	CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}
5	LDFLAGS = -s ${LIBS}
6		4
		5	# On OpenBSD and Darwin remove -lcrypt from LIBS
		6	#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr
		7	+
7	+# To enable PAM-based authentication, remove -DHAVE_SHADOW_H from CPPFLAGS	8	+# To enable PAM-based authentication, remove -DHAVE_SHADOW_H from CPPFLAGS
8	+# and add -DHAVE_PAM instead. Also, add -lpam to LDFLAGS.	9	+# and add -DHAVE_PAM instead. Also, add -lpam to LDFLAGS.
9	+#	10	+#
10	# On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH	11	# On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS
11	# On OpenBSD and Darwin remove -lcrypt from LIBS	12	# On NetBSD add -D_NETBSD_SOURCE to CPPFLAGS
		13	#CPPFLAGS = -DVERSION=\"${VERSION}\" -D_BSD_SOURCE -D_NETBSD_SOURCE




--- slock.c.orig	2016-02-17 12:36:44.640577000 -0800
+++ slock.c	2016-02-17 12:48:20.966625000 -0800
@@ -23,6 +23,10 @@
 #include <bsd_auth.h>
 #endif
 
+#if HAVE_PAM
+#include <security/pam_appl.h>
+#endif
+
 enum {
 	INIT,
 	INPUT,
@@ -85,7 +89,7 @@
 }
 #endif
 
-#ifndef HAVE_BSD_AUTH
+#if !defined(HAVE_BSD_AUTH) && !defined(HAVE_PAM)
 /* only run as root */
 static const char *
 getpw(void)
@@ -119,8 +123,41 @@
 }
 #endif
 
+#ifdef HAVE_PAM
+static int
+slock_conv (int nof_msg, const struct pam_message **msg, struct pam_response **resp, void *data) {
+	struct pam_response *r = calloc (nof_msg, sizeof **resp);
+	if (r == NULL) {
+		die("slock: malloc: %s", strerror(errno));
+	}
+
+	while (nof_msg--) {
+		r[nof_msg].resp_retcode = 0;
+		r[nof_msg].resp = strdup (data);
+	}
+
+	*resp = r;
+
+	return PAM_SUCCESS;
+}
+
+static int
+auth_pam (const char *user, char *pass) {
+	static struct pam_conv conv = {slock_conv, NULL};
+	pam_handle_t *ph;
+
+	conv.appdata_ptr = pass;
+
+	if (pam_start("slock", user, &conv, &ph) != PAM_SUCCESS) {
+		die("slock: pam_start");
+	}
+
+	return (pam_authenticate(ph, 0) == PAM_SUCCESS);
+}
+#endif
+
 static void
-#ifdef HAVE_BSD_AUTH
+#if defined(HAVE_BSD_AUTH) || defined(HAVE_PAM)
 readpw(Display *dpy)
 #else
 readpw(Display *dpy, const char *pws)
@@ -159,8 +196,10 @@
 			switch (ksym) {
 			case XK_Return:
 				passwd[len] = 0;
-#ifdef HAVE_BSD_AUTH
+#if defined (HAVE_BSD_AUTH)
 				running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd);
+#elif defined (HAVE_PAM)
+				running = !auth_pam(getlogin(), passwd);
 #else
 				running = !!strcmp(crypt(passwd, pws), pws);
 #endif
@@ -289,7 +328,7 @@
 
 int
 main(int argc, char **argv) {
-#ifndef HAVE_BSD_AUTH
+#if !defined(HAVE_BSD_AUTH) && !defined(HAVE_PAM)
 	const char *pws;
 #endif
 	Display *dpy;
@@ -308,7 +347,7 @@
 	if (!getpwuid(getuid()))
 		die("slock: no passwd entry for you\n");
 
-#ifndef HAVE_BSD_AUTH
+#if !defined(HAVE_BSD_AUTH) && !defined(HAVE_PAM)
 	pws = getpw();
 #endif
 
@@ -341,7 +380,7 @@
 	}
 
 	/* Everything is now blank. Now wait for the correct password. */
-#ifdef HAVE_BSD_AUTH
+#if defined(HAVE_BSD_AUTH) || defined(HAVE_PAM)
 	readpw(dpy);
 #else
 	readpw(dpy, pws);

Return to bug 217270

Lines 1-104 Link Here

(-)files/patch-slock.c (-104 lines)
1	--- slock.c.orig 2016-02-17 12:36:44.640577000 -0800
2	+++ slock.c 2016-02-17 12:48:20.966625000 -0800
3	@@ -23,6 +23,10 @@
4	#include <bsd_auth.h>
5	#endif
6
7	+#if HAVE_PAM
8	+#include <security/pam_appl.h>
9	+#endif
10	+
11	enum {
12	INIT,
13	INPUT,
14	@@ -85,7 +89,7 @@
15	}
16	#endif
17
18	-#ifndef HAVE_BSD_AUTH
19	+#if !defined(HAVE_BSD_AUTH) && !defined(HAVE_PAM)
20	/* only run as root */
21	static const char *
22	getpw(void)
23	@@ -119,8 +123,41 @@
24	}
25	#endif
26
27	+#ifdef HAVE_PAM
28	+static int
29	+slock_conv (int nof_msg, const struct pam_message msg, struct pam_response resp, void *data) {
30	+ struct pam_response r = calloc (nof_msg, sizeof *resp);
31	+ if (r == NULL) {
32	+ die("slock: malloc: %s", strerror(errno));
33	+ }
34	+
35	+ while (nof_msg--) {
36	+ r[nof_msg].resp_retcode = 0;
37	+ r[nof_msg].resp = strdup (data);
38	+ }
39	+
40	+ *resp = r;
41	+
42	+ return PAM_SUCCESS;
43	+}
44	+
45	+static int
46	+auth_pam (const char user, char pass) {
47	+ static struct pam_conv conv = {slock_conv, NULL};
48	+ pam_handle_t *ph;
49	+
50	+ conv.appdata_ptr = pass;
51	+
52	+ if (pam_start("slock", user, &conv, &ph) != PAM_SUCCESS) {
53	+ die("slock: pam_start");
54	+ }
55	+
56	+ return (pam_authenticate(ph, 0) == PAM_SUCCESS);
57	+}
58	+#endif
59	+
60	static void
61	-#ifdef HAVE_BSD_AUTH
62	+#if defined(HAVE_BSD_AUTH) \|\| defined(HAVE_PAM)
63	readpw(Display *dpy)
64	#else
65	readpw(Display dpy, const char pws)
66	@@ -159,8 +196,10 @@
67	switch (ksym) {
68	case XK_Return:
69	passwd[len] = 0;
70	-#ifdef HAVE_BSD_AUTH
71	+#if defined (HAVE_BSD_AUTH)
72	running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd);
73	+#elif defined (HAVE_PAM)
74	+ running = !auth_pam(getlogin(), passwd);
75	#else
76	running = !!strcmp(crypt(passwd, pws), pws);
77	#endif
78	@@ -289,7 +328,7 @@
79
80	int
81	main(int argc, char **argv) {
82	-#ifndef HAVE_BSD_AUTH
83	+#if !defined(HAVE_BSD_AUTH) && !defined(HAVE_PAM)
84	const char *pws;
85	#endif
86	Display *dpy;
87	@@ -308,7 +347,7 @@
88	if (!getpwuid(getuid()))
89	die("slock: no passwd entry for you\n");
90
91	-#ifndef HAVE_BSD_AUTH
92	+#if !defined(HAVE_BSD_AUTH) && !defined(HAVE_PAM)
93	pws = getpw();
94	#endif
95
96	@@ -341,7 +380,7 @@
97	}
98
99	/* Everything is now blank. Now wait for the correct password. */
100	-#ifdef HAVE_BSD_AUTH
101	+#if defined(HAVE_BSD_AUTH) \|\| defined(HAVE_PAM)
102	readpw(dpy);
103	#else
104	readpw(dpy, pws);