Lines 1-116
Link Here
|
1 |
--- config.mk.orig 2013-10-09 16:23:24.000000000 +0200 |
|
|
2 |
+++ config.mk 2013-10-09 16:25:18.000000000 +0200 |
3 |
@@ -18,6 +18,9 @@ |
4 |
CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS} |
5 |
LDFLAGS = -s ${LIBS} |
6 |
|
7 |
+# To enable PAM-based authentication, remove -DHAVE_SHADOW_H from CPPFLAGS |
8 |
+# and add -DHAVE_PAM instead. Also, add -lpam to LDFLAGS. |
9 |
+# |
10 |
# On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH |
11 |
# On OpenBSD and Darwin remove -lcrypt from LIBS |
12 |
|
13 |
--- slock.c.orig 2013-10-09 16:23:14.000000000 +0200 |
14 |
+++ slock.c 2013-10-09 16:23:18.000000000 +0200 |
15 |
@@ -23,6 +23,10 @@ |
16 |
#include <bsd_auth.h> |
17 |
#endif |
18 |
|
19 |
+#if HAVE_PAM |
20 |
+#include <security/pam_appl.h> |
21 |
+#endif |
22 |
+ |
23 |
typedef struct { |
24 |
int screen; |
25 |
Window root, win; |
26 |
@@ -44,7 +48,7 @@ |
27 |
exit(EXIT_FAILURE); |
28 |
} |
29 |
|
30 |
-#ifndef HAVE_BSD_AUTH |
31 |
+#if !defined(HAVE_BSD_AUTH) && !defined(HAVE_PAM) |
32 |
static const char * |
33 |
getpw(void) { /* only run as root */ |
34 |
const char *rval; |
35 |
@@ -74,8 +78,41 @@ |
36 |
} |
37 |
#endif |
38 |
|
39 |
+#ifdef HAVE_PAM |
40 |
+static int |
41 |
+slock_conv (int nof_msg, const struct pam_message **msg, struct pam_response **resp, void *data) { |
42 |
+ struct pam_response *r = calloc (nof_msg, sizeof **resp); |
43 |
+ if (r == NULL) { |
44 |
+ die("slock: malloc: %s", strerror(errno)); |
45 |
+ } |
46 |
+ |
47 |
+ while (nof_msg--) { |
48 |
+ r[nof_msg].resp_retcode = 0; |
49 |
+ r[nof_msg].resp = strdup (data); |
50 |
+ } |
51 |
+ |
52 |
+ *resp = r; |
53 |
+ |
54 |
+ return PAM_SUCCESS; |
55 |
+} |
56 |
+ |
57 |
+static int |
58 |
+auth_pam (const char *user, char *pass) { |
59 |
+ static struct pam_conv conv = {slock_conv, NULL}; |
60 |
+ pam_handle_t *ph; |
61 |
+ |
62 |
+ conv.appdata_ptr = pass; |
63 |
+ |
64 |
+ if (pam_start("slock", user, &conv, &ph) != PAM_SUCCESS) { |
65 |
+ die("slock: pam_start"); |
66 |
+ } |
67 |
+ |
68 |
+ return (pam_authenticate(ph, 0) == PAM_SUCCESS); |
69 |
+} |
70 |
+#endif |
71 |
+ |
72 |
static void |
73 |
-#ifdef HAVE_BSD_AUTH |
74 |
+#if defined(HAVE_BSD_AUTH) || defined(HAVE_PAM) |
75 |
readpw(Display *dpy) |
76 |
#else |
77 |
readpw(Display *dpy, const char *pws) |
78 |
@@ -111,8 +148,10 @@ |
79 |
switch(ksym) { |
80 |
case XK_Return: |
81 |
passwd[len] = 0; |
82 |
-#ifdef HAVE_BSD_AUTH |
83 |
+#if defined (HAVE_BSD_AUTH) |
84 |
running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd); |
85 |
+#elif defined (HAVE_PAM) |
86 |
+ running = !auth_pam(getlogin(), passwd); |
87 |
#else |
88 |
running = strcmp(crypt(passwd, pws), pws); |
89 |
#endif |
90 |
@@ -233,7 +272,7 @@ |
91 |
|
92 |
int |
93 |
main(int argc, char **argv) { |
94 |
-#ifndef HAVE_BSD_AUTH |
95 |
+#if !defined(HAVE_BSD_AUTH) && !defined(HAVE_PAM) |
96 |
const char *pws; |
97 |
#endif |
98 |
Display *dpy; |
99 |
@@ -247,7 +286,7 @@ |
100 |
if(!getpwuid(getuid())) |
101 |
die("slock: no passwd entry for you"); |
102 |
|
103 |
-#ifndef HAVE_BSD_AUTH |
104 |
+#if !defined(HAVE_BSD_AUTH) && !defined(HAVE_PAM) |
105 |
pws = getpw(); |
106 |
#endif |
107 |
|
108 |
@@ -273,7 +312,7 @@ |
109 |
} |
110 |
|
111 |
/* Everything is now blank. Now wait for the correct password. */ |
112 |
-#ifdef HAVE_BSD_AUTH |
113 |
+#if defined(HAVE_BSD_AUTH) || defined(HAVE_PAM) |
114 |
readpw(dpy); |
115 |
#else |
116 |
readpw(dpy, pws); |