diff options
| author | Drew DeVault <sir@cmpwn.com> | 2018-09-28 12:18:54 +0200 |
|---|---|---|
| committer | Drew DeVault <sir@cmpwn.com> | 2018-09-28 13:53:01 +0200 |
| commit | c9773491207d36d6f5e651adcb7a64c7a015bba3 (patch) | |
| tree | ed2d195ac03609bdb1b3132d1ef748ad59132e8a /swaylock/password.c | |
| parent | 58af0015170204de6d186f0f25cd0b9315d062d7 (diff) | |
Add support for building swaylock without PAM
This involves setuid'ing swaylock, which then forks and drops perms on
the parent process. The child process remains root and listens on a pipe
for requests to validate passwords against /etc/shadow.
Diffstat (limited to 'swaylock/password.c')
| -rw-r--r-- | swaylock/password.c | 51 |
1 files changed, 0 insertions, 51 deletions
diff --git a/swaylock/password.c b/swaylock/password.c index 7c686b34..6a956bcb 100644 --- a/swaylock/password.c +++ b/swaylock/password.c @@ -1,7 +1,6 @@ #define _XOPEN_SOURCE 500 #include <assert.h> #include <pwd.h> -#include <security/pam_appl.h> #include <stdlib.h> #include <string.h> #include <unistd.h> @@ -11,27 +10,6 @@ #include "swaylock/seat.h" #include "unicode.h" -static int function_conversation(int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *data) { - struct swaylock_password *pw = data; - /* PAM expects an array of responses, one for each message */ - struct pam_response *pam_reply = calloc( - num_msg, sizeof(struct pam_response)); - *resp = pam_reply; - for (int i = 0; i < num_msg; ++i) { - switch (msg[i]->msg_style) { - case PAM_PROMPT_ECHO_OFF: - case PAM_PROMPT_ECHO_ON: - pam_reply[i].resp = strdup(pw->buffer); // PAM clears and frees this - break; - case PAM_ERROR_MSG: - case PAM_TEXT_INFO: - break; - } - } - return PAM_SUCCESS; -} - void clear_password_buffer(struct swaylock_password *pw) { // Use volatile keyword so so compiler can't optimize this out. volatile char *buffer = pw->buffer; @@ -42,35 +20,6 @@ void clear_password_buffer(struct swaylock_password *pw) { pw->len = 0; } -static bool attempt_password(struct swaylock_password *pw) { - struct passwd *passwd = getpwuid(getuid()); - char *username = passwd->pw_name; - const struct pam_conv local_conversation = { - function_conversation, pw - }; - pam_handle_t *local_auth_handle = NULL; - int pam_err; - // TODO: only call pam_start once. keep the same handle the whole time - if ((pam_err = pam_start("swaylock", username, - &local_conversation, &local_auth_handle)) != PAM_SUCCESS) { - wlr_log(WLR_ERROR, "PAM returned error %d", pam_err); - } - if ((pam_err = pam_authenticate(local_auth_handle, 0)) != PAM_SUCCESS) { - wlr_log(WLR_ERROR, "pam_authenticate failed"); - goto fail; - } - // TODO: only call pam_end once we succeed at authing. refresh tokens beforehand - if ((pam_err = pam_end(local_auth_handle, pam_err)) != PAM_SUCCESS) { - wlr_log(WLR_ERROR, "pam_end failed"); - goto fail; - } - clear_password_buffer(pw); - return true; -fail: - clear_password_buffer(pw); - return false; -} - static bool backspace(struct swaylock_password *pw) { if (pw->len != 0) { pw->buffer[--pw->len] = 0; |