diff options
author | Drew DeVault <sir@cmpwn.com> | 2016-01-25 13:28:39 -0500 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2016-01-25 13:28:39 -0500 |
commit | bbd6c5be91a91b827084683f38796d0dca4106ac (patch) | |
tree | aacdaa4239c24a8bd4c0bb313b43dfd157007e45 | |
parent | swaybar: Fix plaintext handling. (diff) | |
parent | swaylock: don't memset memory that has been freed (diff) | |
download | sway-bbd6c5be91a91b827084683f38796d0dca4106ac.tar.gz sway-bbd6c5be91a91b827084683f38796d0dca4106ac.tar.zst sway-bbd6c5be91a91b827084683f38796d0dca4106ac.zip |
Merge pull request #474 from christophgysin/swaylock_pam
swaylock pam fixes
-rw-r--r-- | swaylock/main.c | 42 |
1 files changed, 33 insertions, 9 deletions
diff --git a/swaylock/main.c b/swaylock/main.c index c01445e7..9530b6dc 100644 --- a/swaylock/main.c +++ b/swaylock/main.c | |||
@@ -36,18 +36,46 @@ void sway_terminate(void) { | |||
36 | } | 36 | } |
37 | 37 | ||
38 | char *password; | 38 | char *password; |
39 | struct pam_response *pam_reply; | ||
40 | 39 | ||
41 | int function_conversation(int num_msg, const struct pam_message **msg, | 40 | int function_conversation(int num_msg, const struct pam_message **msg, |
42 | struct pam_response **resp, void *appdata_ptr) { | 41 | struct pam_response **resp, void *appdata_ptr) { |
42 | |||
43 | const char* msg_style_names[] = { | ||
44 | NULL, | ||
45 | "PAM_PROMPT_ECHO_OFF", | ||
46 | "PAM_PROMPT_ECHO_ON", | ||
47 | "PAM_ERROR_MSG", | ||
48 | "PAM_TEXT_INFO", | ||
49 | }; | ||
50 | |||
51 | /* PAM expects an array of responses, one for each message */ | ||
52 | struct pam_response *pam_reply = calloc(num_msg, sizeof(struct pam_response)); | ||
43 | *resp = pam_reply; | 53 | *resp = pam_reply; |
54 | |||
55 | for(int i=0; i<num_msg; ++i) { | ||
56 | sway_log(L_DEBUG, "msg[%d]: (%s) %s", i, | ||
57 | msg_style_names[msg[i]->msg_style], | ||
58 | msg[i]->msg); | ||
59 | |||
60 | switch (msg[i]->msg_style) { | ||
61 | case PAM_PROMPT_ECHO_OFF: | ||
62 | case PAM_PROMPT_ECHO_ON: | ||
63 | pam_reply[i].resp = password; | ||
64 | break; | ||
65 | |||
66 | case PAM_ERROR_MSG: | ||
67 | case PAM_TEXT_INFO: | ||
68 | break; | ||
69 | } | ||
70 | } | ||
71 | |||
44 | return PAM_SUCCESS; | 72 | return PAM_SUCCESS; |
45 | } | 73 | } |
46 | 74 | ||
47 | /** | 75 | /** |
48 | * password will be zeroed out. | 76 | * password will be zeroed out. |
49 | */ | 77 | */ |
50 | bool verify_password(char *password) { | 78 | bool verify_password() { |
51 | struct passwd *passwd = getpwuid(getuid()); | 79 | struct passwd *passwd = getpwuid(getuid()); |
52 | char *username = passwd->pw_name; | 80 | char *username = passwd->pw_name; |
53 | 81 | ||
@@ -57,18 +85,12 @@ bool verify_password(char *password) { | |||
57 | if ((pam_err = pam_start("swaylock", username, &local_conversation, &local_auth_handle)) != PAM_SUCCESS) { | 85 | if ((pam_err = pam_start("swaylock", username, &local_conversation, &local_auth_handle)) != PAM_SUCCESS) { |
58 | sway_abort("PAM returned %d\n", pam_err); | 86 | sway_abort("PAM returned %d\n", pam_err); |
59 | } | 87 | } |
60 | pam_reply = (struct pam_response *)malloc(sizeof(struct pam_response)); | ||
61 | pam_reply[0].resp = password; | ||
62 | pam_reply[0].resp_retcode = 0; | ||
63 | if ((pam_err = pam_authenticate(local_auth_handle, 0)) != PAM_SUCCESS) { | 88 | if ((pam_err = pam_authenticate(local_auth_handle, 0)) != PAM_SUCCESS) { |
64 | memset(password, 0, strlen(password)); | ||
65 | return false; | 89 | return false; |
66 | } | 90 | } |
67 | if ((pam_err = pam_end(local_auth_handle, pam_err)) != PAM_SUCCESS) { | 91 | if ((pam_err = pam_end(local_auth_handle, pam_err)) != PAM_SUCCESS) { |
68 | memset(password, 0, strlen(password)); | ||
69 | return false; | 92 | return false; |
70 | } | 93 | } |
71 | memset(password, 0, strlen(password)); | ||
72 | return true; | 94 | return true; |
73 | } | 95 | } |
74 | 96 | ||
@@ -76,9 +98,11 @@ void notify_key(enum wl_keyboard_key_state state, xkb_keysym_t sym, uint32_t cod | |||
76 | if (state == WL_KEYBOARD_KEY_STATE_PRESSED) { | 98 | if (state == WL_KEYBOARD_KEY_STATE_PRESSED) { |
77 | switch (sym) { | 99 | switch (sym) { |
78 | case XKB_KEY_Return: | 100 | case XKB_KEY_Return: |
79 | if (verify_password(password)) { | 101 | if (verify_password()) { |
80 | exit(0); | 102 | exit(0); |
81 | } | 103 | } |
104 | password = malloc(1024); // TODO: Let this grow | ||
105 | password[0] = '\0'; | ||
82 | break; | 106 | break; |
83 | default: | 107 | default: |
84 | { | 108 | { |