diff options
author | Drew DeVault <sir@cmpwn.com> | 2015-12-17 08:44:30 -0500 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2015-12-17 08:44:30 -0500 |
commit | 9c141f0bf1f70e284d6bac1679d4bc56ebb93f5a (patch) | |
tree | 18aa17139dd2aa66fd89002d1f186d755379ded5 | |
parent | Fix null dereference in swaybar (diff) | |
download | sway-9c141f0bf1f70e284d6bac1679d4bc56ebb93f5a.tar.gz sway-9c141f0bf1f70e284d6bac1679d4bc56ebb93f5a.tar.zst sway-9c141f0bf1f70e284d6bac1679d4bc56ebb93f5a.zip |
Implement PAM password verification in swaylock
-rw-r--r-- | CMake/FindPAM.cmake | 245 | ||||
-rw-r--r-- | CMakeLists.txt | 1 | ||||
-rw-r--r-- | swaylock/CMakeLists.txt | 2 | ||||
-rw-r--r-- | swaylock/main.c | 34 |
4 files changed, 282 insertions, 0 deletions
diff --git a/CMake/FindPAM.cmake b/CMake/FindPAM.cmake new file mode 100644 index 00000000..7e6e333a --- /dev/null +++ b/CMake/FindPAM.cmake | |||
@@ -0,0 +1,245 @@ | |||
1 | # - Try to find the PAM libraries | ||
2 | # Once done this will define | ||
3 | # | ||
4 | # PAM_FOUND - system has pam | ||
5 | # PAM_INCLUDE_DIR - the pam include directory | ||
6 | # PAM_LIBRARIES - libpam library | ||
7 | |||
8 | if (PAM_INCLUDE_DIR AND PAM_LIBRARY) | ||
9 | set(PAM_FIND_QUIETLY TRUE) | ||
10 | endif (PAM_INCLUDE_DIR AND PAM_LIBRARY) | ||
11 | |||
12 | find_path(PAM_INCLUDE_DIR NAMES security/pam_appl.h pam/pam_appl.h) | ||
13 | find_library(PAM_LIBRARY pam) | ||
14 | find_library(DL_LIBRARY dl) | ||
15 | |||
16 | if (PAM_INCLUDE_DIR AND PAM_LIBRARY) | ||
17 | set(PAM_FOUND TRUE) | ||
18 | if (DL_LIBRARY) | ||
19 | set(PAM_LIBRARIES ${PAM_LIBRARY} ${DL_LIBRARY}) | ||
20 | else (DL_LIBRARY) | ||
21 | set(PAM_LIBRARIES ${PAM_LIBRARY}) | ||
22 | endif (DL_LIBRARY) | ||
23 | |||
24 | if (EXISTS ${PAM_INCLUDE_DIR}/pam/pam_appl.h) | ||
25 | set(HAVE_PAM_PAM_APPL_H 1) | ||
26 | endif (EXISTS ${PAM_INCLUDE_DIR}/pam/pam_appl.h) | ||
27 | endif (PAM_INCLUDE_DIR AND PAM_LIBRARY) | ||
28 | |||
29 | if (PAM_FOUND) | ||
30 | if (NOT PAM_FIND_QUIETLY) | ||
31 | message(STATUS "Found PAM: ${PAM_LIBRARIES}") | ||
32 | endif (NOT PAM_FIND_QUIETLY) | ||
33 | else (PAM_FOUND) | ||
34 | if (PAM_FIND_REQUIRED) | ||
35 | message(FATAL_ERROR "PAM was not found") | ||
36 | endif(PAM_FIND_REQUIRED) | ||
37 | endif (PAM_FOUND) | ||
38 | |||
39 | mark_as_advanced(PAM_INCLUDE_DIR PAM_LIBRARY DL_LIBRARY) | ||
40 | |||
41 | # This file taken from https://github.com/FreeRDP/FreeRDP | ||
42 | # | ||
43 | # | ||
44 | # | ||
45 | # Apache License | ||
46 | # Version 2.0, January 2004 | ||
47 | # http://www.apache.org/licenses/ | ||
48 | # | ||
49 | # TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION | ||
50 | # | ||
51 | # 1. Definitions. | ||
52 | # | ||
53 | # "License" shall mean the terms and conditions for use, reproduction, | ||
54 | # and distribution as defined by Sections 1 through 9 of this document. | ||
55 | # | ||
56 | # "Licensor" shall mean the copyright owner or entity authorized by | ||
57 | # the copyright owner that is granting the License. | ||
58 | # | ||
59 | # "Legal Entity" shall mean the union of the acting entity and all | ||
60 | # other entities that control, are controlled by, or are under common | ||
61 | # control with that entity. For the purposes of this definition, | ||
62 | # "control" means (i) the power, direct or indirect, to cause the | ||
63 | # direction or management of such entity, whether by contract or | ||
64 | # otherwise, or (ii) ownership of fifty percent (50%) or more of the | ||
65 | # outstanding shares, or (iii) beneficial ownership of such entity. | ||
66 | # | ||
67 | # "You" (or "Your") shall mean an individual or Legal Entity | ||
68 | # exercising permissions granted by this License. | ||
69 | # | ||
70 | # "Source" form shall mean the preferred form for making modifications, | ||
71 | # including but not limited to software source code, documentation | ||
72 | # source, and configuration files. | ||
73 | # | ||
74 | # "Object" form shall mean any form resulting from mechanical | ||
75 | # transformation or translation of a Source form, including but | ||
76 | # not limited to compiled object code, generated documentation, | ||
77 | # and conversions to other media types. | ||
78 | # | ||
79 | # "Work" shall mean the work of authorship, whether in Source or | ||
80 | # Object form, made available under the License, as indicated by a | ||
81 | # copyright notice that is included in or attached to the work | ||
82 | # (an example is provided in the Appendix below). | ||
83 | # | ||
84 | # "Derivative Works" shall mean any work, whether in Source or Object | ||
85 | # form, that is based on (or derived from) the Work and for which the | ||
86 | # editorial revisions, annotations, elaborations, or other modifications | ||
87 | # represent, as a whole, an original work of authorship. For the purposes | ||
88 | # of this License, Derivative Works shall not include works that remain | ||
89 | # separable from, or merely link (or bind by name) to the interfaces of, | ||
90 | # the Work and Derivative Works thereof. | ||
91 | # | ||
92 | # "Contribution" shall mean any work of authorship, including | ||
93 | # the original version of the Work and any modifications or additions | ||
94 | # to that Work or Derivative Works thereof, that is intentionally | ||
95 | # submitted to Licensor for inclusion in the Work by the copyright owner | ||
96 | # or by an individual or Legal Entity authorized to submit on behalf of | ||
97 | # the copyright owner. For the purposes of this definition, "submitted" | ||
98 | # means any form of electronic, verbal, or written communication sent | ||
99 | # to the Licensor or its representatives, including but not limited to | ||
100 | # communication on electronic mailing lists, source code control systems, | ||
101 | # and issue tracking systems that are managed by, or on behalf of, the | ||
102 | # Licensor for the purpose of discussing and improving the Work, but | ||
103 | # excluding communication that is conspicuously marked or otherwise | ||
104 | # designated in writing by the copyright owner as "Not a Contribution." | ||
105 | # | ||
106 | # "Contributor" shall mean Licensor and any individual or Legal Entity | ||
107 | # on behalf of whom a Contribution has been received by Licensor and | ||
108 | # subsequently incorporated within the Work. | ||
109 | # | ||
110 | # 2. Grant of Copyright License. Subject to the terms and conditions of | ||
111 | # this License, each Contributor hereby grants to You a perpetual, | ||
112 | # worldwide, non-exclusive, no-charge, royalty-free, irrevocable | ||
113 | # copyright license to reproduce, prepare Derivative Works of, | ||
114 | # publicly display, publicly perform, sublicense, and distribute the | ||
115 | # Work and such Derivative Works in Source or Object form. | ||
116 | # | ||
117 | # 3. Grant of Patent License. Subject to the terms and conditions of | ||
118 | # this License, each Contributor hereby grants to You a perpetual, | ||
119 | # worldwide, non-exclusive, no-charge, royalty-free, irrevocable | ||
120 | # (except as stated in this section) patent license to make, have made, | ||
121 | # use, offer to sell, sell, import, and otherwise transfer the Work, | ||
122 | # where such license applies only to those patent claims licensable | ||
123 | # by such Contributor that are necessarily infringed by their | ||
124 | # Contribution(s) alone or by combination of their Contribution(s) | ||
125 | # with the Work to which such Contribution(s) was submitted. If You | ||
126 | # institute patent litigation against any entity (including a | ||
127 | # cross-claim or counterclaim in a lawsuit) alleging that the Work | ||
128 | # or a Contribution incorporated within the Work constitutes direct | ||
129 | # or contributory patent infringement, then any patent licenses | ||
130 | # granted to You under this License for that Work shall terminate | ||
131 | # as of the date such litigation is filed. | ||
132 | # | ||
133 | # 4. Redistribution. You may reproduce and distribute copies of the | ||
134 | # Work or Derivative Works thereof in any medium, with or without | ||
135 | # modifications, and in Source or Object form, provided that You | ||
136 | # meet the following conditions: | ||
137 | # | ||
138 | # (a) You must give any other recipients of the Work or | ||
139 | # Derivative Works a copy of this License; and | ||
140 | # | ||
141 | # (b) You must cause any modified files to carry prominent notices | ||
142 | # stating that You changed the files; and | ||
143 | # | ||
144 | # (c) You must retain, in the Source form of any Derivative Works | ||
145 | # that You distribute, all copyright, patent, trademark, and | ||
146 | # attribution notices from the Source form of the Work, | ||
147 | # excluding those notices that do not pertain to any part of | ||
148 | # the Derivative Works; and | ||
149 | # | ||
150 | # (d) If the Work includes a "NOTICE" text file as part of its | ||
151 | # distribution, then any Derivative Works that You distribute must | ||
152 | # include a readable copy of the attribution notices contained | ||
153 | # within such NOTICE file, excluding those notices that do not | ||
154 | # pertain to any part of the Derivative Works, in at least one | ||
155 | # of the following places: within a NOTICE text file distributed | ||
156 | # as part of the Derivative Works; within the Source form or | ||
157 | # documentation, if provided along with the Derivative Works; or, | ||
158 | # within a display generated by the Derivative Works, if and | ||
159 | # wherever such third-party notices normally appear. The contents | ||
160 | # of the NOTICE file are for informational purposes only and | ||
161 | # do not modify the License. You may add Your own attribution | ||
162 | # notices within Derivative Works that You distribute, alongside | ||
163 | # or as an addendum to the NOTICE text from the Work, provided | ||
164 | # that such additional attribution notices cannot be construed | ||
165 | # as modifying the License. | ||
166 | # | ||
167 | # You may add Your own copyright statement to Your modifications and | ||
168 | # may provide additional or different license terms and conditions | ||
169 | # for use, reproduction, or distribution of Your modifications, or | ||
170 | # for any such Derivative Works as a whole, provided Your use, | ||
171 | # reproduction, and distribution of the Work otherwise complies with | ||
172 | # the conditions stated in this License. | ||
173 | # | ||
174 | # 5. Submission of Contributions. Unless You explicitly state otherwise, | ||
175 | # any Contribution intentionally submitted for inclusion in the Work | ||
176 | # by You to the Licensor shall be under the terms and conditions of | ||
177 | # this License, without any additional terms or conditions. | ||
178 | # Notwithstanding the above, nothing herein shall supersede or modify | ||
179 | # the terms of any separate license agreement you may have executed | ||
180 | # with Licensor regarding such Contributions. | ||
181 | # | ||
182 | # 6. Trademarks. This License does not grant permission to use the trade | ||
183 | # names, trademarks, service marks, or product names of the Licensor, | ||
184 | # except as required for reasonable and customary use in describing the | ||
185 | # origin of the Work and reproducing the content of the NOTICE file. | ||
186 | # | ||
187 | # 7. Disclaimer of Warranty. Unless required by applicable law or | ||
188 | # agreed to in writing, Licensor provides the Work (and each | ||
189 | # Contributor provides its Contributions) on an "AS IS" BASIS, | ||
190 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or | ||
191 | # implied, including, without limitation, any warranties or conditions | ||
192 | # of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A | ||
193 | # PARTICULAR PURPOSE. You are solely responsible for determining the | ||
194 | # appropriateness of using or redistributing the Work and assume any | ||
195 | # risks associated with Your exercise of permissions under this License. | ||
196 | # | ||
197 | # 8. Limitation of Liability. In no event and under no legal theory, | ||
198 | # whether in tort (including negligence), contract, or otherwise, | ||
199 | # unless required by applicable law (such as deliberate and grossly | ||
200 | # negligent acts) or agreed to in writing, shall any Contributor be | ||
201 | # liable to You for damages, including any direct, indirect, special, | ||
202 | # incidental, or consequential damages of any character arising as a | ||
203 | # result of this License or out of the use or inability to use the | ||
204 | # Work (including but not limited to damages for loss of goodwill, | ||
205 | # work stoppage, computer failure or malfunction, or any and all | ||
206 | # other commercial damages or losses), even if such Contributor | ||
207 | # has been advised of the possibility of such damages. | ||
208 | # | ||
209 | # 9. Accepting Warranty or Additional Liability. While redistributing | ||
210 | # the Work or Derivative Works thereof, You may choose to offer, | ||
211 | # and charge a fee for, acceptance of support, warranty, indemnity, | ||
212 | # or other liability obligations and/or rights consistent with this | ||
213 | # License. However, in accepting such obligations, You may act only | ||
214 | # on Your own behalf and on Your sole responsibility, not on behalf | ||
215 | # of any other Contributor, and only if You agree to indemnify, | ||
216 | # defend, and hold each Contributor harmless for any liability | ||
217 | # incurred by, or claims asserted against, such Contributor by reason | ||
218 | # of your accepting any such warranty or additional liability. | ||
219 | # | ||
220 | # END OF TERMS AND CONDITIONS | ||
221 | # | ||
222 | # APPENDIX: How to apply the Apache License to your work. | ||
223 | # | ||
224 | # To apply the Apache License to your work, attach the following | ||
225 | # boilerplate notice, with the fields enclosed by brackets "[]" | ||
226 | # replaced with your own identifying information. (Don't include | ||
227 | # the brackets!) The text should be enclosed in the appropriate | ||
228 | # comment syntax for the file format. We also recommend that a | ||
229 | # file or class name and description of purpose be included on the | ||
230 | # same "printed page" as the copyright notice for easier | ||
231 | # identification within third-party archives. | ||
232 | # | ||
233 | # Copyright [yyyy] [name of copyright owner] | ||
234 | # | ||
235 | # Licensed under the Apache License, Version 2.0 (the "License"); | ||
236 | # you may not use this file except in compliance with the License. | ||
237 | # You may obtain a copy of the License at | ||
238 | # | ||
239 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
240 | # | ||
241 | # Unless required by applicable law or agreed to in writing, software | ||
242 | # distributed under the License is distributed on an "AS IS" BASIS, | ||
243 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
244 | # See the License for the specific language governing permissions and | ||
245 | # limitations under the License. | ||
diff --git a/CMakeLists.txt b/CMakeLists.txt index 2d7623b0..576b875d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt | |||
@@ -49,6 +49,7 @@ find_package(WLC REQUIRED) | |||
49 | find_package(Wayland REQUIRED) | 49 | find_package(Wayland REQUIRED) |
50 | find_package(XKBCommon REQUIRED) | 50 | find_package(XKBCommon REQUIRED) |
51 | find_package(GdkPixbuf REQUIRED) | 51 | find_package(GdkPixbuf REQUIRED) |
52 | find_package(PAM REQUIRED) | ||
52 | 53 | ||
53 | include(Manpage) | 54 | include(Manpage) |
54 | 55 | ||
diff --git a/swaylock/CMakeLists.txt b/swaylock/CMakeLists.txt index 977cc2f7..306be80e 100644 --- a/swaylock/CMakeLists.txt +++ b/swaylock/CMakeLists.txt | |||
@@ -4,6 +4,7 @@ include_directories( | |||
4 | ${CAIRO_INCLUDE_DIRS} | 4 | ${CAIRO_INCLUDE_DIRS} |
5 | ${GDK_PIXBUF_INCLUDE_DIRS} | 5 | ${GDK_PIXBUF_INCLUDE_DIRS} |
6 | ${PANGO_INCLUDE_DIRS} | 6 | ${PANGO_INCLUDE_DIRS} |
7 | ${PAM_INCLUDE_DIRS} | ||
7 | ) | 8 | ) |
8 | 9 | ||
9 | add_executable(swaylock | 10 | add_executable(swaylock |
@@ -18,6 +19,7 @@ target_link_libraries(swaylock | |||
18 | ${CAIRO_LIBRARIES} | 19 | ${CAIRO_LIBRARIES} |
19 | ${GDK_PIXBUF_LIBRARIES} | 20 | ${GDK_PIXBUF_LIBRARIES} |
20 | ${PANGO_LIBRARIES} | 21 | ${PANGO_LIBRARIES} |
22 | ${PAM_LIBRARIES} | ||
21 | m | 23 | m |
22 | ) | 24 | ) |
23 | 25 | ||
diff --git a/swaylock/main.c b/swaylock/main.c index 95921d53..19993ce6 100644 --- a/swaylock/main.c +++ b/swaylock/main.c | |||
@@ -1,4 +1,5 @@ | |||
1 | #include "wayland-swaylock-client-protocol.h" | 1 | #include "wayland-swaylock-client-protocol.h" |
2 | #include <security/pam_appl.h> | ||
2 | #include <stdio.h> | 3 | #include <stdio.h> |
3 | #include <stdlib.h> | 4 | #include <stdlib.h> |
4 | #include <string.h> | 5 | #include <string.h> |
@@ -29,6 +30,39 @@ void sway_terminate(void) { | |||
29 | exit(EXIT_FAILURE); | 30 | exit(EXIT_FAILURE); |
30 | } | 31 | } |
31 | 32 | ||
33 | struct pam_response *pam_reply; | ||
34 | |||
35 | int function_conversation(int num_msg, const struct pam_message **msg, | ||
36 | struct pam_response **resp, void *appdata_ptr) { | ||
37 | *resp = pam_reply; | ||
38 | return PAM_SUCCESS; | ||
39 | } | ||
40 | |||
41 | /** | ||
42 | * password will be zeroed out. | ||
43 | */ | ||
44 | bool verify_password(const char *username, char *password) { | ||
45 | const struct pam_conv local_conversation = { function_conversation, NULL }; | ||
46 | pam_handle_t *local_auth_handle = NULL; | ||
47 | int pam_err; | ||
48 | if ((pam_err = pam_start("swaylock", username, &local_conversation, &local_auth_handle)) != PAM_SUCCESS) { | ||
49 | sway_abort("PAM returned %d\n", pam_err); | ||
50 | } | ||
51 | pam_reply = (struct pam_response *)malloc(sizeof(struct pam_response)); | ||
52 | pam_reply[0].resp = password; | ||
53 | pam_reply[0].resp_retcode = 0; | ||
54 | if ((pam_err = pam_authenticate(local_auth_handle, 0)) != PAM_SUCCESS) { | ||
55 | memset(password, 0, strlen(password)); | ||
56 | return false; | ||
57 | } | ||
58 | if ((pam_err = pam_end(local_auth_handle, pam_err)) != PAM_SUCCESS) { | ||
59 | memset(password, 0, strlen(password)); | ||
60 | return false; | ||
61 | } | ||
62 | memset(password, 0, strlen(password)); | ||
63 | return true; | ||
64 | } | ||
65 | |||
32 | void notify_key(enum wl_keyboard_key_state state, xkb_keysym_t sym, uint32_t code, uint32_t codepoint) { | 66 | void notify_key(enum wl_keyboard_key_state state, xkb_keysym_t sym, uint32_t code, uint32_t codepoint) { |
33 | sway_log(L_INFO, "notified of key %c", (char)codepoint); | 67 | sway_log(L_INFO, "notified of key %c", (char)codepoint); |
34 | } | 68 | } |