diff options
author | Drew DeVault <sir@cmpwn.com> | 2015-12-17 08:44:30 -0500 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2015-12-17 08:44:30 -0500 |
commit | 9c141f0bf1f70e284d6bac1679d4bc56ebb93f5a (patch) | |
tree | 18aa17139dd2aa66fd89002d1f186d755379ded5 /swaylock/main.c | |
parent | Fix null dereference in swaybar (diff) | |
download | sway-9c141f0bf1f70e284d6bac1679d4bc56ebb93f5a.tar.gz sway-9c141f0bf1f70e284d6bac1679d4bc56ebb93f5a.tar.zst sway-9c141f0bf1f70e284d6bac1679d4bc56ebb93f5a.zip |
Implement PAM password verification in swaylock
Diffstat (limited to 'swaylock/main.c')
-rw-r--r-- | swaylock/main.c | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/swaylock/main.c b/swaylock/main.c index 95921d53..19993ce6 100644 --- a/swaylock/main.c +++ b/swaylock/main.c | |||
@@ -1,4 +1,5 @@ | |||
1 | #include "wayland-swaylock-client-protocol.h" | 1 | #include "wayland-swaylock-client-protocol.h" |
2 | #include <security/pam_appl.h> | ||
2 | #include <stdio.h> | 3 | #include <stdio.h> |
3 | #include <stdlib.h> | 4 | #include <stdlib.h> |
4 | #include <string.h> | 5 | #include <string.h> |
@@ -29,6 +30,39 @@ void sway_terminate(void) { | |||
29 | exit(EXIT_FAILURE); | 30 | exit(EXIT_FAILURE); |
30 | } | 31 | } |
31 | 32 | ||
33 | struct pam_response *pam_reply; | ||
34 | |||
35 | int function_conversation(int num_msg, const struct pam_message **msg, | ||
36 | struct pam_response **resp, void *appdata_ptr) { | ||
37 | *resp = pam_reply; | ||
38 | return PAM_SUCCESS; | ||
39 | } | ||
40 | |||
41 | /** | ||
42 | * password will be zeroed out. | ||
43 | */ | ||
44 | bool verify_password(const char *username, char *password) { | ||
45 | const struct pam_conv local_conversation = { function_conversation, NULL }; | ||
46 | pam_handle_t *local_auth_handle = NULL; | ||
47 | int pam_err; | ||
48 | if ((pam_err = pam_start("swaylock", username, &local_conversation, &local_auth_handle)) != PAM_SUCCESS) { | ||
49 | sway_abort("PAM returned %d\n", pam_err); | ||
50 | } | ||
51 | pam_reply = (struct pam_response *)malloc(sizeof(struct pam_response)); | ||
52 | pam_reply[0].resp = password; | ||
53 | pam_reply[0].resp_retcode = 0; | ||
54 | if ((pam_err = pam_authenticate(local_auth_handle, 0)) != PAM_SUCCESS) { | ||
55 | memset(password, 0, strlen(password)); | ||
56 | return false; | ||
57 | } | ||
58 | if ((pam_err = pam_end(local_auth_handle, pam_err)) != PAM_SUCCESS) { | ||
59 | memset(password, 0, strlen(password)); | ||
60 | return false; | ||
61 | } | ||
62 | memset(password, 0, strlen(password)); | ||
63 | return true; | ||
64 | } | ||
65 | |||
32 | void notify_key(enum wl_keyboard_key_state state, xkb_keysym_t sym, uint32_t code, uint32_t codepoint) { | 66 | void notify_key(enum wl_keyboard_key_state state, xkb_keysym_t sym, uint32_t code, uint32_t codepoint) { |
33 | sway_log(L_INFO, "notified of key %c", (char)codepoint); | 67 | sway_log(L_INFO, "notified of key %c", (char)codepoint); |
34 | } | 68 | } |