From e902de34db2354335c1cbd6baf2fcf7e82509b63 Mon Sep 17 00:00:00 2001
From: Drew DeVault <sir@cmpwn.com>
Date: Tue, 3 Apr 2018 14:49:56 -0400
Subject: Verify passwords

---
 swaylock/password.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 57 insertions(+), 1 deletion(-)

diff --git a/swaylock/password.c b/swaylock/password.c
index da67205d..9af7fe16 100644
--- a/swaylock/password.c
+++ b/swaylock/password.c
@@ -1,4 +1,6 @@
 #include <assert.h>
+#include <pwd.h>
+#include <security/pam_appl.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <wlr/util/log.h>
@@ -7,6 +9,58 @@
 #include "swaylock/seat.h"
 #include "unicode.h"
 
+static int function_conversation(int num_msg, const struct pam_message **msg,
+		struct pam_response **resp, void *data) {
+	struct swaylock_password *pw = data;
+	/* PAM expects an array of responses, one for each message */
+	struct pam_response *pam_reply = calloc(
+			num_msg, sizeof(struct pam_response));
+	*resp = pam_reply;
+	for (int i = 0; i < num_msg; ++i) {
+		switch (msg[i]->msg_style) {
+		case PAM_PROMPT_ECHO_OFF:
+		case PAM_PROMPT_ECHO_ON:
+			pam_reply[i].resp = pw->buffer;
+			break;
+		case PAM_ERROR_MSG:
+		case PAM_TEXT_INFO:
+			break;
+		}
+	}
+	return PAM_SUCCESS;
+}
+
+static bool attempt_password(struct swaylock_password *pw) {
+	struct passwd *passwd = getpwuid(getuid());
+	char *username = passwd->pw_name;
+	const struct pam_conv local_conversation = {
+		function_conversation, pw
+	};
+	pam_handle_t *local_auth_handle = NULL;
+	int pam_err;
+	if ((pam_err = pam_start("swaylock", username,
+					&local_conversation, &local_auth_handle)) != PAM_SUCCESS) {
+		wlr_log(L_ERROR, "PAM returned error %d", pam_err);
+	}
+	if ((pam_err = pam_authenticate(local_auth_handle, 0)) != PAM_SUCCESS) {
+		wlr_log(L_ERROR, "pam_authenticate failed");
+		goto fail;
+	}
+	if ((pam_err = pam_end(local_auth_handle, pam_err)) != PAM_SUCCESS) {
+		wlr_log(L_ERROR, "pam_end failed");
+		goto fail;
+	}
+	// PAM freed this
+	pw->buffer = NULL;
+	pw->len = pw->size = 0;
+	return true;
+fail:
+	// PAM freed this
+	pw->buffer = NULL;
+	pw->len = pw->size = 0;
+	return false;
+}
+
 static void backspace(struct swaylock_password *pw) {
 	if (pw->len != 0) {
 		pw->buffer[--pw->len] = 0;
@@ -43,7 +97,9 @@ void swaylock_handle_key(struct swaylock_state *state,
 	switch (keysym) {
 		case XKB_KEY_KP_Enter: /* fallthrough */
 		case XKB_KEY_Return:
-			// TODO: Attempt password
+			if (attempt_password(&state->password)) {
+				exit(0);
+			}
 			break;
 		case XKB_KEY_BackSpace:
 			backspace(&state->password);
-- 
cgit v1.2.3-54-g00ecf