[wiki] [sites] Add pam_auth patch || Jan Christoph Ebersbach

[git]

commit f63b6422a7bd10abd78c52a254a4caee13825d26
Author: Jan Christoph Ebersbach <j...@e-jc.de>
Date:   Mon May 16 17:13:56 2016 +0200

    Add pam_auth patch

diff --git a/tools.suckless.org/slock/patches/pam_auth.md 
b/tools.suckless.org/slock/patches/pam_auth.md
new file mode 100644
index 0000000..4e6e189
--- /dev/null
+++ b/tools.suckless.org/slock/patches/pam_auth.md
@@ -0,0 +1,20 @@
+PAM auth
+=========
+
+Description
+-----------
+
+Replaces shadow support with PAM authentication support.
+
+Change variable `pam_service` in `config.def.h` to the corresponding PAM
+service.  The default configuration is for ArchLinux's `login` service.
+
+Download
+--------
+
+* [slock-pam_auth.diff](slock-pam_auth.diff)
+
+Authors
+-------
+
+* Jan Christoph Ebersbach <[j...@e-jc.de](mailto:j...@e-jc.de)>
diff --git a/tools.suckless.org/slock/patches/slock-pam_auth.diff 
b/tools.suckless.org/slock/patches/slock-pam_auth.diff
new file mode 100644
index 0000000..7cc1983
--- /dev/null
+++ b/tools.suckless.org/slock/patches/slock-pam_auth.diff
@@ -0,0 +1,125 @@
+Author: Jan Christoph Ebersbach <j...@e-jc.de>
+URL: http://tools.suckless.org/slock/patches/pam_auth
+Replaces shadow support with PAM authentication support.
+
+Change variable `pam_service` in `config.def.h` to the corresponding PAM
+service.  The default configuration is for ArchLinux's `login` service.
+
+diff --git a/config.def.h b/config.def.h
+index eae2d9a..085968d 100644
+--- a/config.def.h
++++ b/config.def.h
+@@ -6,3 +6,6 @@ static const char *colorname[NUMCOLS] = {
+ 
+ /* treat a cleared input like a wrong password */
+ static const int failonclear = 1;
++
++/* PAM service that's used for authentication */
++static const char* pam_service = "login";
+diff --git a/config.mk b/config.mk
+index f93879e..e054879 100644
+--- a/config.mk
++++ b/config.mk
+@@ -12,7 +12,7 @@ X11LIB = /usr/X11R6/lib
+ 
+ # includes and libs
+ INCS = -I. -I/usr/include -I${X11INC}
+-LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr
++LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr -lpam
+ 
+ # flags
+ CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H
+diff --git a/slock.c b/slock.c
+index c9cdee2..2abf467 100644
+--- a/slock.c
++++ b/slock.c
+@@ -17,6 +17,8 @@
+ #include <X11/keysym.h>
+ #include <X11/Xlib.h>
+ #include <X11/Xutil.h>
++#include <security/pam_appl.h>
++#include <security/pam_misc.h>
+ 
+ #if HAVE_BSD_AUTH
+ #include <login_cap.h>
+@@ -39,6 +41,9 @@ typedef struct {
+       unsigned long colors[NUMCOLS];
+ } Lock;
+ 
++static int pam_conv(int num_msg, const struct pam_message **msg, struct 
pam_response **resp, void *appdata_ptr);
++struct pam_conv pamc = {pam_conv, NULL};
++char passwd[256];
+ static Lock **locks;
+ static int nscreens;
+ static Bool running = True;
+@@ -112,6 +117,31 @@ getpw(void)
+ }
+ #endif
+ 
++static int
++pam_conv(int num_msg, const struct pam_message **msg,
++              struct pam_response **resp, void *appdata_ptr)
++{
++      int retval = PAM_CONV_ERR;
++      for(int i=0; i<num_msg; i++) {
++              if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF &&
++                              strncmp(msg[i]->msg, "Password: ", 10) == 0) {
++                      struct pam_response *resp_msg = malloc(sizeof(struct 
pam_response));
++                      if (!resp_msg)
++                              die("malloc failed");
++                      char *password = malloc(strlen(passwd) + 1);
++                      if (!password)
++                              die("malloc failed");
++                      memset(password, 0, strlen(passwd) + 1);
++                      strcpy(password, passwd);
++                      resp_msg->resp_retcode = 0;
++                      resp_msg->resp = password;
++                      resp[i] = resp_msg;
++                      retval = PAM_SUCCESS;
++              }
++      }
++      return retval;
++}
++
+ static void
+ #ifdef HAVE_BSD_AUTH
+ readpw(Display *dpy)
+@@ -119,12 +149,15 @@ readpw(Display *dpy)
+ readpw(Display *dpy, const char *pws)
+ #endif
+ {
+-      char buf[32], passwd[256];
+-      int num, screen;
++      char buf[32];
++      struct passwd* pw;
++      int num, screen, retval;
+       unsigned int len, color;
+       KeySym ksym;
+       XEvent ev;
+       static int oldc = INIT;
++      pam_handle_t *pamh;
++
+ 
+       len = 0;
+       running = True;
+@@ -155,7 +188,19 @@ readpw(Display *dpy, const char *pws)
+ #ifdef HAVE_BSD_AUTH
+                               running = !auth_userokay(getlogin(), NULL, 
"auth-xlock", passwd);
+ #else
+-                              running = !!strcmp(crypt(passwd, pws), pws);
++                              pw = getpwuid(getuid());
++                              retval = pam_start(pam_service, pw->pw_name, 
&pamc, &pamh);
++                              if (retval == PAM_SUCCESS)
++                                      retval = pam_authenticate(pamh, 0);
++                              if (retval == PAM_SUCCESS)
++                                      retval = pam_acct_mgmt(pamh, 0);
++
++                              running = 1;
++                              if (retval == PAM_SUCCESS)
++                                      running = 0;
++                              else
++                                      fprintf(stderr, "slock: %s
", pam_strerror(pamh, retval));
++                              pam_end(pamh, retval);
+ #endif
+                               if (running) {
+                                       XBell(dpy, 100);