* desklock personal password disabled - security risk.

* desklock tries other comon pam profiles first that are more appropriate * xrandr detect actually pops up the "no xrandr" dialog now SVN revision: 24592
2006-08-12 13:25:29 +00:00 · 2006-08-12 13:25:29 +00:00 · f56f6cae67
parent 33ffd2cad8
commit f56f6cae67
5 changed files with 48 additions and 19 deletions
--- a/9
+++ b/9
@ -8,9 +8,6 @@ Some of the things (in very short form) that need to be done to E17...
  BUGS / FIXES
 -------------------------------------------------------------------------------

-* BUG: i spotted a segv (glibc abort in malloc) in the forked child that does
-  pam checks - the child needs to disable segv checking etc. and i should
-  double check desklock's memory stuff.
 * BUG: e_entry/editable widget is pretty borken in sizing, clipping, initial
  state and i think is also now causing segv's (not sure yet), but it needs
  a complete going over if not a rewrite. :(
@ -86,12 +83,8 @@ Some of the things (in very short form) that need to be done to E17...
 * fsel could do with an optional preview pane for selected file (bigger icon,
  file info (permissions, modification date etc.)
 * clientinfo dialog could be nicer - then again it is an obsucre thing.
-* desklock needs to sha1 the user password with one-way encryption and never
-  display it
 * desklock's pam profile should be configurable as system-auth doesn't
-  always work - maybe have some auto-detect and scan of pam files and steal
-  others like "xscreensaver" or "kscreensaver" that will be perfect for our
-  job - fall back to system-auth if nothing useful is found :)
+  always work and the fallback checks might not work either.
 * If a user has set a border type on a window, don't bother to check for
  changes.
 * keybindings dialog doesn't conform its formatting or datatype naming to
--- a/src/bin/e_config.c
+++ b/src/bin/e_config.c
@ -1257,6 +1257,11 @@ e_config_init(void)
   
   /* FIXME: disabled auto apply because it causes problems */
   e_config->cfgdlg_auto_apply = 0;
+   /* FIXME: desklock personalized password id disabled for security reasons */
+   e_config->desklock_auth_method = 0;
+   if (e_config->desklock_personal_passwd)
+     evas_stringshare_del(e_config->desklock_personal_passwd);
+   e_config->desklock_personal_passwd = NULL;
   
   e_config_save_queue();
   
--- a/src/bin/e_desklock.c
+++ b/src/bin/e_desklock.c
@ -584,7 +584,17 @@ _desklock_auth(const char *passwd)
 	int pamerr;
 	E_Desklock_Auth da;
        char *current_user, *p;
-
+	struct sigaction action;
+	
+	action.sa_sigaction = SIG_DFL;
+	action.sa_flags = SA_ONSTACK | SA_NODEFER | SA_RESETHAND | SA_SIGINFO;
+	sigemptyset(&action.sa_mask);
+	sigaction(SIGSEGV, &action, NULL);
+	sigaction(SIGILL, &action, NULL);
+	sigaction(SIGFPE, &action, NULL);
+	sigaction(SIGBUS, &action, NULL);
+	sigaction(SIGABRT, &action, NULL);
+	
 	current_user = _desklock_auth_get_current_user();
 	strncpy(da.user, current_user, PATH_MAX);
 	strncpy(da.passwd, passwd, PATH_MAX);
@ -635,6 +645,7 @@ static int
 _desklock_pam_init(E_Desklock_Auth *da)
 {
   int pamerr;
+   const char *pam_prof;
   char *current_host;
   char *current_user;
   
@ -643,8 +654,14 @@ _desklock_pam_init(E_Desklock_Auth *da)
   da->pam.conv.conv = _desklock_auth_pam_conv;
   da->pam.conv.appdata_ptr = da;
   da->pam.handle = NULL;
+
+   /* try other pam profiles - and system-auth is a fallback */
+   pam_prof = "system-auth";
+   if (ecore_file_exists("/etc/pam.d/enlightenment")) pam_prof = "enlightenment";
+   if (ecore_file_exists("/etc/pam.d/xscreensaver")) pam_prof = "xscreensaver";
+   if (ecore_file_exists("/etc/pam.d/kscreensaver")) pam_prof = "kscreensaver";
   
-   if ((pamerr = pam_start("system-auth", da->user, &(da->pam.conv),
+   if ((pamerr = pam_start(pam_prof, da->user, &(da->pam.conv),
 			   &(da->pam.handle))) != PAM_SUCCESS)
     return pamerr;

--- a/src/bin/e_int_config_desklock.c
+++ b/src/bin/e_int_config_desklock.c
@ -213,6 +213,7 @@ _basic_create_widgets(E_Config_Dialog *cfd, Evas *evas, E_Config_Dialog_Data *cf
   //_fill_desklock_data(cfdata);
   o = e_widget_list_add(evas, 0, 0);

+/*   
 #ifdef HAVE_PAM
   of = e_widget_framelist_add(evas, _("Password Type"), 0);
   
@ -249,6 +250,7 @@ _basic_create_widgets(E_Config_Dialog *cfd, Evas *evas, E_Config_Dialog_Data *cf
   e_widget_framelist_object_append(of, ob);
   
   e_widget_list_object_append(o, of, 1, 1, 0.5);
+*/
   
   of = e_widget_framelist_add(evas, _("Automatic Locking"), 0);
   e_widget_disabled_set(of, !ecore_x_screensaver_event_available_get());
@ -399,7 +401,8 @@ _advanced_create_widgets(E_Config_Dialog *cfd, Evas *evas, E_Config_Dialog_Data
 	e_widget_table_object_append(ot, of, 1, 1, 1, 1, 1, 1, 1, 1);
     }
   /* end: login box options */
-   
+
+   /*
 #ifdef HAVE_PAM
   of = e_widget_framelist_add(evas, _("Password Type"), 0);
   
@ -439,6 +442,7 @@ _advanced_create_widgets(E_Config_Dialog *cfd, Evas *evas, E_Config_Dialog_Data
 #else
   e_widget_table_object_append(ot, of, 0, 2, 1, 1, 1, 1, 1, 1);
 #endif
+   */
   
   of = e_widget_framelist_add(evas, _("Automatic Locking"), 0);
   
--- a/src/bin/e_int_config_display.c
+++ b/src/bin/e_int_config_display.c
@ -12,6 +12,7 @@ static int          _basic_apply_data        (E_Config_Dialog *cfd, E_Config_Dia
 static Evas_Object *_basic_create_widgets    (E_Config_Dialog *cfd, Evas *evas, E_Config_Dialog_Data *cfdata);
 static void         _load_rates              (void *data);
 static void         _ilist_item_change       (void *data);
+static int          _deferred_noxrandr_error (void *data);

 Evas_Object *rate_list = NULL;
 Evas_Object *res_list = NULL;
@ -374,15 +375,9 @@ _basic_create_widgets(E_Config_Dialog *cfd, Evas *evas, E_Config_Dialog_Data *cf
   sizes = ecore_x_randr_screen_sizes_get(man->root, &s);
   size = ecore_x_randr_current_screen_size_get(man->root);
   
-   if (!sizes)
+   if ((!sizes) || (s == 0))
     {
-	e_util_dialog_show(_("Missing Features"),
-			   _("Your X Display Server is missing support for<br>"
-			     "The <hilight>XRandr</hilight> (X Resize and Rotate) extension.<br>"
-			     "You cannot change screen resolutions without<br>"
-			     "The support of this extension. It could also be<br>"
-			     "That at the time <hilight>ecore</hilight> was built there<br>"
-			     "was no XRandr support detected."));
+	ecore_timer_add(0.5, _deferred_noxrandr_error, NULL);
     }
   else
     {
@ -443,6 +438,8 @@ _basic_create_widgets(E_Config_Dialog *cfd, Evas *evas, E_Config_Dialog_Data *cf
 	  }	
     }
   
+   if (sizes) free(sizes);
+   
   e_widget_ilist_go(ol);
   e_widget_ilist_go(rl);
   
@ -518,3 +515,16 @@ _ilist_item_change(void *data)
 {
   _load_rates(data);
 }
+
+static int
+_deferred_noxrandr_error(void *data)
+{
+   e_util_dialog_show(_("Missing Features"),
+		      _("Your X Display Server is missing support for<br>"
+			"The <hilight>XRandr</hilight> (X Resize and Rotate) extension.<br>"
+			"You cannot change screen resolutions without<br>"
+			"The support of this extension. It could also be<br>"
+			"That at the time <hilight>ecore</hilight> was built there<br>"
+			"was no XRandr support detected."));
+   return 0;
+}