From f56f6cae67fd333771a64f3e4f7d8201445703ce Mon Sep 17 00:00:00 2001
From: Carsten Haitzler <raster@rasterman.com>
Date: Sat, 12 Aug 2006 13:25:29 +0000
Subject: [PATCH] * desklock personal password disabled - security risk. *
 desklock tries other comon pam profiles first that are more appropriate *
 xrandr detect actually pops up the "no xrandr" dialog now

SVN revision: 24592
---
 TODO                            |  9 +--------
 src/bin/e_config.c              |  5 +++++
 src/bin/e_desklock.c            | 21 +++++++++++++++++++--
 src/bin/e_int_config_desklock.c |  6 +++++-
 src/bin/e_int_config_display.c  | 26 ++++++++++++++++++--------
 5 files changed, 48 insertions(+), 19 deletions(-)

diff --git a/TODO b/TODO
index 922369ab7..6a0658b6f 100644
--- a/TODO
+++ b/TODO
@@ -8,9 +8,6 @@ Some of the things (in very short form) that need to be done to E17...
   BUGS / FIXES
 -------------------------------------------------------------------------------
 
-* BUG: i spotted a segv (glibc abort in malloc) in the forked child that does
-  pam checks - the child needs to disable segv checking etc. and i should
-  double check desklock's memory stuff.
 * BUG: e_entry/editable widget is pretty borken in sizing, clipping, initial
   state and i think is also now causing segv's (not sure yet), but it needs
   a complete going over if not a rewrite. :(
@@ -86,12 +83,8 @@ Some of the things (in very short form) that need to be done to E17...
 * fsel could do with an optional preview pane for selected file (bigger icon,
   file info (permissions, modification date etc.)
 * clientinfo dialog could be nicer - then again it is an obsucre thing.
-* desklock needs to sha1 the user password with one-way encryption and never
-  display it
 * desklock's pam profile should be configurable as system-auth doesn't
-  always work - maybe have some auto-detect and scan of pam files and steal
-  others like "xscreensaver" or "kscreensaver" that will be perfect for our
-  job - fall back to system-auth if nothing useful is found :)
+  always work and the fallback checks might not work either.
 * If a user has set a border type on a window, don't bother to check for
   changes.
 * keybindings dialog doesn't conform its formatting or datatype naming to
diff --git a/src/bin/e_config.c b/src/bin/e_config.c
index 92cb6a8db..3e8d4387e 100644
--- a/src/bin/e_config.c
+++ b/src/bin/e_config.c
@@ -1257,6 +1257,11 @@ e_config_init(void)
    
    /* FIXME: disabled auto apply because it causes problems */
    e_config->cfgdlg_auto_apply = 0;
+   /* FIXME: desklock personalized password id disabled for security reasons */
+   e_config->desklock_auth_method = 0;
+   if (e_config->desklock_personal_passwd)
+     evas_stringshare_del(e_config->desklock_personal_passwd);
+   e_config->desklock_personal_passwd = NULL;
    
    e_config_save_queue();
    
diff --git a/src/bin/e_desklock.c b/src/bin/e_desklock.c
index 3e5d2f2d5..5c8070355 100644
--- a/src/bin/e_desklock.c
+++ b/src/bin/e_desklock.c
@@ -584,7 +584,17 @@ _desklock_auth(const char *passwd)
 	int pamerr;
 	E_Desklock_Auth da;
         char *current_user, *p;
-
+	struct sigaction action;
+	
+	action.sa_sigaction = SIG_DFL;
+	action.sa_flags = SA_ONSTACK | SA_NODEFER | SA_RESETHAND | SA_SIGINFO;
+	sigemptyset(&action.sa_mask);
+	sigaction(SIGSEGV, &action, NULL);
+	sigaction(SIGILL, &action, NULL);
+	sigaction(SIGFPE, &action, NULL);
+	sigaction(SIGBUS, &action, NULL);
+	sigaction(SIGABRT, &action, NULL);
+	
 	current_user = _desklock_auth_get_current_user();
 	strncpy(da.user, current_user, PATH_MAX);
 	strncpy(da.passwd, passwd, PATH_MAX);
@@ -635,6 +645,7 @@ static int
 _desklock_pam_init(E_Desklock_Auth *da)
 {
    int pamerr;
+   const char *pam_prof;
    char *current_host;
    char *current_user;
    
@@ -643,8 +654,14 @@ _desklock_pam_init(E_Desklock_Auth *da)
    da->pam.conv.conv = _desklock_auth_pam_conv;
    da->pam.conv.appdata_ptr = da;
    da->pam.handle = NULL;
+
+   /* try other pam profiles - and system-auth is a fallback */
+   pam_prof = "system-auth";
+   if (ecore_file_exists("/etc/pam.d/enlightenment")) pam_prof = "enlightenment";
+   if (ecore_file_exists("/etc/pam.d/xscreensaver")) pam_prof = "xscreensaver";
+   if (ecore_file_exists("/etc/pam.d/kscreensaver")) pam_prof = "kscreensaver";
    
-   if ((pamerr = pam_start("system-auth", da->user, &(da->pam.conv),
+   if ((pamerr = pam_start(pam_prof, da->user, &(da->pam.conv),
 			   &(da->pam.handle))) != PAM_SUCCESS)
      return pamerr;
 
diff --git a/src/bin/e_int_config_desklock.c b/src/bin/e_int_config_desklock.c
index 5770fc748..43207d50c 100644
--- a/src/bin/e_int_config_desklock.c
+++ b/src/bin/e_int_config_desklock.c
@@ -213,6 +213,7 @@ _basic_create_widgets(E_Config_Dialog *cfd, Evas *evas, E_Config_Dialog_Data *cf
    //_fill_desklock_data(cfdata);
    o = e_widget_list_add(evas, 0, 0);
 
+/*   
 #ifdef HAVE_PAM
    of = e_widget_framelist_add(evas, _("Password Type"), 0);
    
@@ -249,6 +250,7 @@ _basic_create_widgets(E_Config_Dialog *cfd, Evas *evas, E_Config_Dialog_Data *cf
    e_widget_framelist_object_append(of, ob);
    
    e_widget_list_object_append(o, of, 1, 1, 0.5);
+*/
    
    of = e_widget_framelist_add(evas, _("Automatic Locking"), 0);
    e_widget_disabled_set(of, !ecore_x_screensaver_event_available_get());
@@ -399,7 +401,8 @@ _advanced_create_widgets(E_Config_Dialog *cfd, Evas *evas, E_Config_Dialog_Data
 	e_widget_table_object_append(ot, of, 1, 1, 1, 1, 1, 1, 1, 1);
      }
    /* end: login box options */
-   
+
+   /*
 #ifdef HAVE_PAM
    of = e_widget_framelist_add(evas, _("Password Type"), 0);
    
@@ -439,6 +442,7 @@ _advanced_create_widgets(E_Config_Dialog *cfd, Evas *evas, E_Config_Dialog_Data
 #else
    e_widget_table_object_append(ot, of, 0, 2, 1, 1, 1, 1, 1, 1);
 #endif
+   */
    
    of = e_widget_framelist_add(evas, _("Automatic Locking"), 0);
    
diff --git a/src/bin/e_int_config_display.c b/src/bin/e_int_config_display.c
index fdf16ea50..ecc7fde1c 100644
--- a/src/bin/e_int_config_display.c
+++ b/src/bin/e_int_config_display.c
@@ -12,6 +12,7 @@ static int          _basic_apply_data        (E_Config_Dialog *cfd, E_Config_Dia
 static Evas_Object *_basic_create_widgets    (E_Config_Dialog *cfd, Evas *evas, E_Config_Dialog_Data *cfdata);
 static void         _load_rates              (void *data);
 static void         _ilist_item_change       (void *data);
+static int          _deferred_noxrandr_error (void *data);
 
 Evas_Object *rate_list = NULL;
 Evas_Object *res_list = NULL;
@@ -374,15 +375,9 @@ _basic_create_widgets(E_Config_Dialog *cfd, Evas *evas, E_Config_Dialog_Data *cf
    sizes = ecore_x_randr_screen_sizes_get(man->root, &s);
    size = ecore_x_randr_current_screen_size_get(man->root);
    
-   if (!sizes)
+   if ((!sizes) || (s == 0))
      {
-	e_util_dialog_show(_("Missing Features"),
-			   _("Your X Display Server is missing support for<br>"
-			     "The <hilight>XRandr</hilight> (X Resize and Rotate) extension.<br>"
-			     "You cannot change screen resolutions without<br>"
-			     "The support of this extension. It could also be<br>"
-			     "That at the time <hilight>ecore</hilight> was built there<br>"
-			     "was no XRandr support detected."));
+	ecore_timer_add(0.5, _deferred_noxrandr_error, NULL);
      }
    else
      {
@@ -443,6 +438,8 @@ _basic_create_widgets(E_Config_Dialog *cfd, Evas *evas, E_Config_Dialog_Data *cf
 	  }	
      }
    
+   if (sizes) free(sizes);
+   
    e_widget_ilist_go(ol);
    e_widget_ilist_go(rl);
    
@@ -518,3 +515,16 @@ _ilist_item_change(void *data)
 {
    _load_rates(data);
 }
+
+static int
+_deferred_noxrandr_error(void *data)
+{
+   e_util_dialog_show(_("Missing Features"),
+		      _("Your X Display Server is missing support for<br>"
+			"The <hilight>XRandr</hilight> (X Resize and Rotate) extension.<br>"
+			"You cannot change screen resolutions without<br>"
+			"The support of this extension. It could also be<br>"
+			"That at the time <hilight>ecore</hilight> was built there<br>"
+			"was no XRandr support detected."));
+   return 0;
+}