enlightenment
/
enlightenment
5
6
Fork 8
Code Issues 17 Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19943 Commits
60 Branches
1 Tag
729 MiB
Tag: Branch: Tree: 93971bb6fc
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '93971bb6fc'
${ noResults }
enlightenment/src/bin/e_auth.c

233 lines
5.6 KiB
Raw Normal View History Unescape

feature: make desklock hookable, break out current desklock into module, move pam stuff to separate file after this commit, the new-but-invisible module "lokker" (or other custom loaded module) is in charge of creating all graphics for the lock screen, and it will be added to the user's config. failure to load a lockscreen module will just result in a black screen desklock subsystem now handles all the pre/post lock stuff while the modules themselves are responsible for creating visuals and calling auth functions to determine whether to unlock the screen
9 years ago
#include "e.h"
e_auth: Add suid helper for lokker own-pw checking on FreeBSD Summary: PAM on FreeBSD, unlike on Linux, does not allow users to check their own password. Instead, we need a suid helper to do it for us. Add such a helper on FreeBSD. For now, it is limited to checking users in the local password database (traditional Unix passwd file). This could and should be extended to use PAM in a later patch. Test Plan: Tested empty pw, wrong pw, correct pw at lock screen; observed correct behavior in each instance. Reviewers: q66, zmike Reviewed By: q66, zmike Subscribers: cedric, seoz Differential Revision: https://phab.enlightenment.org/D2355
8 years ago
#if defined(HAVE_PAM) && !defined(__FreeBSD__)
feature: make desklock hookable, break out current desklock into module, move pam stuff to separate file after this commit, the new-but-invisible module "lokker" (or other custom loaded module) is in charge of creating all graphics for the lock screen, and it will be added to the user's config. failure to load a lockscreen module will just result in a black screen desklock subsystem now handles all the pre/post lock stuff while the modules themselves are responsible for creating visuals and calling auth functions to determine whether to unlock the screen
9 years ago
# include <security/pam_appl.h>
# include <pwd.h>
typedef struct E_Auth
{
struct
{
struct pam_conv conv;
pam_handle_t *handle;
} pam;
char user[4096];
char passwd[4096];
} E_Auth;
static pid_t _e_auth_child_pid = -1;
static char *
_auth_auth_get_current_user(void)
{
char *user;
struct passwd *pwent = NULL;
pwent = getpwuid(getuid());
null check auth current user get CID 1155286
9 years ago
if (!pwent) return NULL;
feature: make desklock hookable, break out current desklock into module, move pam stuff to separate file after this commit, the new-but-invisible module "lokker" (or other custom loaded module) is in charge of creating all graphics for the lock screen, and it will be added to the user's config. failure to load a lockscreen module will just result in a black screen desklock subsystem now handles all the pre/post lock stuff while the modules themselves are responsible for creating visuals and calling auth functions to determine whether to unlock the screen
9 years ago
user = strdup(pwent->pw_name);
return user;
}
static int
_auth_auth_pam_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
{
int replies = 0;
E_Auth *da = (E_Auth *)appdata_ptr;
struct pam_response *reply = NULL;
reply = (struct pam_response *)malloc(sizeof(struct pam_response) * num_msg);
if (!reply) return PAM_CONV_ERR;
for (replies = 0; replies < num_msg; replies++)
{
switch (msg[replies]->msg_style)
{
case PAM_PROMPT_ECHO_ON:
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = strdup(da->user);
break;
case PAM_PROMPT_ECHO_OFF:
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = strdup(da->passwd);
break;
case PAM_ERROR_MSG:
case PAM_TEXT_INFO:
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = NULL;
break;
default:
free(reply);
return PAM_CONV_ERR;
}
}
*resp = reply;
return PAM_SUCCESS;
}
static int
_auth_pam_init(E_Auth *da)
{
int pamerr;
const char *pam_prof;
char *current_host;
char *current_user;
if (!da) return -1;
da->pam.conv.conv = _auth_auth_pam_conv;
da->pam.conv.appdata_ptr = da;
da->pam.handle = NULL;
/* try other pam profiles - and system-auth (login for fbsd users) is a fallback */
pam_prof = "login";
if (ecore_file_exists("/etc/pam.d/enlightenment"))
pam_prof = "enlightenment";
else if (ecore_file_exists("/etc/pam.d/xscreensaver"))
pam_prof = "xscreensaver";
else if (ecore_file_exists("/etc/pam.d/kscreensaver"))
pam_prof = "kscreensaver";
else if (ecore_file_exists("/etc/pam.d/system-auth"))
pam_prof = "system-auth";
else if (ecore_file_exists("/etc/pam.d/system"))
pam_prof = "system";
else if (ecore_file_exists("/etc/pam.d/xdm"))
pam_prof = "xdm";
else if (ecore_file_exists("/etc/pam.d/gdm"))
pam_prof = "gdm";
else if (ecore_file_exists("/etc/pam.d/kdm"))
pam_prof = "kdm";
if ((pamerr = pam_start(pam_prof, da->user, &(da->pam.conv),
&(da->pam.handle))) != PAM_SUCCESS)
return pamerr;
current_user = _auth_auth_get_current_user();
if ((pamerr = pam_set_item(da->pam.handle, PAM_USER, current_user)) != PAM_SUCCESS)
{
free(current_user);
return pamerr;
}
current_host = e_auth_hostname_get();
if ((pamerr = pam_set_item(da->pam.handle, PAM_RHOST, current_host)) != PAM_SUCCESS)
{
free(current_user);
free(current_host);
return pamerr;
}
free(current_user);
free(current_host);
return 0;
}
e_auth: Add suid helper for lokker own-pw checking on FreeBSD Summary: PAM on FreeBSD, unlike on Linux, does not allow users to check their own password. Instead, we need a suid helper to do it for us. Add such a helper on FreeBSD. For now, it is limited to checking users in the local password database (traditional Unix passwd file). This could and should be extended to use PAM in a later patch. Test Plan: Tested empty pw, wrong pw, correct pw at lock screen; observed correct behavior in each instance. Reviewers: q66, zmike Reviewed By: q66, zmike Subscribers: cedric, seoz Differential Revision: https://phab.enlightenment.org/D2355
8 years ago
#endif // HAVE_PAM && !__FreeBSD__
feature: make desklock hookable, break out current desklock into module, move pam stuff to separate file after this commit, the new-but-invisible module "lokker" (or other custom loaded module) is in charge of creating all graphics for the lock screen, and it will be added to the user's config. failure to load a lockscreen module will just result in a black screen desklock subsystem now handles all the pre/post lock stuff while the modules themselves are responsible for creating visuals and calling auth functions to determine whether to unlock the screen
9 years ago
EAPI int
e_auth: Add suid helper for lokker own-pw checking on FreeBSD Summary: PAM on FreeBSD, unlike on Linux, does not allow users to check their own password. Instead, we need a suid helper to do it for us. Add such a helper on FreeBSD. For now, it is limited to checking users in the local password database (traditional Unix passwd file). This could and should be extended to use PAM in a later patch. Test Plan: Tested empty pw, wrong pw, correct pw at lock screen; observed correct behavior in each instance. Reviewers: q66, zmike Reviewed By: q66, zmike Subscribers: cedric, seoz Differential Revision: https://phab.enlightenment.org/D2355
8 years ago
#if defined(__FreeBSD__)
e_auth_begin(char *passwd)
{
char buf[PATH_MAX], *p;
Ecore_Exe *exe = NULL;
int ret = 0;
if (strlen(passwd) == 0) goto out;
snprintf(buf, sizeof(buf), "%s/enlightenment/utils/enlightenment_ckpasswd",
e_prefix_lib_get());
exe = ecore_exe_pipe_run(buf, ECORE_EXE_PIPE_WRITE, NULL);
if (ecore_exe_send(exe, passwd, strlen(passwd)) != EINA_TRUE) goto out;
ecore_exe_close_stdin(exe);
ret = ecore_exe_pid_get(exe);
if (ret == -1)
{
ret = 0;
goto out;
}
exe = NULL;
out:
if (exe) ecore_exe_free(exe);
/* security - null out passwd string once we are done with it */
for (p = passwd; *p; p++)
*p = 0;
if (passwd[0] || passwd[3]) fprintf(stderr, "ACK!\n");
return ret;
}
#elif defined(HAVE_PAM)
feature: make desklock hookable, break out current desklock into module, move pam stuff to separate file after this commit, the new-but-invisible module "lokker" (or other custom loaded module) is in charge of creating all graphics for the lock screen, and it will be added to the user's config. failure to load a lockscreen module will just result in a black screen desklock subsystem now handles all the pre/post lock stuff while the modules themselves are responsible for creating visuals and calling auth functions to determine whether to unlock the screen
9 years ago
e_auth_begin(char *passwd)
{
/* child */
int pamerr;
E_Auth da;
E auth: improve clearing out passwords from memory. Optimising compilers (like gcc/clang with -O1 or above) were optimising out the memset(). Until link time optimisations are good enough, this will prevent them from doing so. The best solution would be to use memset_s() (c11), though it's not readily available yet. This is the first step towards using memset_s() with a fallback for systems who don't have it. A better solution, is to put it in Eina, to prevent LTO completely. This will have to be done after the EFL release. Even this is not entirely safe though, but at least it protects us from some memory disclosure issues. This doesn't solve the fact that we may store a copy of the password in other places, like the input system. We need to address that too. Thanks to Matthew Garrett for pointing this out or Twitter.
8 years ago
char *current_user;
feature: make desklock hookable, break out current desklock into module, move pam stuff to separate file after this commit, the new-but-invisible module "lokker" (or other custom loaded module) is in charge of creating all graphics for the lock screen, and it will be added to the user's config. failure to load a lockscreen module will just result in a black screen desklock subsystem now handles all the pre/post lock stuff while the modules themselves are responsible for creating visuals and calling auth functions to determine whether to unlock the screen
9 years ago
struct sigaction action;
_e_auth_child_pid = fork();
if (_e_auth_child_pid > 0) return _e_auth_child_pid;
if (_e_auth_child_pid < 0) return -1;
action.sa_handler = SIG_DFL;
action.sa_flags = SA_ONSTACK | SA_NODEFER | SA_RESETHAND | SA_SIGINFO;
sigemptyset(&action.sa_mask);
sigaction(SIGSEGV, &action, NULL);
sigaction(SIGILL, &action, NULL);
sigaction(SIGFPE, &action, NULL);
sigaction(SIGBUS, &action, NULL);
sigaction(SIGABRT, &action, NULL);
current_user = _auth_auth_get_current_user();
eina_strlcpy(da.user, current_user, sizeof(da.user));
eina_strlcpy(da.passwd, passwd, sizeof(da.passwd));
/* security - null out passwd string once we are done with it */
E auth: improve clearing out passwords from memory. Optimising compilers (like gcc/clang with -O1 or above) were optimising out the memset(). Until link time optimisations are good enough, this will prevent them from doing so. The best solution would be to use memset_s() (c11), though it's not readily available yet. This is the first step towards using memset_s() with a fallback for systems who don't have it. A better solution, is to put it in Eina, to prevent LTO completely. This will have to be done after the EFL release. Even this is not entirely safe though, but at least it protects us from some memory disclosure issues. This doesn't solve the fact that we may store a copy of the password in other places, like the input system. We need to address that too. Thanks to Matthew Garrett for pointing this out or Twitter.
8 years ago
e_util_memclear(passwd, strlen(passwd));
feature: make desklock hookable, break out current desklock into module, move pam stuff to separate file after this commit, the new-but-invisible module "lokker" (or other custom loaded module) is in charge of creating all graphics for the lock screen, and it will be added to the user's config. failure to load a lockscreen module will just result in a black screen desklock subsystem now handles all the pre/post lock stuff while the modules themselves are responsible for creating visuals and calling auth functions to determine whether to unlock the screen
9 years ago
da.pam.handle = NULL;
da.pam.conv.conv = NULL;
da.pam.conv.appdata_ptr = NULL;
pamerr = _auth_pam_init(&da);
if (pamerr != PAM_SUCCESS)
{
free(current_user);
exit(1);
}
pamerr = pam_authenticate(da.pam.handle, 0);
pam_end(da.pam.handle, pamerr);
/* security - null out passwd string once we are done with it */
E auth: improve clearing out passwords from memory. Optimising compilers (like gcc/clang with -O1 or above) were optimising out the memset(). Until link time optimisations are good enough, this will prevent them from doing so. The best solution would be to use memset_s() (c11), though it's not readily available yet. This is the first step towards using memset_s() with a fallback for systems who don't have it. A better solution, is to put it in Eina, to prevent LTO completely. This will have to be done after the EFL release. Even this is not entirely safe though, but at least it protects us from some memory disclosure issues. This doesn't solve the fact that we may store a copy of the password in other places, like the input system. We need to address that too. Thanks to Matthew Garrett for pointing this out or Twitter.
8 years ago
e_util_memclear(da.passwd, sizeof(da.passwd));
feature: make desklock hookable, break out current desklock into module, move pam stuff to separate file after this commit, the new-but-invisible module "lokker" (or other custom loaded module) is in charge of creating all graphics for the lock screen, and it will be added to the user's config. failure to load a lockscreen module will just result in a black screen desklock subsystem now handles all the pre/post lock stuff while the modules themselves are responsible for creating visuals and calling auth functions to determine whether to unlock the screen
9 years ago
if (pamerr == PAM_SUCCESS)
{
free(current_user);
exit(0);
}
free(current_user);
exit(-1);
enlightenment - removed warnings.
9 years ago
feature: make desklock hookable, break out current desklock into module, move pam stuff to separate file after this commit, the new-but-invisible module "lokker" (or other custom loaded module) is in charge of creating all graphics for the lock screen, and it will be added to the user's config. failure to load a lockscreen module will just result in a black screen desklock subsystem now handles all the pre/post lock stuff while the modules themselves are responsible for creating visuals and calling auth functions to determine whether to unlock the screen
9 years ago
return 0;
}
enlightenment - removed warnings.
9 years ago
#else
e_auth_begin(char *passwd EINA_UNUSED)
{
return 0;
}
#endif
feature: make desklock hookable, break out current desklock into module, move pam stuff to separate file after this commit, the new-but-invisible module "lokker" (or other custom loaded module) is in charge of creating all graphics for the lock screen, and it will be added to the user's config. failure to load a lockscreen module will just result in a black screen desklock subsystem now handles all the pre/post lock stuff while the modules themselves are responsible for creating visuals and calling auth functions to determine whether to unlock the screen
9 years ago
EAPI char *
e_auth_hostname_get(void)
{
return strdup("localhost");
}