more paranoid memset 0 of desklock passwd (and comment them) - this way once
you have authed your passwd wil not live on in memmory 1 cycle longer than it needs to to get the pam auth done. security nuts shoudl be happy with that. still need to fix the personal password though... SVN revision: 24339
This commit is contained in:
parent
e23e558046
commit
87f257bb30
6
TODO
6
TODO
|
@ -107,8 +107,10 @@ Some of the things (in very short form) that need to be done to E17...
|
||||||
* clientinfo dialog could be nicer - then again it is an obsucre thing.
|
* clientinfo dialog could be nicer - then again it is an obsucre thing.
|
||||||
* desklock needs to sha1 the user password with one-way encryption and never
|
* desklock needs to sha1 the user password with one-way encryption and never
|
||||||
display it
|
display it
|
||||||
* deskclock's pam profile should be configurable as system-auth doesn't
|
* desklock's pam profile should be configurable as system-auth doesn't
|
||||||
always work - maybe have some auto-detect and scan of pam files :)
|
always work - maybe have some auto-detect and scan of pam files and steal
|
||||||
|
others like "xscreensaver" or "kscreensaver" that will be perfect for our
|
||||||
|
job - fall back to system-auth if nothing useful is found :)
|
||||||
* If a user has set a border type on a window, don't bother to check for
|
* If a user has set a border type on a window, don't bother to check for
|
||||||
changes.
|
changes.
|
||||||
* keybindings dialog doesn't conform its formatting or datatype naming to
|
* keybindings dialog doesn't conform its formatting or datatype naming to
|
||||||
|
|
|
@ -433,18 +433,14 @@ _e_desklock_cb_mouse_move(void *data, int type, void *event)
|
||||||
static void
|
static void
|
||||||
_e_desklock_passwd_update()
|
_e_desklock_passwd_update()
|
||||||
{
|
{
|
||||||
int ii;
|
char passwd_hidden[PASSWD_LEN] = "", *p, *pp;
|
||||||
char passwd_hidden[PASSWD_LEN * 3]="";
|
|
||||||
E_Desklock_Popup_Data *edp;
|
E_Desklock_Popup_Data *edp;
|
||||||
Evas_List *l;
|
Evas_List *l;
|
||||||
|
|
||||||
if (!edd) return;
|
if (!edd) return;
|
||||||
|
|
||||||
for (ii = 0; ii < strlen(edd->passwd); ii ++)
|
for (p = edd->passwd, pp = passwd_hidden; *p; p++, pp++) *pp = '*';
|
||||||
{
|
*pp = 0;
|
||||||
passwd_hidden[ii] = '*';
|
|
||||||
passwd_hidden[ii+1] = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
for (l = edd->elock_wnd_list; l; l = l->next)
|
for (l = edd->elock_wnd_list; l; l = l->next)
|
||||||
{
|
{
|
||||||
|
@ -516,6 +512,7 @@ _e_desklock_check_auth()
|
||||||
e_config->desklock_personal_passwd)))
|
e_config->desklock_personal_passwd)))
|
||||||
{
|
{
|
||||||
/* password ok */
|
/* password ok */
|
||||||
|
/* security - null out passwd string once we are done with it */
|
||||||
memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN);
|
memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN);
|
||||||
e_desklock_hide();
|
e_desklock_hide();
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -542,12 +539,14 @@ _e_desklock_cb_exit(void *data, int type, void *event)
|
||||||
/* ok */
|
/* ok */
|
||||||
if (ev->exit_code == 0)
|
if (ev->exit_code == 0)
|
||||||
{
|
{
|
||||||
|
/* security - null out passwd string once we are done with it */
|
||||||
memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN);
|
memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN);
|
||||||
e_desklock_hide();
|
e_desklock_hide();
|
||||||
}
|
}
|
||||||
/* error */
|
/* error */
|
||||||
else if (ev->exit_code < 128)
|
else if (ev->exit_code < 128)
|
||||||
{
|
{
|
||||||
|
/* security - null out passwd string once we are done with it */
|
||||||
memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN);
|
memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN);
|
||||||
e_desklock_hide();
|
e_desklock_hide();
|
||||||
e_util_dialog_show(_("Authentication System Error"),
|
e_util_dialog_show(_("Authentication System Error"),
|
||||||
|
@ -559,6 +558,7 @@ _e_desklock_cb_exit(void *data, int type, void *event)
|
||||||
/* failed auth */
|
/* failed auth */
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
/* security - null out passwd string once we are done with it */
|
||||||
memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN);
|
memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN);
|
||||||
_e_desklock_passwd_update();
|
_e_desklock_passwd_update();
|
||||||
}
|
}
|
||||||
|
@ -583,11 +583,18 @@ _desklock_auth(const char *passwd)
|
||||||
/* child */
|
/* child */
|
||||||
int pamerr;
|
int pamerr;
|
||||||
E_Desklock_Auth da;
|
E_Desklock_Auth da;
|
||||||
char *current_user;
|
char *current_user, *p;
|
||||||
|
|
||||||
current_user = _desklock_auth_get_current_user();
|
current_user = _desklock_auth_get_current_user();
|
||||||
strncpy(da.user, current_user, PATH_MAX);
|
strncpy(da.user, current_user, PATH_MAX);
|
||||||
strncpy(da.passwd, passwd, PATH_MAX);
|
strncpy(da.passwd, passwd, PATH_MAX);
|
||||||
|
/* security - null out passwd string once we are done with it */
|
||||||
|
for (p = (char *)passwd; *p; p++);
|
||||||
|
while (p >= passwd)
|
||||||
|
{
|
||||||
|
*p = 0;
|
||||||
|
p--;
|
||||||
|
}
|
||||||
da.pam.handle = NULL;
|
da.pam.handle = NULL;
|
||||||
da.pam.conv.conv = NULL;
|
da.pam.conv.conv = NULL;
|
||||||
da.pam.conv.appdata_ptr = NULL;
|
da.pam.conv.appdata_ptr = NULL;
|
||||||
|
@ -600,6 +607,7 @@ _desklock_auth(const char *passwd)
|
||||||
}
|
}
|
||||||
pamerr = pam_authenticate(da.pam.handle, 0);
|
pamerr = pam_authenticate(da.pam.handle, 0);
|
||||||
pam_end(da.pam.handle, pamerr);
|
pam_end(da.pam.handle, pamerr);
|
||||||
|
/* security - null out passwd string once we are done with it */
|
||||||
memset(da.passwd, 0, sizeof(da.passwd));
|
memset(da.passwd, 0, sizeof(da.passwd));
|
||||||
if (pamerr == PAM_SUCCESS)
|
if (pamerr == PAM_SUCCESS)
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue