enlightenment/enlightenment
enlightenment
/
enlightenment
10
9
Fork 12
Code Issues 25 Pull Requests 2 Projects Releases Wiki Activity

more paranoid memset 0 of desklock passwd (and comment them) - this way once 

you have authed your passwd wil not live on in memmory 1 cycle longer than it
needs to to get the pam auth done. security nuts shoudl be happy with that.
still need to fix the personal password though...


SVN revision: 24339
This commit is contained in:
Carsten Haitzler 2006-08-01 04:14:34 +00:00
parent e23e558046
commit 87f257bb30
2 changed files with 23 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
TODO
View File

@ -107,8 +107,10 @@ Some of the things (in very short form) that need to be done to E17...
* clientinfo dialog could be nicer - then again it is an obsucre thing. * clientinfo dialog could be nicer - then again it is an obsucre thing.
* desklock needs to sha1 the user password with one-way encryption and never * desklock needs to sha1 the user password with one-way encryption and never
display it display it
* deskclock's pam profile should be configurable as system-auth doesn't * desklock's pam profile should be configurable as system-auth doesn't
always work - maybe have some auto-detect and scan of pam files :) always work - maybe have some auto-detect and scan of pam files and steal
others like "xscreensaver" or "kscreensaver" that will be perfect for our
job - fall back to system-auth if nothing useful is found :)
* If a user has set a border type on a window, don't bother to check for * If a user has set a border type on a window, don't bother to check for
changes. changes.
* keybindings dialog doesn't conform its formatting or datatype naming to * keybindings dialog doesn't conform its formatting or datatype naming to

30
src/bin/e_desklock.c
View File

@ -433,18 +433,14 @@ _e_desklock_cb_mouse_move(void *data, int type, void *event)
static void static void
_e_desklock_passwd_update() _e_desklock_passwd_update()
{ {
int ii; char passwd_hidden[PASSWD_LEN] = "", *p, *pp;
char passwd_hidden[PASSWD_LEN * 3]="";
E_Desklock_Popup_Data *edp; E_Desklock_Popup_Data *edp;
Evas_List *l; Evas_List *l;
if (!edd) return; if (!edd) return;
for (ii = 0; ii < strlen(edd->passwd); ii ++) for (p = edd->passwd, pp = passwd_hidden; *p; p++, pp++) *pp = '*';
{ *pp = 0;
passwd_hidden[ii] = '*';
passwd_hidden[ii+1] = 0;
}
for (l = edd->elock_wnd_list; l; l = l->next) for (l = edd->elock_wnd_list; l; l = l->next)
{ {
@ -456,9 +452,9 @@ _e_desklock_passwd_update()
static void static void
_e_desklock_backspace() _e_desklock_backspace()
{ {
int len, val, pos; int len, val, pos;
if (!edd) return; if (!edd) return;
len = strlen(edd->passwd); len = strlen(edd->passwd);
if (len > 0) if (len > 0)
@ -516,6 +512,7 @@ _e_desklock_check_auth()
e_config->desklock_personal_passwd))) e_config->desklock_personal_passwd)))
{ {
/* password ok */ /* password ok */
/* security - null out passwd string once we are done with it */
memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN); memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN);
e_desklock_hide(); e_desklock_hide();
return 1; return 1;
@ -542,12 +539,14 @@ _e_desklock_cb_exit(void *data, int type, void *event)
/* ok */ /* ok */
if (ev->exit_code == 0) if (ev->exit_code == 0)
{ {
/* security - null out passwd string once we are done with it */
memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN); memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN);
e_desklock_hide(); e_desklock_hide();
} }
/* error */ /* error */
else if (ev->exit_code < 128) else if (ev->exit_code < 128)
{ {
/* security - null out passwd string once we are done with it */
memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN); memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN);
e_desklock_hide(); e_desklock_hide();
e_util_dialog_show(_("Authentication System Error"), e_util_dialog_show(_("Authentication System Error"),
@ -559,6 +558,7 @@ _e_desklock_cb_exit(void *data, int type, void *event)
/* failed auth */ /* failed auth */
else else
{ {
/* security - null out passwd string once we are done with it */
memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN); memset(edd->passwd, 0, sizeof(char) * PASSWD_LEN);
_e_desklock_passwd_update(); _e_desklock_passwd_update();
} }
@ -583,11 +583,18 @@ _desklock_auth(const char *passwd)
/* child */ /* child */
int pamerr; int pamerr;
E_Desklock_Auth da; E_Desklock_Auth da;
char *current_user; char *current_user, *p;
current_user = _desklock_auth_get_current_user(); current_user = _desklock_auth_get_current_user();
strncpy(da.user, current_user, PATH_MAX); strncpy(da.user, current_user, PATH_MAX);
strncpy(da.passwd, passwd, PATH_MAX); strncpy(da.passwd, passwd, PATH_MAX);
/* security - null out passwd string once we are done with it */
for (p = (char *)passwd; *p; p++);
while (p >= passwd)
{
*p = 0;
p--;
}
da.pam.handle = NULL; da.pam.handle = NULL;
da.pam.conv.conv = NULL; da.pam.conv.conv = NULL;
da.pam.conv.appdata_ptr = NULL; da.pam.conv.appdata_ptr = NULL;
@ -600,6 +607,7 @@ _desklock_auth(const char *passwd)
} }
pamerr = pam_authenticate(da.pam.handle, 0); pamerr = pam_authenticate(da.pam.handle, 0);
pam_end(da.pam.handle, pamerr); pam_end(da.pam.handle, pamerr);
/* security - null out passwd string once we are done with it */
memset(da.passwd, 0, sizeof(da.passwd)); memset(da.passwd, 0, sizeof(da.passwd));
if (pamerr == PAM_SUCCESS) if (pamerr == PAM_SUCCESS)
{ {