Summary:
PAM on FreeBSD, unlike on Linux, does not allow users to check their own
password. Instead, we need a suid helper to do it for us. Add such a
helper on FreeBSD.
For now, it is limited to checking users in the local password database
(traditional Unix passwd file). This could and should be extended to use
PAM in a later patch.
Test Plan:
Tested empty pw, wrong pw, correct pw at lock screen; observed correct behavior
in each instance.
Reviewers: q66, zmike
Reviewed By: q66, zmike
Subscribers: cedric, seoz
Differential Revision: https://phab.enlightenment.org/D2355
Optimising compilers (like gcc/clang with -O1 or above) were optimising
out the memset(). Until link time optimisations are good enough, this
will prevent them from doing so. The best solution would be to use
memset_s() (c11), though it's not readily available yet. This is the
first step towards using memset_s() with a fallback for systems who
don't have it. A better solution, is to put it in Eina, to prevent LTO
completely. This will have to be done after the EFL release.
Even this is not entirely safe though, but at least it protects us from
some memory disclosure issues.
This doesn't solve the fact that we may store a copy of the password in
other places, like the input system. We need to address that too.
Thanks to Matthew Garrett for pointing this out or Twitter.
after this commit, the new-but-invisible module "lokker" (or other custom loaded module) is in charge of creating all graphics for the lock screen, and it will be added to the user's config. failure to load a lockscreen module will just result in a black screen
desklock subsystem now handles all the pre/post lock stuff while the modules themselves are responsible for creating visuals and calling auth functions to determine whether to unlock the screen