so memset_s still doesn't get detected (add a check anyway), but there
are other alternatives, so detect and use them if found
(explicit_bzero, explicit_memset) in addition to the generally
"practically works" memset ptr method we had and.. just to be extra
safe add an asm memory barrier to this fallback. also.. mlock the
passwd memory in lokker (if it doesn't work - don't worry - there is
nothing we can do, so we did our best) to avoid this memory gettign
swapped etc.
new feature - polkit auth agent support partly in core (need to have
the pam setuid root auth tool respond via dbus) and partly a module
(the agent dbus protocol handling and setup as well as auth gui). this
took me a while even with all the docs to work out how polkit works...
it was really fussy and its data structs are an extra pain in the butt
to craft with eldbus, but i managed it. not everything is supported
but the core basics are there and this can be built on.
right now the gui is really basic, but does the job.
this should fix T6211 ensuring no drivers can cause a segfault at exit
time. this also happens to remove the enlightenment_sys -z option for
openbsd and unifies all the passwd checking into the single
enlightenment_ckpasswd binary util (that has ifdefs for openbsd,
freebsd and linux pam in it).
this simplifies code removing a mess of auth being done in multiple
places, removes special fork vs run 1 exe or a different exe in
different cases making it more maintainable. yes - this requires
enlightenment_ckpasswd to be setuid root, but it already was when it
was built.
@fix
this works around an apparently atexit() handler in nvidia drivers
that if you fork() a parent and do NOT exec() then the child process
will end up messing with the parent processes access to the nvidia
devices/display/whatever i believe via an atexit() handler because
moving from exit() to _exit() solves the issue. fixes T6197
@fix
Summary:
PAM on FreeBSD, unlike on Linux, does not allow users to check their own
password. Instead, we need a suid helper to do it for us. Add such a
helper on FreeBSD.
For now, it is limited to checking users in the local password database
(traditional Unix passwd file). This could and should be extended to use
PAM in a later patch.
Test Plan:
Tested empty pw, wrong pw, correct pw at lock screen; observed correct behavior
in each instance.
Reviewers: q66, zmike
Reviewed By: q66, zmike
Subscribers: cedric, seoz
Differential Revision: https://phab.enlightenment.org/D2355
Optimising compilers (like gcc/clang with -O1 or above) were optimising
out the memset(). Until link time optimisations are good enough, this
will prevent them from doing so. The best solution would be to use
memset_s() (c11), though it's not readily available yet. This is the
first step towards using memset_s() with a fallback for systems who
don't have it. A better solution, is to put it in Eina, to prevent LTO
completely. This will have to be done after the EFL release.
Even this is not entirely safe though, but at least it protects us from
some memory disclosure issues.
This doesn't solve the fact that we may store a copy of the password in
other places, like the input system. We need to address that too.
Thanks to Matthew Garrett for pointing this out or Twitter.
after this commit, the new-but-invisible module "lokker" (or other custom loaded module) is in charge of creating all graphics for the lock screen, and it will be added to the user's config. failure to load a lockscreen module will just result in a black screen
desklock subsystem now handles all the pre/post lock stuff while the modules themselves are responsible for creating visuals and calling auth functions to determine whether to unlock the screen
Carsten Haitzler
Al Poole
Chris Michael
Conrad Meyer
Tom Hacohen
Mike Blumenkrantz
ChunEon Park