From fddcaa43c43c14a9510fd198accb71389985bd96 Mon Sep 17 00:00:00 2001
From: Al Poole <netstar@gmail.com>
Date: Thu, 8 Sep 2016 10:06:51 -0400
Subject: [PATCH] OpenBSD non-PAM lokker authentication.

Reviewers: ManMower, zmike!

Subscribers: raster, ManMower, cedric

Differential Revision: https://phab.enlightenment.org/D4204
---
 src/bin/e_auth.c     | 39 +++++++++++++++++++++++++++--
 src/bin/e_desklock.c |  2 +-
 src/bin/e_sys_main.c | 59 ++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 97 insertions(+), 3 deletions(-)

diff --git a/src/bin/e_auth.c b/src/bin/e_auth.c
index 78d171c2f..9754ce2d9 100644
--- a/src/bin/e_auth.c
+++ b/src/bin/e_auth.c
@@ -1,6 +1,6 @@
 #include "e.h"
 
-#if defined(HAVE_PAM) && !defined(__FreeBSD__)
+#if defined(HAVE_PAM) && !defined(__FreeBSD__)  && !defined(__OpenBSD__)
 # include <security/pam_appl.h>
 # include <pwd.h>
 
@@ -128,7 +128,7 @@ _auth_pam_init(E_Auth *da)
    free(current_host);
    return 0;
 }
-#endif  // HAVE_PAM && !__FreeBSD__
+#endif  // HAVE_PAM && !__FreeBSD__ && !_OpenBSD__
 
 E_API int
 #if defined(__FreeBSD__)
@@ -165,6 +165,41 @@ out:
 
    return ret;
 }
+#elif defined(__OpenBSD__)
+e_auth_begin(char *passwd)
+{
+   char exe_path[PATH_MAX], *p;
+   Ecore_Exe *exe = NULL;
+   int ret = 0;
+   int len = strlen(passwd);
+
+   if (len == 0) goto out;
+
+   snprintf(exe_path, sizeof(exe_path), "%s/enlightenment/utils/enlightenment_sys -z",
+            e_prefix_lib_get());
+
+   exe = ecore_exe_pipe_run(exe_path, ECORE_EXE_PIPE_WRITE, NULL);
+   if (!exe) goto out;
+   if (ecore_exe_send(exe, passwd, len) != EINA_TRUE) goto out;
+   if (ecore_exe_send(exe, "\n", 1) != EINA_TRUE) goto out;
+   ecore_exe_close_stdin(exe);
+
+   ret = ecore_exe_pid_get(exe);
+   if (ret == -1)
+     {
+       ret = 0;
+       goto out;
+     }
+ 
+   exe = NULL;
+out:
+   if (exe) ecore_exe_free(exe);
+
+   for (p = passwd; *p; p++)
+     *p = 0;
+
+   return ret;
+}
 #elif defined(HAVE_PAM)
 e_auth_begin(char *passwd)
 {
diff --git a/src/bin/e_desklock.c b/src/bin/e_desklock.c
index d29183528..7b2a767ed 100644
--- a/src/bin/e_desklock.c
+++ b/src/bin/e_desklock.c
@@ -259,7 +259,7 @@ e_desklock_show(Eina_Bool suspend)
         return 1;
      }
 
-#ifndef HAVE_PAM
+#if ! defined(HAVE_PAM) && ! defined(__OpenBSD__)
    if (e_desklock_is_system())
      {
         e_util_dialog_show(_("Error - no PAM support"),
diff --git a/src/bin/e_sys_main.c b/src/bin/e_sys_main.c
index 79f30efb3..54c60b9c3 100644
--- a/src/bin/e_sys_main.c
+++ b/src/bin/e_sys_main.c
@@ -49,6 +49,56 @@ static int       auth_etc_enlightenment_sysactions(char *a,
 static void      auth_etc_enlightenment_sysactions_perm(char *path);
 static char     *get_word(char *s,
                           char *d);
+#if defined(__OpenBSD__)
+
+static void
+_exit_backoff(void)
+{
+   sleep(3);
+   exit(1 << 7);
+}
+
+static int
+_check_auth(const char *guess)
+{
+   struct passwd *pw_ent;
+   uid_t uid = getuid();
+
+   pw_ent = getpwuid_shadow(uid);
+   if (!pw_ent)
+     _exit_backoff();
+
+   return crypt_checkpass(guess, pw_ent->pw_passwd);
+}
+
+static int
+auth_generic_enlightenment_desklock(void)
+{
+   char buf[4096];
+   char byte[1];
+   int res = -1;
+   int i = 0;
+
+   while (read(STDIN_FILENO, byte, sizeof(byte)) > 0)
+     {
+        if (byte[0] == '\n') break;
+        buf[i++] = byte[0];
+        if (i == sizeof(buf) -1) break;
+     }
+
+   buf[i] = '\0';
+
+   if (!i)
+     _exit_backoff();
+
+   res = _check_auth(buf);
+
+   if (res) _exit_backoff();
+
+   return res;
+}
+
+#endif
 
 /* local subsystem globals */
 static Eina_Hash *actions = NULL;
@@ -82,6 +132,15 @@ main(int argc,
              exit(0);
           }
      }
+#if defined(__OpenBSD__)
+   if (argc >= 2)
+     {
+        if (!strcmp(argv[1], "-z"))
+          {
+             exit(auth_generic_enlightenment_desklock());
+          }
+     }
+#endif
    if (argc >= 3)
      {
         if ((argc == 3) && (!strcmp(argv[1], "-t")))