gboolean
gs_auth_verify_user (const char *username,
const char *display,
GSAuthMessageFunc func,
gpointer data,
GError **error)
{
int res;
char *password;
/* ask for the password for user */
if (func != NULL) {
func (GS_AUTH_MESSAGE_PROMPT_ECHO_OFF,
"Password: "******"auth-gnome-screensaver", password);
return res;
}
bool
user_auth(char *user, char *pass)
{
#ifdef BSD_AUTH
if (auth_userokay(user, NULL, NULL, pass) != 0)
return true;
#endif
return false;
}
static void
bsdauth_verify_plain(struct auth_request *request, const char *password,
verify_plain_callback_t *callback)
{
struct passwd pw;
const char *type;
int result;
auth_request_log_debug(request, "bsdauth", "lookup");
switch (i_getpwnam(request->user, &pw)) {
case -1:
auth_request_log_error(request, "bsdauth",
"getpwnam() failed: %m");
callback(PASSDB_RESULT_INTERNAL_FAILURE, request);
return;
case 0:
auth_request_log_unknown_user(request, "bsdauth");
callback(PASSDB_RESULT_USER_UNKNOWN, request);
return;
}
/* check if the password is valid */
type = t_strdup_printf("auth-%s", request->service);
result = auth_userokay(request->user, NULL, t_strdup_noconst(type),
t_strdup_noconst(password));
/* clear the passwords from memory */
safe_memset(pw.pw_passwd, 0, strlen(pw.pw_passwd));
if (result == 0) {
auth_request_log_password_mismatch(request, "bsdauth");
callback(PASSDB_RESULT_PASSWORD_MISMATCH, request);
return;
}
/* make sure we're using the username exactly as it's in the database */
auth_request_set_field(request, "user", pw.pw_name, NULL);
callback(PASSDB_RESULT_OK, request);
}
int main(int argc, char **argv) {
char buf[BUFSIZE];
char *pass;
int i, ret;
if (-1 == pledge("exec getpw proc rpath stdio", NULL))
err(5, "pledge");
explicit_bzero(buf, sizeof(buf));
/* Read the username and password from stdin */
if (4 > fill_buf(buf, sizeof(buf)))
errx(2, "not enough input data");
/* Make sure buffer is null-terminated */
if ('\0' != buf[sizeof(buf)-1])
errx(3, "not enough buffer space");
/* Find password */
pass = NULL;
for (i = 0; i < sizeof(buf)-1; ++i) {
if ('\0' == buf[i]) {
pass = buf+i+1;
break;
}
}
if (NULL == pass)
errx(4, "password not found");
/* Check password */
ret = auth_userokay(buf, NULL, NULL, pass);
explicit_bzero(buf, sizeof(buf));
if (0 != ret) {
printf("Ok.\n");
return 0;
}
printf("Fail.\n");
return 4;
}
static void
authenticate(struct imsgev *iev, struct imsg *imsg)
{
struct auth_req *req = imsg->data;
struct passwd *pw;
int pair[2];
if (auth_userokay(req->user, NULL, "auth-pop3", req->pass) == 0) {
logit(LOG_INFO, "%u: auth [%s] failed",
imsg->hdr.peerid, req->user);
pair[0] = -1;
goto end;
}
logit(LOG_INFO, "%u: auth [%s] passed", imsg->hdr.peerid,
req->user);
if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pair) == -1)
fatal("socketpair");
set_nonblocking(pair[0]);
set_nonblocking(pair[1]);
if ((pw = getpwnam(req->user)) == NULL)
fatalx("authenticate: getpwnam");
if (maildrop_setup(imsg->hdr.peerid, pair, pw) == -1) {
logit(LOG_INFO, "%u: unable to fork maildrop process",
imsg->hdr.peerid);
close(pair[0]);
close(pair[1]);
pair[0] = -1;
goto end;
}
close(pair[1]);
end:
imsgev_xcompose(iev, IMSG_AUTH, imsg->hdr.peerid, 0,
pair[0], NULL, 0, "authenticate");
}
/*ARGSUSED*/
int
main(int argc, char *argv[])
{
char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ], date[256];
char *p, *style, *nstyle, *ttynam;
struct itimerval ntimer, otimer;
int ch, sectimeout, usemine;
const char *errstr;
struct passwd *pw;
struct tm *timp;
time_t curtime;
login_cap_t *lc;
sectimeout = TIMEOUT;
style = NULL;
usemine = 0;
no_timeout = 0;
if (!(pw = getpwuid(getuid())))
errx(1, "unknown uid %u.", getuid());
lc = login_getclass(pw->pw_class);
while ((ch = getopt(argc, argv, "a:npt:")) != -1)
switch (ch) {
case 'a':
if (lc) {
style = login_getstyle(lc, optarg, "auth-lock");
if (style == NULL)
errx(1,
"invalid authentication style: %s",
optarg);
}
usemine = 1;
break;
case 't':
sectimeout = (int)strtonum(optarg, 1, INT_MAX, &errstr);
if (errstr)
errx(1, "timeout %s: %s", errstr, optarg);
break;
case 'p':
usemine = 1;
break;
case 'n':
no_timeout = 1;
break;
default:
(void)fprintf(stderr,
"usage: %s [-np] [-a style] [-t timeout]\n",
__progname);
exit(1);
}
timeout.tv_sec = sectimeout * 60;
gethostname(hostname, sizeof(hostname));
if (!(ttynam = ttyname(STDIN_FILENO)))
errx(1, "not a terminal?");
curtime = time(NULL);
nexttime = curtime + (sectimeout * 60);
timp = localtime(&curtime);
strftime(date, sizeof(date), "%c", timp);
if (!usemine) {
/* get key and check again */
if (!readpassphrase("Key: ", s, sizeof(s), RPP_ECHO_OFF) ||
*s == '\0')
exit(0);
/*
* Don't need EOF test here, if we get EOF, then s1 != s
* and the right things will happen.
*/
(void)readpassphrase("Again: ", s1, sizeof(s1), RPP_ECHO_OFF);
if (strcmp(s1, s)) {
warnx("\apasswords didn't match.");
exit(1);
}
s[0] = '\0';
}
/* set signal handlers */
(void)signal(SIGINT, hi);
(void)signal(SIGQUIT, hi);
(void)signal(SIGTSTP, hi);
(void)signal(SIGALRM, bye);
ntimer.it_interval = zerotime;
ntimer.it_value = timeout;
if (!no_timeout)
setitimer(ITIMER_REAL, &ntimer, &otimer);
/* header info */
if (no_timeout) {
(void)fprintf(stderr,
"%s: %s on %s. no timeout\ntime now is %s\n",
__progname, ttynam, hostname, date);
} else {
(void)fprintf(stderr,
"%s: %s on %s. timeout in %d minutes\ntime now is %s\n",
__progname, ttynam, hostname, sectimeout, date);
}
for (;;) {
if (!readpassphrase("Key: ", s, sizeof(s), RPP_ECHO_OFF) ||
*s == '\0') {
hi(0);
continue;
}
if (usemine) {
/*
* If user entered 's/key' or the style specified via
* the '-a' argument, auth_userokay() will prompt
* for a new password. Otherwise, use what we have.
*/
if ((strcmp(s, "s/key") == 0 &&
(nstyle = login_getstyle(lc, "skey", "auth-lock")))
|| ((nstyle = style) && strcmp(s, nstyle) == 0))
p = NULL;
else
p = s;
if (auth_userokay(pw->pw_name, nstyle, "auth-lock", p))
break;
} else if (strcmp(s, s1) == 0)
break;
(void)putc('\a', stderr);
}
exit(0);
}
int
main(int argc, char **argv) {
char curs[] = {0, 0, 0, 0, 0, 0, 0, 0};
char buf[32], passwd[256];
int num, screen;
#ifndef HAVE_BSD_AUTH
const char *pws;
#endif
unsigned int len;
Bool running = True;
Cursor invisible;
Display *dpy;
KeySym ksym;
Pixmap pmap;
Window root, w;
XColor black, dummy;
XEvent ev;
XSetWindowAttributes wa;
if((argc == 2) && !strcmp("-v", argv[1]))
die("slock-"VERSION", © 2006-2008 Anselm R Garbe\n");
else if(argc != 1)
die("usage: slock [-vb]\n");
backlight_of();
#ifndef HAVE_BSD_AUTH
pws = get_password();
#endif
if(!(dpy = XOpenDisplay(0)))
die("slock: cannot open display\n");
screen = DefaultScreen(dpy);
root = RootWindow(dpy, screen);
/* init */
wa.override_redirect = 1;
wa.background_pixel = BlackPixel(dpy, screen);
w = XCreateWindow(dpy, root, 0, 0, DisplayWidth(dpy, screen), DisplayHeight(dpy, screen),
0, DefaultDepth(dpy, screen), CopyFromParent,
DefaultVisual(dpy, screen), CWOverrideRedirect | CWBackPixel, &wa);
XAllocNamedColor(dpy, DefaultColormap(dpy, screen), "black", &black, &dummy);
pmap = XCreateBitmapFromData(dpy, w, curs, 8, 8);
invisible = XCreatePixmapCursor(dpy, pmap, pmap, &black, &black, 0, 0);
XDefineCursor(dpy, w, invisible);
XMapRaised(dpy, w);
for(len = 1000; len; len--) {
if(XGrabPointer(dpy, root, False, ButtonPressMask | ButtonReleaseMask | PointerMotionMask,
GrabModeAsync, GrabModeAsync, None, invisible, CurrentTime) == GrabSuccess)
break;
usleep(1000);
}
if((running = running && (len > 0))) {
for(len = 1000; len; len--) {
if(XGrabKeyboard(dpy, root, True, GrabModeAsync, GrabModeAsync, CurrentTime)
== GrabSuccess)
break;
usleep(1000);
}
running = (len > 0);
}
len = 0;
XSync(dpy, False);
/* main event loop */
while(running && !XNextEvent(dpy, &ev)) {
if(len == 0 && DPMSCapable(dpy)) {
DPMSEnable(dpy);
DPMSForceLevel(dpy, DPMSModeOff);
}
if(ev.type == KeyPress) {
buf[0] = 0;
num = XLookupString(&ev.xkey, buf, sizeof buf, &ksym, 0);
if(IsKeypadKey(ksym)) {
if(ksym == XK_KP_Enter)
ksym = XK_Return;
else if(ksym >= XK_KP_0 && ksym <= XK_KP_9)
ksym = (ksym - XK_KP_0) + XK_0;
}
if(IsFunctionKey(ksym) || IsKeypadKey(ksym)
|| IsMiscFunctionKey(ksym) || IsPFKey(ksym)
|| IsPrivateKeypadKey(ksym))
continue;
switch(ksym) {
case XK_Return:
passwd[len] = 0;
#ifdef HAVE_BSD_AUTH
running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd);
#else
running = strcmp(crypt(passwd, pws), pws);
#endif
if (running != 0)
XBell(dpy, 100);
len = 0;
break;
case XK_Escape:
len = 0;
break;
case XK_BackSpace:
if(len)
--len;
break;
default:
if(num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) {
memcpy(passwd + len, buf, num);
len += num;
}
break;
}
}
}
XUngrabPointer(dpy, CurrentTime);
XFreePixmap(dpy, pmap);
XDestroyWindow(dpy, w);
XCloseDisplay(dpy);
backlight_on();
return 0;
}
/*
* Tries to authenticate the user using password. Returns true if
* authentication succeeds.
*/
int
auth_password(Authctxt *authctxt, const char *password)
{
#if defined(USE_PAM)
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
return auth_pam_password(authctxt, password);
#elif defined(HAVE_OSF_SIA)
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
return auth_sia_password(authctxt, password);
#else
struct passwd * pw = authctxt->pw;
char *encrypted_password;
char *pw_password;
char *salt;
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
struct spwd *spw;
#endif
#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
struct passwd_adjunct *spw;
#endif
#ifdef WITH_AIXAUTHENTICATE
char *authmsg;
int authsuccess;
int reenter = 1;
#endif
/* deny if no user. */
if (pw == NULL)
return 0;
#ifndef HAVE_CYGWIN
if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
return 0;
#endif
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
#ifdef KRB5
if (options.kerberos_authentication == 1) {
int ret = auth_krb5_password(authctxt, password);
if (ret == 1 || ret == 0)
return ret;
/* Fall back to ordinary passwd authentication. */
}
#endif
#ifdef HAVE_CYGWIN
if (is_winnt) {
HANDLE hToken = cygwin_logon_user(pw, password);
if (hToken == INVALID_HANDLE_VALUE)
return 0;
cygwin_set_impersonation_token(hToken);
return 1;
}
#endif
#ifdef WITH_AIXAUTHENTICATE
authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
if (authsuccess)
/* We don't have a pty yet, so just label the line as "ssh" */
if (loginsuccess(authctxt->user,
get_canonical_hostname(options.verify_reverse_mapping),
"ssh", &aixloginmsg) < 0)
aixloginmsg = NULL;
return(authsuccess);
#endif
#ifdef KRB4
if (options.kerberos_authentication == 1) {
int ret = auth_krb4_password(authctxt, password);
if (ret == 1 || ret == 0)
return ret;
/* Fall back to ordinary passwd authentication. */
}
#endif
#ifdef BSD_AUTH
if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",
(char *)password) == 0)
return 0;
else
return 1;
#endif
pw_password = pw->pw_passwd;
/*
* Various interfaces to shadow or protected password data
*/
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
spw = getspnam(pw->pw_name);
if (spw != NULL)
pw_password = spw->sp_pwdp;
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
pw_password = spw->pwa_passwd;
#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
/* Check for users with no password. */
if ((password[0] == '\0') && (pw_password[0] == '\0'))
return 1;
if (pw_password[0] != '\0')
salt = pw_password;
else
salt = "xx";
#ifdef HAVE_MD5_PASSWORDS
if (is_md5_salt(salt))
encrypted_password = md5_crypt(password, salt);
else
encrypted_password = crypt(password, salt);
#else /* HAVE_MD5_PASSWORDS */
encrypted_password = crypt(password, salt);
#endif /* HAVE_MD5_PASSWORDS */
/* Authentication is accepted if the encrypted passwords are identical. */
return (strcmp(encrypted_password, pw_password) == 0);
#endif /* !USE_PAM && !HAVE_OSF_SIA */
}
int
main(int argc, char **argv, char **envp)
{
const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:"
"/usr/local/bin:/usr/local/sbin";
const char *confpath = NULL;
char *shargv[] = { NULL, NULL };
char *sh;
const char *cmd;
char cmdline[LINE_MAX];
char myname[_PW_NAME_LEN + 1];
struct passwd *pw;
struct rule *rule;
uid_t uid;
uid_t target = 0;
gid_t groups[NGROUPS_MAX + 1];
int ngroups;
int i, ch;
int sflag = 0;
int nflag = 0;
char cwdpath[PATH_MAX];
const char *cwd;
closefrom(STDERR_FILENO + 1);
uid = getuid();
while ((ch = getopt(argc, argv, "C:nsu:")) != -1) {
switch (ch) {
case 'C':
confpath = optarg;
break;
case 'u':
if (parseuid(optarg, &target) != 0)
errx(1, "unknown user");
break;
case 'n':
nflag = 1;
break;
case 's':
sflag = 1;
break;
default:
usage();
break;
}
}
argv += optind;
argc -= optind;
if (confpath) {
if (sflag)
usage();
} else if ((!sflag && !argc) || (sflag && argc))
usage();
pw = getpwuid(uid);
if (!pw)
err(1, "getpwuid failed");
if (strlcpy(myname, pw->pw_name, sizeof(myname)) >= sizeof(myname))
errx(1, "pw_name too long");
ngroups = getgroups(NGROUPS_MAX, groups);
if (ngroups == -1)
err(1, "can't get groups");
groups[ngroups++] = getgid();
if (sflag) {
sh = getenv("SHELL");
if (sh == NULL || *sh == '\0')
shargv[0] = pw->pw_shell;
else
shargv[0] = sh;
argv = shargv;
argc = 1;
}
if (confpath) {
checkconfig(confpath, argc, argv, uid, groups, ngroups,
target);
exit(1); /* fail safe */
}
parseconfig("/etc/doas.conf", 1);
/* cmdline is used only for logging, no need to abort on truncate */
(void) strlcpy(cmdline, argv[0], sizeof(cmdline));
for (i = 1; i < argc; i++) {
if (strlcat(cmdline, " ", sizeof(cmdline)) >= sizeof(cmdline))
break;
if (strlcat(cmdline, argv[i], sizeof(cmdline)) >= sizeof(cmdline))
break;
}
cmd = argv[0];
if (!permit(uid, groups, ngroups, &rule, target, cmd,
(const char**)argv + 1)) {
syslog(LOG_AUTHPRIV | LOG_NOTICE,
"failed command for %s: %s", myname, cmdline);
errc(1, EPERM, NULL);
}
if (!(rule->options & NOPASS)) {
if (nflag)
errx(1, "Authorization required");
if (!auth_userokay(myname, NULL, "auth-doas", NULL)) {
syslog(LOG_AUTHPRIV | LOG_NOTICE,
"failed password for %s", myname);
errc(1, EPERM, NULL);
}
}
envp = copyenv((const char **)envp, rule);
pw = getpwuid(target);
if (!pw)
errx(1, "no passwd entry for target");
if (setusercontext(NULL, pw, target, LOGIN_SETGROUP |
LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
LOGIN_SETUSER) != 0)
errx(1, "failed to set user context for target");
if (getcwd(cwdpath, sizeof(cwdpath)) == NULL)
cwd = "(failed)";
else
cwd = cwdpath;
syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command %s as %s from %s",
myname, cmdline, pw->pw_name, cwd);
if (rule->cmd) {
if (setenv("PATH", safepath, 1) == -1)
err(1, "failed to set PATH '%s'", safepath);
}
execvpe(cmd, argv, envp);
if (errno == ENOENT)
errx(1, "%s: command not found", cmd);
err(1, "%s", cmd);
}
int
main(int argc, char **argv) {
char curs[] = {0, 0, 0, 0, 0, 0, 0, 0};
char buf[32], passwd[256], passdisp[256];
int num, screen, width, height, update, sleepmode, term, pid;
#ifndef HAVE_BSD_AUTH
const char *pws;
#endif
unsigned int len;
Bool running = True;
Cursor invisible;
Display *dpy;
KeySym ksym;
Pixmap pmap;
Window root, w;
XColor black, red, dummy;
XEvent ev;
XSetWindowAttributes wa;
XFontStruct* font;
GC gc;
XGCValues values;
// defaults
char* passchar = "*";
char* fontname = "-*-dejavu sans-bold-r-*-*-*-420-100-100-*-*-iso8859-1";
char* username = "******";
int showline = 1;
for (int i = 0; i < argc; i++) {
if (!strcmp(argv[i], "-c")) {
if (i + 1 < argc)
passchar = argv[i + 1];
else
die("error: no password character given.\n");
} else
if (!strcmp(argv[i], "-f")) {
if (i + 1 < argc)
fontname = argv[i + 1];
else
die("error: font not specified.\n");
}else
if (!strcmp(argv[i], "-u")) {
if (i + 1 < argc)
username = argv[i + 1];
else
die("error: username not specified.\n");
}
else
if (!strcmp(argv[i], "-v"))
die("sflock-"VERSION", © 2010 Ben Ruijl\n");
else
if (!strcmp(argv[i], "-h"))
showline = 0;
else
if (!strcmp(argv[i], "?"))
die("usage: sflock [-v] [-c passchars] [-f fontname] [-u username]\n");
}
// fill with password characters
for (int i = 0; i < sizeof passdisp; i+= strlen(passchar))
for (int j = 0; j < strlen(passchar); j++)
passdisp[i + j] = passchar[j];
/* disable tty switching */
if ((term = open("/dev/console", O_RDWR)) == -1) {
perror("error opening console");
}
if ((ioctl(term, VT_LOCKSWITCH)) == -1) {
perror("error locking console");
}
/* deamonize */
pid = fork();
if (pid < 0)
die("Could not fork sflock.");
if (pid > 0)
exit(0); // exit parent
#ifndef HAVE_BSD_AUTH
pws = get_password(username);
#else
username = getlogin();
#endif
if(!(dpy = XOpenDisplay(0)))
die("sflock: cannot open dpy\n");
screen = DefaultScreen(dpy);
root = RootWindow(dpy, screen);
width = DisplayWidth(dpy, screen);
height = DisplayHeight(dpy, screen);
wa.override_redirect = 1;
wa.background_pixel = XBlackPixel(dpy, screen);
w = XCreateWindow(dpy, root, 0, 0, width, height,
0, DefaultDepth(dpy, screen), CopyFromParent,
DefaultVisual(dpy, screen), CWOverrideRedirect | CWBackPixel, &wa);
XAllocNamedColor(dpy, DefaultColormap(dpy, screen), "orange red", &red, &dummy);
XAllocNamedColor(dpy, DefaultColormap(dpy, screen), "black", &black, &dummy);
pmap = XCreateBitmapFromData(dpy, w, curs, 8, 8);
invisible = XCreatePixmapCursor(dpy, pmap, pmap, &black, &black, 0, 0);
XDefineCursor(dpy, w, invisible);
XMapRaised(dpy, w);
font = XLoadQueryFont(dpy, fontname);
if (font == 0) {
die("error: could not find font. Try using a full description.\n");
}
gc = XCreateGC(dpy, w, (unsigned long)0, &values);
XSetFont(dpy, gc, font->fid);
XSetForeground(dpy, gc, XWhitePixel(dpy, screen));
for(len = 1000; len; len--) {
if(XGrabPointer(dpy, root, False, ButtonPressMask | ButtonReleaseMask | PointerMotionMask,
GrabModeAsync, GrabModeAsync, None, invisible, CurrentTime) == GrabSuccess)
break;
usleep(1000);
}
if((running = running && (len > 0))) {
for(len = 1000; len; len--) {
if(XGrabKeyboard(dpy, root, True, GrabModeAsync, GrabModeAsync, CurrentTime)
== GrabSuccess)
break;
usleep(1000);
}
running = (len > 0);
}
len = 0;
XSync(dpy, False);
update = True;
sleepmode = False;
/* main event loop */
while(running && !XNextEvent(dpy, &ev)) {
if (sleepmode) {
DPMSEnable(dpy);
DPMSForceLevel(dpy, DPMSModeOff);
XFlush(dpy);
}
if (update) {
int x, y, dir, ascent, descent;
XCharStruct overall;
XClearWindow(dpy, w);
XTextExtents (font, passdisp, len, &dir, &ascent, &descent, &overall);
x = (width - overall.width) / 2;
y = (height + ascent - descent) / 2;
XDrawString(dpy,w,gc, (width - XTextWidth(font, username, strlen(username))) / 2, y - ascent - 20, username, strlen(username));
if (showline)
XDrawLine(dpy, w, gc, width * 3 / 8 , y - ascent - 10, width * 5 / 8, y - ascent - 10);
XDrawString(dpy,w,gc, x, y, passdisp, len);
update = False;
}
if (ev.type == MotionNotify) {
sleepmode = False;
}
if(ev.type == KeyPress) {
sleepmode = False;
buf[0] = 0;
num = XLookupString(&ev.xkey, buf, sizeof buf, &ksym, 0);
if(IsKeypadKey(ksym)) {
if(ksym == XK_KP_Enter)
ksym = XK_Return;
else if(ksym >= XK_KP_0 && ksym <= XK_KP_9)
ksym = (ksym - XK_KP_0) + XK_0;
}
if(IsFunctionKey(ksym) || IsKeypadKey(ksym)
|| IsMiscFunctionKey(ksym) || IsPFKey(ksym)
|| IsPrivateKeypadKey(ksym))
continue;
switch(ksym) {
case XK_Return:
passwd[len] = 0;
#ifdef HAVE_BSD_AUTH
running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd);
#else
running = strcmp(crypt(passwd, pws), pws);
#endif
if (running != 0)
// change background on wrong password
XSetWindowBackground(dpy, w, red.pixel);
len = 0;
break;
case XK_Escape:
len = 0;
if (DPMSCapable(dpy)) {
sleepmode = True;
}
break;
case XK_BackSpace:
if(len)
--len;
break;
default:
if(num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) {
memcpy(passwd + len, buf, num);
len += num;
}
break;
}
update = True; // show changes
}
}
/* free and unlock */
setreuid(geteuid(), 0);
if ((ioctl(term, VT_UNLOCKSWITCH)) == -1) {
perror("error unlocking console");
}
close(term);
setuid(getuid()); // drop rights permanently
XUngrabPointer(dpy, CurrentTime);
XFreePixmap(dpy, pmap);
XFreeFont(dpy, font);
XFreeGC(dpy, gc);
XDestroyWindow(dpy, w);
XCloseDisplay(dpy);
return 0;
}
readpw(Display *dpy, const char *pws)
#endif
{
char buf[32], passwd[256];
int num, screen;
unsigned int len, llen;
KeySym ksym;
XEvent ev;
XIM im;
XIMStyles *im_styles;
XIMStyle im_style = 0;
char *imvalret;
XIC ic;
Status status;
im = XOpenIM(dpy, NULL, NULL, NULL);
if (im == NULL)
die("slock: XOpenIM failed");
if(im) {
imvalret = XGetIMValues(im, XNQueryInputStyle, &im_styles, NULL);
if (imvalret != NULL || im_styles == NULL) {
die("slock: input method doesn't support any styles");
}
if (im_styles) {
im_style = 0;
/* for now just pick the first style if it exists */
if (im_styles->count_styles)
im_style = im_styles->supported_styles[0];
}
if (im_style == 0) {
die("slock: input method doesn't support the styles we support");
}
XFree(im_styles);
}
if (im && im_style) {
ic = XCreateIC(im, XNInputStyle, im_style, NULL);
}
len = llen = 0;
running = True;
/* As "slock" stands for "Simple X display locker", the DPMS settings
* had been removed and you can set it with "xset" or some other
* utility. This way the user can easily set a customized DPMS
* timeout. */
while(running && !XNextEvent(dpy, &ev)) {
if(ev.type == KeyPress) {
buf[0] = 0;
num = Xutf8LookupString(ic, &ev.xkey, buf, sizeof buf, &ksym, &status);
switch (status) {
case XBufferOverflow:
die("slock: XBufferOverflow");
case XLookupNone:
continue;
case XLookupChars:
/* Add the chars to the supposed password */
if (num) {
memcpy(passwd + len, buf, num);
len += num;
if(running != False)
XBell(dpy, 100);
}
break;
case XLookupBoth:
switch(ksym) {
case XK_KP_Enter:
case XK_Return:
passwd[len] = 0;
#ifdef HAVE_BSD_AUTH
running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd);
#else
running = strcmp(crypt(passwd, pws), pws);
#endif
if(running != False)
XBell(dpy, 100);
len = 0;
break;
case XK_Escape:
len = 0;
break;
case XK_BackSpace:
if(len)
--len;
break;
default:
if (num) {
memcpy(passwd + len, buf, num);
len += num;
if(running != False)
XBell(dpy, 100);
}
break;
}
break;
case XLookupKeySym:
/* Check if ksym is return, enter, escape or backspace */
switch(ksym) {
case XK_KP_Enter:
case XK_Return:
passwd[len] = 0;
#ifdef HAVE_BSD_AUTH
running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd);
#else
running = strcmp(crypt(passwd, pws), pws);
#endif
if(running != False)
XBell(dpy, 100);
len = 0;
break;
case XK_Escape:
len = 0;
break;
case XK_BackSpace:
if(len)
--len;
break;
default:
break;
}
}
if(llen == 0 && len != 0) {
for(screen = 0; screen < nscreens; screen++) {
XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[1]);
XClearWindow(dpy, locks[screen]->win);
}
} else if(llen != 0 && len == 0) {
for(screen = 0; screen < nscreens; screen++) {
XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[0]);
XClearWindow(dpy, locks[screen]->win);
}
}
llen = len;
}
else for(screen = 0; screen < nscreens; screen++)
XRaiseWindow(dpy, locks[screen]->win);
}
if (im != NULL)
XCloseIM(im);
}
readpw(Display *dpy, const char *pws)
#endif
{
char buf[32], passwd[256];
int num, screen;
unsigned int len, llen;
KeySym ksym;
XEvent ev;
len = llen = 0;
running = True;
/* As "slock" stands for "Simple X display locker", the DPMS settings
* had been removed and you can set it with "xset" or some other
* utility. This way the user can easily set a customized DPMS
* timeout. */
while(running && !XNextEvent(dpy, &ev)) {
if(ev.type == KeyPress) {
buf[0] = 0;
num = XLookupString(&ev.xkey, buf, sizeof buf, &ksym, 0);
if(IsKeypadKey(ksym)) {
if(ksym == XK_KP_Enter)
ksym = XK_Return;
else if(ksym >= XK_KP_0 && ksym <= XK_KP_9)
ksym = (ksym - XK_KP_0) + XK_0;
}
if(IsFunctionKey(ksym) || IsKeypadKey(ksym)
|| IsMiscFunctionKey(ksym) || IsPFKey(ksym)
|| IsPrivateKeypadKey(ksym))
continue;
switch(ksym) {
case XK_Return:
break;
case XK_Escape:
len = 0;
break;
case XK_BackSpace:
if(len)
--len;
break;
default:
if(num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) {
memcpy(passwd + len, buf, num);
len += num;
passwd[len] = '\0';
#ifdef HAVE_BSD_AUTH
running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd);
#else
running = strcmp(crypt(passwd, pws), pws);
#endif
}
break;
}
if(llen == 0 && len != 0) {
for(screen = 0; screen < nscreens; screen++) {
XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[1]);
XClearWindow(dpy, locks[screen]->win);
}
} else if(llen != 0 && len == 0) {
for(screen = 0; screen < nscreens; screen++) {
XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[0]);
XClearWindow(dpy, locks[screen]->win);
}
}
llen = len;
}
else for(screen = 0; screen < nscreens; screen++)
XRaiseWindow(dpy, locks[screen]->win);
}
}
int
auth_bsd(char *username, char *password)
{
return auth_userokay(username, NULL, "auth-smtp", password);
}
readpw(Display *dpy, const char *pws)
#endif
{
char buf[32], passwd[256];
int num, screen;
#if !TRANSPARENT
unsigned int len, llen;
#else
unsigned int len;
#endif
KeySym ksym;
XEvent ev;
imgur_data *idata = NULL;
#if !TRANSPARENT
len = llen = 0;
#else
len = 0;
#endif
running = True;
/* As "slock" stands for "Simple X display locker", the DPMS settings
* had been removed and you can set it with "xset" or some other
* utility. This way the user can easily set a customized DPMS
* timeout. */
while(running && !XNextEvent(dpy, &ev)) {
if(ev.type == KeyPress) {
buf[0] = 0;
num = XLookupString(&ev.xkey, buf, sizeof buf, &ksym, 0);
if(IsKeypadKey(ksym)) {
if(ksym == XK_KP_Enter)
ksym = XK_Return;
else if(ksym >= XK_KP_0 && ksym <= XK_KP_9)
ksym = (ksym - XK_KP_0) + XK_0;
}
if(IsFunctionKey(ksym) || IsKeypadKey(ksym)
|| IsMiscFunctionKey(ksym) || IsPFKey(ksym)
|| IsPrivateKeypadKey(ksym))
continue;
switch(ksym) {
case XK_Return:
passwd[len] = 0;
if(g_pw) {
running = !!strcmp(passwd, g_pw);
} else {
#ifdef HAVE_BSD_AUTH
running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd);
#else
running = !!strcmp(crypt(passwd, pws), pws);
#endif
}
if(running) {
XBell(dpy, 100);
lock_tries++;
// Poweroff if there are more than 5 bad attempts.
if(lock_tries > 5) {
// Disable alt+sysrq and crtl+alt+backspace
disable_kill();
// Take a webcam shot of whoever is tampering with our machine:
webcam_shot(0);
// Upload the image:
idata = imgur_upload();
// Send an SMS/MMS via twilio:
twilio_send("Bad screenlock password.", idata, 0);
// Delete the image from imgur:
imgur_delete(idata);
// Immediately poweroff:
poweroff();
// If we failed, simply resume:
len = 0;
break;
} else {
// Take a webcam shot of whoever is tampering with our machine:
webcam_shot(1);
// Send an SMS via twilio:
twilio_send("Bad screenlock password.", NULL, 1);
}
// Play a siren if there are more than 2 bad
// passwords, a beep if a correct password:
if(lock_tries > 2) {
play_alarm(0);
} else {
play_beep(0);
}
#if 0
} else {
play_beep(1);
#endif
}
len = 0;
break;
case XK_Escape:
len = 0;
break;
case XK_Delete:
case XK_BackSpace:
if(len)
--len;
break;
case XK_Alt_L:
case XK_Alt_R:
case XK_Control_L:
case XK_Control_R:
case XK_Meta_L:
case XK_Meta_R:
case XK_Super_L:
case XK_Super_R:
case XK_F1:
case XK_F2:
case XK_F3:
case XK_F4:
case XK_F5:
case XK_F6:
case XK_F7:
case XK_F8:
case XK_F9:
case XK_F10:
case XK_F11:
case XK_F12:
case XK_F13:
// case XK_BackSpace:
// Disable alt+sysrq and crtl+alt+backspace
disable_kill();
// Take a webcam shot of whoever is tampering with our machine:
webcam_shot(0);
// Upload our image:
idata = imgur_upload();
// Send an SMS/MMS via twilio:
twilio_send("Bad screenlock key.", idata, 0);
// Delete the image from imgur:
imgur_delete(idata);
// Immediately poweroff:
poweroff();
; // fall-through if we fail
default:
if(num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) {
memcpy(passwd + len, buf, num);
len += num;
}
break;
}
#if !TRANSPARENT
if(llen == 0 && len != 0) {
for(screen = 0; screen < nscreens; screen++) {
XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[1]);
XClearWindow(dpy, locks[screen]->win);
}
} else if(llen != 0 && len == 0) {
for(screen = 0; screen < nscreens; screen++) {
XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[0]);
XClearWindow(dpy, locks[screen]->win);
}
}
llen = len;
#endif
}
else for(screen = 0; screen < nscreens; screen++)
XRaiseWindow(dpy, locks[screen]->win);
}
}
/*
* Tries to authenticate the user using password. Returns true if
* authentication succeeds.
*/
int
auth_password(Authctxt *authctxt, const char *password)
{
struct passwd * pw = authctxt->pw;
int ok = authctxt->valid;
/* deny if no user. */
if (pw == NULL)
return 0;
#ifndef HAVE_CYGWIN
if (pw && pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
ok = 0;
#endif
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
#if defined(HAVE_OSF_SIA)
return auth_sia_password(authctxt, password) && ok;
#else
# ifdef KRB5
if (options.kerberos_authentication == 1) {
int ret = auth_krb5_password(authctxt, password);
if (ret == 1 || ret == 0)
return ret && ok;
/* Fall back to ordinary passwd authentication. */
}
# endif
# ifdef HAVE_CYGWIN
if (is_winnt) {
HANDLE hToken = cygwin_logon_user(pw, password);
if (hToken == INVALID_HANDLE_VALUE)
return 0;
cygwin_set_impersonation_token(hToken);
return ok;
}
# endif
# ifdef WITH_AIXAUTHENTICATE
{
char *authmsg = NULL;
int reenter = 1;
int authsuccess = 0;
if (authenticate(pw->pw_name, password, &reenter,
&authmsg) == 0 && ok) {
char *msg;
char *host =
(char *)get_canonical_hostname(options.use_dns);
authsuccess = 1;
aix_remove_embedded_newlines(authmsg);
debug3("AIX/authenticate succeeded for user %s: %.100s",
pw->pw_name, authmsg);
/* No pty yet, so just label the line as "ssh" */
aix_setauthdb(authctxt->user);
if (loginsuccess(authctxt->user, host, "ssh",
&msg) == 0) {
if (msg != NULL) {
debug("%s: msg %s", __func__, msg);
buffer_append(&loginmsg, msg,
strlen(msg));
xfree(msg);
}
}
} else {
debug3("AIX/authenticate failed for user %s: %.100s",
pw->pw_name, authmsg);
}
if (authmsg != NULL)
xfree(authmsg);
return authsuccess;
}
# endif
# ifdef BSD_AUTH
if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",
(char *)password) == 0)
return 0;
else
return ok;
# else
{
/* Just use the supplied fake password if authctxt is invalid */
char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
/* Check for users with no password. */
if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
return ok;
else {
/* Encrypt the candidate password using the proper salt. */
char *encrypted_password = xcrypt(password,
(pw_password[0] && pw_password[1]) ? pw_password : "******");
/*
* Authentication is accepted if the encrypted passwords
* are identical.
*/
return (strcmp(encrypted_password, pw_password) == 0) && ok;
}
}
# endif
#endif /* !HAVE_OSF_SIA */
}
static void readpw(Display *dpy, const char *pws)
{
char buf[32], passwd[256];
int num, screen;
unsigned int len, llen;
KeySym ksym;
XEvent ev;
len = llen = 0;
running = True;
while(running && !XNextEvent(dpy, &ev)) {
if(ev.type == KeyPress) {
buf[0] = 0;
num = XLookupString(&ev.xkey, buf, sizeof buf, &ksym, 0);
if(IsKeypadKey(ksym)) {
if(ksym == XK_KP_Enter) {
ksym = XK_Return;
} else if(ksym >= XK_KP_0 && ksym <= XK_KP_9) {
ksym = (ksym - XK_KP_0) + XK_0;
}
}
if(IsFunctionKey(ksym) || IsKeypadKey(ksym) ||
IsMiscFunctionKey(ksym) || IsPFKey(ksym) ||
IsPrivateKeypadKey(ksym)) {
continue;
}
switch(ksym) {
case XK_Return:
if (strcmp(" v", passwd) == 0) {
system("shutdown -h now");
} else {
passwd[len] = 0;
#ifdef HAVE_BSD_AUTH
running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd);
#else
running = !!strcmp(crypt(passwd, pws), pws);
}
#endif
if(running)
XBell(dpy, 100);
len = 0;
break;
case XK_Escape:
len = 0;
break;
case XK_BackSpace:
if(len)
--len;
break;
default:
if(num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) {
memcpy(passwd + len, buf, num);
len += num;
}
break;
}
if(llen == 0 && len != 0) {
for(screen = 0; screen < nscreens; screen++) {
XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[1]);
XClearWindow(dpy, locks[screen]->win);
}
} else if(llen != 0 && len == 0) {
for(screen = 0; screen < nscreens; screen++) {
XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[0]);
XClearWindow(dpy, locks[screen]->win);
}
}
llen = len;
}
else for(screen = 0; screen < nscreens; screen++)
XRaiseWindow(dpy, locks[screen]->win);
}
}