From 915e684ff46a331e1146f9b4329beab04fde9fd1 Mon Sep 17 00:00:00 2001 From: Ken Moore Date: Fri, 24 Apr 2020 19:46:06 -0400 Subject: More updates. Getting ready for the screensaver to go live. Still need to fix lumina-checkpass PAM-implementation. Apparently the openpam lib is FreeBSD-only. --- src-qt5/core/lumina-checkpass/main.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/src-qt5/core/lumina-checkpass/main.c b/src-qt5/core/lumina-checkpass/main.c index 70caf396..f7d55c7d 100644 --- a/src-qt5/core/lumina-checkpass/main.c +++ b/src-qt5/core/lumina-checkpass/main.c @@ -22,7 +22,18 @@ //PAM/security libraries #include #include -#include + +//Found this little snippet from SDDM - nice alternative to using the entire openpam library from FreeBSD +static int PAM_conv( + int num_msg, + const struct pam_message **msg, + struct pam_response **resp, + void *ctx) +{ + return 0; +} +//----- + void showUsage(){ puts("lumina-checkpass: Simple user-level check for password validity (for screen unlockers and such)."); @@ -74,12 +85,17 @@ int main(int argc, char** argv){ if( getuid() != pwd->pw_uid ){ return 1; } //Current UID does not match currently logged-in user UID //Create the non-interactive PAM structures pam_handle_t *pamh; - struct pam_conv pamc = { openpam_nullconv, NULL }; + struct pam_conv pamc = { &PAM_conv, 0 }; //Place the user-supplied password into the structure +#ifdef __linux__ int ret = pam_start( "system", cUser, &pamc, &pamh); - if(ret != PAM_SUCCESS){ return 1; } //could not init PAM +#else + int ret = pam_start( "system-auth", cUser, &pamc, &pamh); +#endif + if(ret != PAM_SUCCESS){ puts("Could not initialize PAM"); return 1; } //could not init PAM //char* cPassword = argv[1]; ret = pam_set_item(pamh, PAM_AUTHTOK, pass); + if(ret != PAM_SUCCESS){ puts("Could not set conversation structure"); } //Authenticate with PAM ret = pam_authenticate(pamh,0); //this can be true without verifying password if pam_self.so is used in the auth procedures (common) if( ret == PAM_SUCCESS ){ ret = pam_acct_mgmt(pamh,0); } //Check for valid, unexpired account and verify access restrictions -- cgit