summaryrefslogtreecommitdiffstats
path: root/driver/passwd-helper.c
diff options
context:
space:
mode:
Diffstat (limited to 'driver/passwd-helper.c')
-rw-r--r--driver/passwd-helper.c158
1 files changed, 0 insertions, 158 deletions
diff --git a/driver/passwd-helper.c b/driver/passwd-helper.c
deleted file mode 100644
index 4b17c63..0000000
--- a/driver/passwd-helper.c
+++ /dev/null
@@ -1,158 +0,0 @@
-/* passwd-helper.c --- verifying typed passwords with external helper program
- * xscreensaver, Copyright © 1993-2021 Jamie Zawinski <jwz@jwz.org>
- * written by Olaf Kirch <okir@suse.de>
- *
- * Permission to use, copy, modify, distribute, and sell this software and its
- * documentation for any purpose is hereby granted without fee, provided that
- * the above copyright notice appear in all copies and that both that
- * copyright notice and this permission notice appear in supporting
- * documentation. No representations are made about the suitability of this
- * software for any purpose. It is provided "as is" without express or
- * implied warranty.
- */
-
-
-/*****************************************************************************
-
- I strongly suspect that this code has not been used in decades, and I
- am considering removing it. These details should be hidden behind PAM.
- If you are using this code, email me and tell me why. -- jwz, Feb 2021
-
- *****************************************************************************/
-
-#error "email jwz@jwz.org about passwd-helper.c"
-
-
-/* The idea here is to be able to run xscreensaver without any setuid bits.
- * Password verification happens through an external program that you feed
- * your password to on stdin. The external command is invoked with a user
- * name argument.
- *
- * The external helper does whatever authentication is necessary. Currently,
- * SuSE uses "unix2_chkpwd", which is a variation of "unix_chkpwd" from the
- * PAM distribution.
- *
- * Normally, the password helper should just authenticate the calling user
- * (i.e. based on the caller's real uid). This is in order to prevent
- * brute-forcing passwords in a shadow environment. A less restrictive
- * approach would be to allow verifying other passwords as well, but always
- * with a 2 second delay or so. (Not sure what SuSE's "unix2_chkpwd"
- * currently does.)
- * -- Olaf Kirch <okir@suse.de>, 16-Dec-2003
- */
-
-#ifdef HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#ifndef NO_LOCKING /* whole file */
-
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <errno.h>
-#include <sys/wait.h>
-
-#include "blurb.h"
-#include "auth.h"
-
-
-static int
-ext_run (const char *user, const char *typed_passwd)
-{
- int pfd[2], status;
- pid_t pid;
-
- if (pipe(pfd) < 0)
- return 0;
-
- if (verbose_p)
- fprintf (stderr, "%s: EXT: %s\n", blurb(), PASSWD_HELPER_PROGRAM);
-
- if ((pid = fork()) < 0) {
- close(pfd[0]);
- close(pfd[1]);
- return 0;
- }
-
- if (pid == 0) {
- close(pfd[1]);
- if (pfd[0] != 0)
- dup2(pfd[0], 0);
-
- /* Helper is invoked as helper service-name [user] */
- execlp(PASSWD_HELPER_PROGRAM, PASSWD_HELPER_PROGRAM, "xscreensaver", user, NULL);
- if (verbose_p)
- fprintf(stderr, "%s: EXT: %s\n", PASSWD_HELPER_PROGRAM,
- strerror(errno));
- exit(1);
- }
-
- close(pfd[0]);
-
- /* Write out password to helper process */
- if (!typed_passwd)
- typed_passwd = "";
- write(pfd[1], typed_passwd, strlen(typed_passwd));
- close(pfd[1]);
-
- while (waitpid(pid, &status, 0) < 0) {
- if (errno == EINTR)
- continue;
- if (verbose_p)
- fprintf(stderr, "%s: EXT: waitpid failed: %s\n",
- blurb(), strerror(errno));
- return 0;
- }
-
- if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
- return 0;
- return 1;
-}
-
-
-
-/* This can be called at any time, and says whether the typed password
- belongs to either the logged in user (real uid, not effective); or
- to root.
- */
-int
-ext_passwd_valid_p (void *closure, const char *typed_passwd)
-{
- struct passwd *pw;
- int res = 0;
-
- if ((pw = getpwuid(getuid())) != NULL)
- res = ext_run (pw->pw_name, typed_passwd);
- endpwent();
-
-#ifdef ALLOW_ROOT_PASSWD
- if (!res)
- res = ext_run ("root", typed_passwd);
-#endif /* ALLOW_ROOT_PASSWD */
-
- return res;
-}
-
-
-Bool
-ext_priv_init (void)
-{
- /* Make sure the passwd helper exists */
- if (access(PASSWD_HELPER_PROGRAM, X_OK) < 0) {
- fprintf(stderr,
- "%s: EXT: warning: %s does not exist.\n"
- "%s: EXT password authentication will not work.\n",
- blurb(), PASSWD_HELPER_PROGRAM, blurb());
- return False;
- }
- return True;
-}
-
-#endif /* NO_LOCKING -- whole file */