/* passwd-helper.c --- verifying typed passwords with external helper program * xscreensaver, Copyright © 1993-2021 Jamie Zawinski * written by Olaf Kirch * * Permission to use, copy, modify, distribute, and sell this software and its * documentation for any purpose is hereby granted without fee, provided that * the above copyright notice appear in all copies and that both that * copyright notice and this permission notice appear in supporting * documentation. No representations are made about the suitability of this * software for any purpose. It is provided "as is" without express or * implied warranty. */ /***************************************************************************** I strongly suspect that this code has not been used in decades, and I am considering removing it. These details should be hidden behind PAM. If you are using this code, email me and tell me why. -- jwz, Feb 2021 *****************************************************************************/ #error "email jwz@jwz.org about passwd-helper.c" /* The idea here is to be able to run xscreensaver without any setuid bits. * Password verification happens through an external program that you feed * your password to on stdin. The external command is invoked with a user * name argument. * * The external helper does whatever authentication is necessary. Currently, * SuSE uses "unix2_chkpwd", which is a variation of "unix_chkpwd" from the * PAM distribution. * * Normally, the password helper should just authenticate the calling user * (i.e. based on the caller's real uid). This is in order to prevent * brute-forcing passwords in a shadow environment. A less restrictive * approach would be to allow verifying other passwords as well, but always * with a 2 second delay or so. (Not sure what SuSE's "unix2_chkpwd" * currently does.) * -- Olaf Kirch , 16-Dec-2003 */ #ifdef HAVE_CONFIG_H # include "config.h" #endif #ifndef NO_LOCKING /* whole file */ #include #ifdef HAVE_UNISTD_H # include #endif #include #include #include #include #include #include #include "blurb.h" #include "auth.h" static int ext_run (const char *user, const char *typed_passwd) { int pfd[2], status; pid_t pid; if (pipe(pfd) < 0) return 0; if (verbose_p) fprintf (stderr, "%s: EXT: %s\n", blurb(), PASSWD_HELPER_PROGRAM); if ((pid = fork()) < 0) { close(pfd[0]); close(pfd[1]); return 0; } if (pid == 0) { close(pfd[1]); if (pfd[0] != 0) dup2(pfd[0], 0); /* Helper is invoked as helper service-name [user] */ execlp(PASSWD_HELPER_PROGRAM, PASSWD_HELPER_PROGRAM, "xscreensaver", user, NULL); if (verbose_p) fprintf(stderr, "%s: EXT: %s\n", PASSWD_HELPER_PROGRAM, strerror(errno)); exit(1); } close(pfd[0]); /* Write out password to helper process */ if (!typed_passwd) typed_passwd = ""; write(pfd[1], typed_passwd, strlen(typed_passwd)); close(pfd[1]); while (waitpid(pid, &status, 0) < 0) { if (errno == EINTR) continue; if (verbose_p) fprintf(stderr, "%s: EXT: waitpid failed: %s\n", blurb(), strerror(errno)); return 0; } if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) return 0; return 1; } /* This can be called at any time, and says whether the typed password belongs to either the logged in user (real uid, not effective); or to root. */ int ext_passwd_valid_p (void *closure, const char *typed_passwd) { struct passwd *pw; int res = 0; if ((pw = getpwuid(getuid())) != NULL) res = ext_run (pw->pw_name, typed_passwd); endpwent(); #ifdef ALLOW_ROOT_PASSWD if (!res) res = ext_run ("root", typed_passwd); #endif /* ALLOW_ROOT_PASSWD */ return res; } Bool ext_priv_init (void) { /* Make sure the passwd helper exists */ if (access(PASSWD_HELPER_PROGRAM, X_OK) < 0) { fprintf(stderr, "%s: EXT: warning: %s does not exist.\n" "%s: EXT password authentication will not work.\n", blurb(), PASSWD_HELPER_PROGRAM, blurb()); return False; } return True; } #endif /* NO_LOCKING -- whole file */