/enlightenment
/enlightenment_alert
/enlightenment_backlight
+/enlightenment_ckpasswd
/enlightenment_fm_op
/enlightenment_filemanager
/enlightenment_imc
if ! HAVE_WAYLAND_ONLY
internal_bin_PROGRAMS += src/bin/enlightenment_alert
endif
+if HAVE_FREEBSD
+internal_bin_PROGRAMS += src/bin/enlightenment_ckpasswd
+endif
ENLIGHTENMENTHEADERS = \
src/bin/e_about.h \
src_bin_enlightenment_backlight_CPPFLAGS = @SUID_CFLAGS@ @EEZE_CFLAGS@
src_bin_enlightenment_backlight_LDADD = @SUID_LDFLAGS@ @EEZE_LIBS@
+if HAVE_FREEBSD
+src_bin_enlightenment_ckpasswd_SOURCES = \
+src/bin/e_ckpasswd_main.c
+
+src_bin_enlightenment_ckpasswd_CPPFLAGS = @SUID_CFLAGS@
+src_bin_enlightenment_ckpasswd_LDADD = @SUID_LDFLAGS@ -lcrypt
+endif
+
src_bin_enlightenment_alert_SOURCES = \
src/bin/e_alert_main.c
enlightenment-sys-install-data-hook:
@chmod $(setuid_root_mode) $(DESTDIR)$(libdir)/enlightenment/utils/enlightenment_sys$(EXEEXT) || true
@chmod $(setuid_root_mode) $(DESTDIR)$(libdir)/enlightenment/utils/enlightenment_backlight$(EXEEXT) || true
+if HAVE_FREEBSD
+ @chmod $(setuid_root_mode) $(DESTDIR)$(libdir)/enlightenment/utils/enlightenment_ckpasswd$(EXEEXT) || true
+endif
installed_headersdir = $(prefix)/include/enlightenment
installed_headers_DATA = $(ENLIGHTENMENTHEADERS) src/bin/e_fm_shared_types.h
INSTALL_DATA_HOOKS += enlightenment-sys-install-data-hook
#include "e.h"
-#ifdef HAVE_PAM
+#if defined(HAVE_PAM) && !defined(__FreeBSD__)
# include <security/pam_appl.h>
# include <pwd.h>
free(current_host);
return 0;
}
-
-#endif
+#endif // HAVE_PAM && !__FreeBSD__
EAPI int
-#ifdef HAVE_PAM
+#if defined(__FreeBSD__)
+e_auth_begin(char *passwd)
+{
+ char buf[PATH_MAX], *p;
+ Ecore_Exe *exe = NULL;
+ int ret = 0;
+
+ if (strlen(passwd) == 0) goto out;
+
+ snprintf(buf, sizeof(buf), "%s/enlightenment/utils/enlightenment_ckpasswd",
+ e_prefix_lib_get());
+
+ exe = ecore_exe_pipe_run(buf, ECORE_EXE_PIPE_WRITE, NULL);
+ if (ecore_exe_send(exe, passwd, strlen(passwd)) != EINA_TRUE) goto out;
+ ecore_exe_close_stdin(exe);
+
+ ret = ecore_exe_pid_get(exe);
+ if (ret == -1)
+ {
+ ret = 0;
+ goto out;
+ }
+
+ exe = NULL;
+out:
+ if (exe) ecore_exe_free(exe);
+
+ /* security - null out passwd string once we are done with it */
+ for (p = passwd; *p; p++)
+ *p = 0;
+ if (passwd[0] || passwd[3]) fprintf(stderr, "ACK!\n");
+
+ return ret;
+}
+#elif defined(HAVE_PAM)
e_auth_begin(char *passwd)
{
/* child */
--- /dev/null
+#include <sys/types.h>
+
+#include <err.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <security/pam_constants.h>
+
+// Exit codes, per src/modules/lokker/lokker.c:
+// 0: success (unlock)
+// 1-128: PAM error but also unlock (!!!)
+// else: failed.
+
+static char pw[4096];
+struct passwd *pwent;
+
+static void
+zeropw(void)
+{
+ /* security - null out passwd string once we are done with it */
+ memset(pw, 0, sizeof(pw));
+ if (pw[0] || pw[3]) printf("ACK!\n");
+
+ if (pwent == NULL) return;
+ if (pwent->pw_passwd == NULL) return;
+
+ /* security - null out passwd string once we are done with it */
+ memset(pwent->pw_passwd, 0, strlen(pwent->pw_passwd));
+ if (pwent->pw_passwd[0]) printf("ACK!\n");
+}
+
+int
+main(int argc, char **argv)
+{
+ ssize_t rd;
+ uid_t id;
+ int i;
+
+ for (i = 1; i < argc; i++)
+ {
+ if ((!strcmp(argv[i], "-h")) ||
+ (!strcmp(argv[i], "-help")) ||
+ (!strcmp(argv[i], "--help")))
+ {
+ printf("This is an internal tool for Enlightenment.\n"
+ "do not use it.\n");
+ exit(129);
+ }
+ }
+ if (argc != 1)
+ exit(130);
+
+ id = getuid();
+
+ if (atexit(zeropw)) err(131, "atexit");
+
+ rd = read(0, pw, sizeof(pw) - 1);
+ if (rd < 0) err(132, "read");
+
+ if (setuid(0) != 0)
+ {
+ printf("ERROR: UNABLE TO ASSUME ROOT PRIVILEGES\n");
+ exit(133);
+ }
+ if (setgid(0) != 0)
+ {
+ printf("ERROR: UNABLE TO ASSUME ROOT GROUP PRIVILEGES\n");
+ exit(134);
+ }
+
+ pwent = getpwuid(id);
+ if (pwent == NULL) return -2;
+
+ if (strcmp(crypt(pw, pwent->pw_passwd), pwent->pw_passwd) == 0)
+ return 0;
+
+ return -1;
+}