From 9aa3aa74d788f418e291699547ee94e481974e92 Mon Sep 17 00:00:00 2001
From: Douglas Rumbaugh <doug@douglasrumbaugh.com>
Date: Mon, 31 Jan 2022 22:06:40 -0500
Subject: pam_auth toggle: Can switch between PAM and Shadow Authentication

Added a new configuration option to toggle between using PAM for
authentication, or the original Shadow-file based approach.
---
 slock.c | 51 +++++++++++++++++++++++++++++++++------------------
 1 file changed, 33 insertions(+), 18 deletions(-)

(limited to 'slock.c')

diff --git a/slock.c b/slock.c
index 888dbd1..799d2db 100644
--- a/slock.c
+++ b/slock.c
@@ -184,7 +184,9 @@ gethash(void)
 #endif /* HAVE_SHADOW_H */
 
 	/* pam, store user name */
-	hash = pw->pw_name;
+    if (use_pam)
+        hash = pw->pw_name;
+
 	return hash;
 }
 
@@ -218,7 +220,7 @@ readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens,
        const char *hash)
 {
 	XRRScreenChangeNotifyEvent *rre;
-	char buf[32];
+	char buf[32], *inputhash;
 	int caps, num, screen, running, failure, oldc, retval;
 	unsigned int len, color, indicators;
 	KeySym ksym;
@@ -254,23 +256,33 @@ readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens,
 			case XK_Return:
 				passwd[len] = '\0';
 				errno = 0;
-				retval = pam_start(pam_service, hash, &pamc, &pamh);
-				color = PAM;
-				for (screen = 0; screen < nscreens; screen++) {
-					drawlogo(dpy, locks[screen], color);
-				}
 
-				if (retval == PAM_SUCCESS)
-					retval = pam_authenticate(pamh, 0);
-				if (retval == PAM_SUCCESS)
-					retval = pam_acct_mgmt(pamh, 0);
-
-				running = 1;
-				if (retval == PAM_SUCCESS)
-					running = 0;
-				else
-					fprintf(stderr, "slock: %s\n", pam_strerror(pamh, retval));
-				pam_end(pamh, retval);
+                if (use_pam) {
+                    retval = pam_start(pam_service, hash, &pamc, &pamh);
+                    color = PAM;
+                    for (screen = 0; screen < nscreens; screen++) {
+                        drawlogo(dpy, locks[screen], color);
+                    }
+
+                    if (retval == PAM_SUCCESS)
+                        retval = pam_authenticate(pamh, 0);
+                    if (retval == PAM_SUCCESS)
+                        retval = pam_acct_mgmt(pamh, 0);
+
+                    running = 1;
+                    if (retval == PAM_SUCCESS)
+                        running = 0;
+                    else
+                        fprintf(stderr, "slock: %s\n", pam_strerror(pamh, retval));
+                    pam_end(pamh, retval);
+                } else {
+                    if (!(inputhash = crypt(passwd, hash)))
+                        fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
+                    else
+                        running = !!strcmp(inputhash, hash);
+                }
+
+
 				if (running) {
 					XBell(dpy, 100);
 					failure = 1;
@@ -540,6 +552,9 @@ main(int argc, char **argv) {
 	hash = gethash();
 	errno = 0;
 
+    if (!use_pam && !crypt("", hash))
+        die("slock: crypt %s\n", strerror(errno));
+
 	if (!(dpy = XOpenDisplay(NULL)))
 		die("slock: cannot open display\n");
 
-- 
cgit v1.2.3