| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
 | #define _XOPEN_SOURCE // for crypt
#include <pwd.h>
#include <shadow.h>
#include <stdbool.h>
#include <sys/types.h>
#include <unistd.h>
#include <wlr/util/log.h>
#include "swaylock/swaylock.h"
#ifdef __GLIBC__
// GNU, you damn slimy bastard
#include <crypt.h>
#endif
static int comm[2][2];
static void clear_buffer(void *buf, size_t bytes) {
	volatile char *buffer = buf;
	volatile char zero = '\0';
	for (size_t i = 0; i < bytes; ++i) {
		buffer[i] = zero;
	}
}
void run_child(void) {
	/* This code runs as root */
	struct passwd *pwent = getpwuid(getuid());
	if (!pwent) {
		wlr_log_errno(WLR_ERROR, "failed to getpwuid");
		exit(EXIT_FAILURE);
	}
	char *encpw = pwent->pw_passwd;
	if (strcmp(encpw, "x") == 0) {
		struct spwd *swent = getspnam(pwent->pw_name);
		if (!swent) {
			wlr_log_errno(WLR_ERROR, "failed to getspnam");
			exit(EXIT_FAILURE);
		}
		encpw = swent->sp_pwdp;
	}
	/* We don't need any additional logging here because the parent process will
	 * also fail here and will handle logging for us. */
	if (setgid(getgid()) != 0) {
		exit(EXIT_FAILURE);
	}
	if (setuid(getuid()) != 0) {
		exit(EXIT_FAILURE);
	}
	/* This code does not run as root */
	wlr_log(WLR_DEBUG, "prepared to authorize user %s", pwent->pw_name);
	size_t size;
	char *buf;
	while (1) {
		ssize_t amt;
		amt = read(comm[0][0], &size, sizeof(size));
		if (amt == 0) {
			break;
		} else if (amt < 0) {
			wlr_log_errno(WLR_ERROR, "read pw request");
		}
		wlr_log(WLR_DEBUG, "received pw check request");
		buf = malloc(size);
		if (!buf) {
			wlr_log_errno(WLR_ERROR, "failed to malloc pw buffer");
			exit(EXIT_FAILURE);
		}
		size_t offs = 0;
		do {
			amt = read(comm[0][0], &buf[offs], size - offs);
			if (amt <= 0) {
				wlr_log_errno(WLR_ERROR, "failed to read pw");
				exit(EXIT_FAILURE);
			}
			offs += (size_t)amt;
		} while (offs < size);
		bool result = false;
		char *c = crypt(buf, encpw);
		if (c == NULL) {
			wlr_log_errno(WLR_ERROR, "crypt");
		}
		result = strcmp(c, encpw) == 0;
		if (write(comm[1][1], &result, sizeof(result)) != sizeof(result)) {
			wlr_log_errno(WLR_ERROR, "failed to write pw check result");
			clear_buffer(buf, size);
			exit(EXIT_FAILURE);
		}
		clear_buffer(buf, size);
		free(buf);
	}
	clear_buffer(encpw, strlen(encpw));
	exit(EXIT_SUCCESS);
}
void initialize_pw_backend(void) {
	if (geteuid() != 0) {
		wlr_log(WLR_ERROR, "swaylock needs to be setuid to read /etc/shadow");
		exit(EXIT_FAILURE);
	}
	if (pipe(comm[0]) != 0) {
		wlr_log_errno(WLR_ERROR, "failed to create pipe");
		exit(EXIT_FAILURE);
	}
	if (pipe(comm[1]) != 0) {
		wlr_log_errno(WLR_ERROR, "failed to create pipe");
		exit(EXIT_FAILURE);
	}
	pid_t child = fork();
	if (child == 0) {
		close(comm[0][1]);
		close(comm[1][0]);
		run_child();
	} else if (child < 0) {
		wlr_log_errno(WLR_ERROR, "failed to fork");
		exit(EXIT_FAILURE);
	}
	close(comm[0][0]);
	close(comm[1][1]);
	if (setgid(getgid()) != 0) {
		wlr_log_errno(WLR_ERROR, "Unable to drop root");
		exit(EXIT_FAILURE);
	}
	if (setuid(getuid()) != 0) {
		wlr_log_errno(WLR_ERROR, "Unable to drop root");
		exit(EXIT_FAILURE);
	}
}
bool attempt_password(struct swaylock_password *pw) {
	bool result = false;
	size_t len = pw->len + 1;
	size_t offs = 0;
	if (write(comm[0][1], &len, sizeof(len)) < 0) {
		wlr_log_errno(WLR_ERROR, "Failed to request pw check");
		goto ret;
	}
	do {
		ssize_t amt = write(comm[0][1], &pw->buffer[offs], len - offs);
		if (amt < 0) {
			wlr_log_errno(WLR_ERROR, "Failed to write pw buffer");
			goto ret;
		}
		offs += amt;
	} while (offs < len);
	if (read(comm[1][0], &result, sizeof(result)) != sizeof(result)) {
		wlr_log_errno(WLR_ERROR, "Failed to read pw result");
		goto ret;
	}
	wlr_log(WLR_DEBUG, "pw result: %d", result);
ret:
	clear_password_buffer(pw);
	return result;
}
 |