pjht/swaylock
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
327 Commits 1 Branch 11 Tags 462 KiB
96f0a0f9c6
Commit Graph

16 Commits

Author SHA1 Message Date
Sertonix
f9ce3f193b Read password hash before fork 
This ensures that the parent properly errors only if the password
cannot be read.
 2024-03-05 09:50:47 +01:00
Sertonix
b63aaffcd1 Check setgid too after dropping root 2024-01-16 15:10:13 +01:00
Simon Ser
b5cfd43deb shadow: make the result of crypt() const 
This should not be free'd.
 2022-09-26 19:58:04 +02:00
Robin Ebert
bdeb891378 Use mlock for password buffer 2022-06-15 10:49:32 +02:00
Drew DeVault
6a7e3a16f2
Merge pull request #36 from c-edw/feature/ShadowBackendSleep 
Sleep on incorrect password with shadow backend.
 2019-01-27 18:03:29 -05:00
Connor E
6fd9cd2246 Sleep on incorrect password with shadow backend. 2019-01-27 18:12:54 +00:00
John Axel Eriksson
3d94a60924 Include stdlib.h in shadow.c 2019-01-23 21:31:49 +01:00
Connor E
648b0ccd64 Make setuid error clearer. 2019-01-18 13:52:17 +00:00
emersion
0c7932a3af
Move PAM into a child process 2019-01-17 09:53:23 +01:00
emersion
0c1f193083
shadow: fix return in initialize_pw_backend 2019-01-17 09:41:12 +01:00
emersion
3bdf58a455
Make sure we can't restore root after setuid 2019-01-16 22:59:15 +01:00
John Axel Eriksson
f801164b9f
Fix swaylock.h include directive 2019-01-15 16:00:51 +01:00
Brian Ashworth
e3935ad143 Implement logging and remove wlroots dependency 
This implements a simpler version of the wlroots logger for swaylock.
With this logger, the dependency on wlroots can be dropped. This also
adds a debug flag and disables debugging output by default
 2019-01-14 23:30:54 -05:00
emersion
8191c2147b Replace _XOPEN_SOURCE with _POSIX_C_SOURCE 
And make sure we don't define both in the same source file.
 2018-11-25 17:19:43 +01:00
Drew DeVault
c7776e7804 Fix swaylock w/shadow on glibc, improve security 
Today I learned that GNU flaunts the POSIX standard in yet another
creative way. Additionally, this adds some security improvements,
namely:

- Zeroing out password buffers in the privileged child process
- setuid/setgid after reading /etc/shadow
 2018-10-06 12:20:12 -04:00
Drew DeVault
64259db8d6 Add support for building swaylock without PAM 
This involves setuid'ing swaylock, which then forks and drops perms on
the parent process. The child process remains root and listens on a pipe
for requests to validate passwords against /etc/shadow.
 2018-09-28 13:53:01 +02:00