Stop using $USER for shadow entries
This was extremely bad practice, effectively making the program behave different depending on which architecture you are running it on. OpenBSD offers getpwuid_shadow, but there is no getspuid for getspnam, so we resort to using the pw_name entry in the struct passwd we filled earlier. This prevents slock from crashing when $USER is empty (easy to do). If you want to run slock as a different user, don't use $ USER="tom" slock but doas or sudo which were designed for this purpose.
This commit is contained in:
FRIGN
Markus Teich
parent
9a617db716
commit
dc2e8e839e
4
slock.c
4
slock.c
|
|
@ -103,14 +103,14 @@ gethash(void)
|
||||||
#if HAVE_SHADOW_H
|
#if HAVE_SHADOW_H
|
||||||
if (hash[0] == 'x' && hash[1] == '\0') {
|
if (hash[0] == 'x' && hash[1] == '\0') {
|
||||||
struct spwd *sp;
|
struct spwd *sp;
|
||||||
if (!(sp = getspnam(getenv("USER"))))
|
if (!(sp = getspnam(pw->pw_name)))
|
||||||
die("slock: getspnam: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
|
die("slock: getspnam: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
|
||||||
hash = sp->sp_pwdp;
|
hash = sp->sp_pwdp;
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
if (hash[0] == '*' && hash[1] == '\0') {
|
if (hash[0] == '*' && hash[1] == '\0') {
|
||||||
#ifdef __OpenBSD__
|
#ifdef __OpenBSD__
|
||||||
if (!(pw = getpwnam_shadow(getenv("USER"))))
|
if (!(pw = getpwuid_shadow(getuid())))
|
||||||
die("slock: getpwnam_shadow: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
|
die("slock: getpwnam_shadow: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
|
||||||
hash = pw->pw_passwd;
|
hash = pw->pw_passwd;
|
||||||
#else
|
#else
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue