From 5f70d320a0d3d1fef0bc6b7b77ef2a7c2923b990 Mon Sep 17 00:00:00 2001 From: Robert Nagy Date: Tue, 28 Mar 2017 20:31:42 +0200 Subject: Implement OpenBSD authentication using bsd_auth(3). OpenBSD does not have nor use pam(8) for password authentication but instead uses bsd_auth(3): add a bsd_auth authentication scheme to make locking possible. This has been a part of gnome-screensaver already but was probably removed at one point. This is mostly identical to that code, with some minor modifications. --- configure.ac | 50 ++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 48 insertions(+), 2 deletions(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index bb96741..d3d8ecb 100644 --- a/configure.ac +++ b/configure.ac @@ -531,6 +531,44 @@ if test "x$have_libgl" = "xyes"; then GL_LIBS="-lGL $GL_LIBS" fi +dnl --------------------------------------------------------------------------- +dnl - Check for bsd_auth(3) (OpenBSD) +dnl --------------------------------------------------------------------------- +have_bsdauth=no +with_bsdauth_req=unspecified +NEED_SETUID=no + +case "$host" in + *-openbsd*) + with_bsdauth=yes + AUTH_SCHEME=bsdauth + NEED_SETUID=no + if test "x$enable_locking" = "xyes"; then + with_bsdauth_req=yes + NEED_SETUID=yes + fi +esac + +if test "$with_bsdauth" = yes ; then + AC_CACHE_CHECK([for BSD Authentication], ac_cv_bsdauth, + [AC_TRY_X_COMPILE([#include + #include + #include + #include ], + [int ok = auth_userokay("x", 0, "x", "x");], + [ac_cv_bsdauth=yes], + [ac_cv_bsdauth=no])]) + if test "$ac_cv_bsdauth" = yes; then + have_bsdauth=yes + fi +fi + +if test "$have_bsdauth" = yes; then + AC_DEFINE(HAVE_BSDAUTH, 1, [Define to 1 if using bsd_auth(3) authentication]) +fi + +AC_SUBST(NEED_SETUID) + dnl --------------------------------------------------------------------------- dnl - Check for PAM dnl --------------------------------------------------------------------------- @@ -540,7 +578,7 @@ AC_ARG_ENABLE(pam, AC_HELP_STRING([--enable-pam], [Enable PAM support @<:@default=auto@:>@], ),,enable_pam=auto) -if test "x$enable_locking" = "xyes" -a "x$enable_pam" != "xno"; then +if test "x$enable_locking" = "xyes" -a "x$enable_pam" != "xno" -a "x$have_bsdauth" = "xno"; then AC_CHECK_LIB(pam, pam_start, have_pam=yes) fi if test "x$have_pam" = "xyes"; then @@ -823,7 +861,7 @@ dnl Authentication scheme dnl --------------------------------------------------------------------------- AC_ARG_ENABLE(authentication-scheme, - [ --enable-authentication-scheme=[auto/pam/helper/pwent] Choose a specific + [ --enable-authentication-scheme=[auto/pam/helper/pwent/bsdauth] Choose a specific authentication scheme [default=auto]],, enable_authentication_scheme=auto) @@ -835,6 +873,9 @@ fi if test x$enable_authentication_scheme = xhelper -a x$have_passwd_helper = xno ; then AC_MSG_ERROR(Password helper support requested but not available) fi +if test x$enable_authentication_scheme = xbsdauth -a x$have_bsdauth = xno ; then + AC_MSG_ERROR(bsd_auth(3) support requested but not available) +fi if test x$enable_authentication_scheme = xpam ; then AUTH_SCHEME="pam" @@ -842,11 +883,15 @@ elif test x$enable_authentication_scheme = xhelper ; then AUTH_SCHEME="helper" elif test x$enable_authentication_scheme = xpwent ; then AUTH_SCHEME="pwent" +elif test x$enable_authentication_scheme = xbsdauth ; then + AUTH_SCHEME="bsdauth" elif test x$enable_authentication_scheme = xauto ; then if test x$have_pam != xno ; then AUTH_SCHEME="pam" elif test x$have_passwd_helper != xno ; then AUTH_SCHEME="helper" + elif test x$have_bsdauth != xno ; then + AUTH_SCHEME="bsdauth" else AUTH_SCHEME="pwent" fi @@ -1127,6 +1172,7 @@ echo " ConsoleKit support: ${use_console_kit} libnotify support: ${have_libnotify} PAM support: ${have_pam} + bsd_auth(3) support: ${have_bsdauth} Have shadow passwords: ${have_shadow} Have adjunct shadow: ${have_shadow_adjunct} Have enhanced shadow: ${have_shadow_enhanced} -- cgit v1.2.1