From 5f70d320a0d3d1fef0bc6b7b77ef2a7c2923b990 Mon Sep 17 00:00:00 2001
From: Robert Nagy <robert@openbsd.org>
Date: Tue, 28 Mar 2017 20:31:42 +0200
Subject: Implement OpenBSD authentication using bsd_auth(3).

OpenBSD does not have nor use pam(8) for password authentication but
instead uses bsd_auth(3): add a bsd_auth authentication scheme to
make locking possible.
This has been a part of gnome-screensaver already but was probably
removed at one point. This is mostly identical to that code, with some
minor modifications.
---
 src/setuid.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/setuid.c')

diff --git a/src/setuid.c b/src/setuid.c
index 80e4659..0a065d9 100644
--- a/src/setuid.c
+++ b/src/setuid.c
@@ -209,6 +209,15 @@ hack_uid (char **nolock_reason,
 
 		if (uid != euid || gid != egid)
 		{
+#ifdef HAVE_BSDAUTH /* we need to setgid auth to run the bsd_auth(3) login_* helpers */
+			struct group *authg = getgrnam("auth");
+			if (!authg || !authg->gr_name || !*authg->gr_name) {
+				reason = g_strdup ("no such group as \"auth\" for bsdauth.");
+				ret = FALSE;
+				goto out;
+			}
+			gid = authg->gr_gid;
+#endif /* !HAVE_BSDAUTH */
 			if (! set_ids_by_number (uid, gid, uid_message))
 			{
 				reason = g_strdup ("unable to discard privileges.");
-- 
cgit v1.2.1