From 5f70d320a0d3d1fef0bc6b7b77ef2a7c2923b990 Mon Sep 17 00:00:00 2001 From: Robert Nagy Date: Tue, 28 Mar 2017 20:31:42 +0200 Subject: Implement OpenBSD authentication using bsd_auth(3). OpenBSD does not have nor use pam(8) for password authentication but instead uses bsd_auth(3): add a bsd_auth authentication scheme to make locking possible. This has been a part of gnome-screensaver already but was probably removed at one point. This is mostly identical to that code, with some minor modifications. --- src/setuid.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'src/setuid.c') diff --git a/src/setuid.c b/src/setuid.c index 80e4659..0a065d9 100644 --- a/src/setuid.c +++ b/src/setuid.c @@ -209,6 +209,15 @@ hack_uid (char **nolock_reason, if (uid != euid || gid != egid) { +#ifdef HAVE_BSDAUTH /* we need to setgid auth to run the bsd_auth(3) login_* helpers */ + struct group *authg = getgrnam("auth"); + if (!authg || !authg->gr_name || !*authg->gr_name) { + reason = g_strdup ("no such group as \"auth\" for bsdauth."); + ret = FALSE; + goto out; + } + gid = authg->gr_gid; +#endif /* !HAVE_BSDAUTH */ if (! set_ids_by_number (uid, gid, uid_message)) { reason = g_strdup ("unable to discard privileges."); -- cgit v1.2.1