Le Sun, Oct 31, 2021 at 10:47:36PM +0100, Landry Breuil a écrit :
<snip>
> > > > > ** (xfce4-screensaver-dialog:72106): ERROR **: 21:36:25.353: Failed to
> > > > > connect to xfconf daemon: Cannot spawn a message bus when setuid.
> > > > >
> > > > > I don't know much about xfconf / dbus / setuid applications
> > > > > interactions, but this doesn't look like something related to changes
> > > > > in base.
> > > >
> > > > Well... iirc, nothing changed between xfconf and xfce4-screensaver since
> > > > months ... ? changes in credentials passing over sockets ?
> > >
> > > The error messages comes from libgio-2.0.so.4200.14 part of glib2.
> >
> > https://gitlab.xfce.org/apps/xfce4-screensaver/-/issues/96
>
> well, good catch. i'll come up with something adapted from
> https://gitlab.alpinelinux.org/alpine/aports/-/commit/ee7f451b3a1b1bdcf1de4303369a0b8a152f4d73
> for bsdauth. I guess that's a regression from glib 2.70 update then, and
> mate-screensaver might be affected by the same issue as they share the
> same ancestor.
That still strange because xfce4-screensaver-dialog has code for
bsdauth, but if i try setting the binary setgid auth instead of setuid
root, and remove the setgroups() call, glib will still complain the
same, even if not setuid anymore..
Havent looked at mate-screensaver, but the below diff adapted from above
seems to work in my limited testing (eg xfce4-screensaver --debug, and
xflock4 in another term).
[error_watch] gs-window-x11.c:893 (11:53:14.465): Command output:
[request_response] xfce4-screensaver-dialog.c:148 (11:53:14.465):Got response:
-2
[error_watch] gs-window-x11.c:893 (11:53:14.643): Command output:
[do_auth_check] xfce4-screensaver-dialog.c:305 (11:53:14.642): Verify user
returned: TRUE
[dialog_process_watch] gs-window-x11.c:1405 (11:53:14.648): Command
output: RESPONSE=OK
[dialog_process_watch] gs-window-x11.c:1419 (11:53:14.648): Got OK response
entering the wrong password properly dismisses the attempt too :)
feedback welcome..
Landry
? patchesno
? xfce4-screensaver-askpass.diff
Index: Makefile
===================================================================
RCS file: /cvs/ports/x11/xfce4/xfce4-screensaver/Makefile,v
retrieving revision 1.11
diff -u -r1.11 Makefile
--- Makefile 3 Jan 2021 17:34:23 -0000 1.11
+++ Makefile 1 Nov 2021 10:53:53 -0000
@@ -3,6 +3,7 @@
COMMENT = Xfce4 screensaver
XFCE_GOODIE = xfce4-screensaver
+REVISION = 0
# GPLv2
PERMIT_PACKAGE = Yes
@@ -32,7 +33,13 @@
FAKE_FLAGS = menudir=${PREFIX}/share/examples/xfce4-screensaver/xdg/menus
+CONFIGURE_ARGS +=
--with-passwd-helper=${LOCALBASE}/libexec/xfce4-screensaver-ask-pass
+
+post-build:
+ ${CC} ${CFLAGS} ${FILESDIR}/ask-pass.c -o ${WRKBUILD}/ask-pass
+
post-install:
+ ${INSTALL_PROGRAM} ${WRKBUILD}/ask-pass
${PREFIX}/libexec/xfce4-screensaver-ask-pass
@mv ${WRKINST}/etc/xdg/autostart \
${PREFIX}/share/examples/xfce4-screensaver/xdg/autostart
rm -Rf ${WRKINST}/etc/xdg
Index: files/ask-pass.c
===================================================================
RCS file: files/ask-pass.c
diff -N files/ask-pass.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ files/ask-pass.c 1 Nov 2021 10:53:53 -0000
@@ -0,0 +1,84 @@
+/* $OpenBSD$
+ * verifying typed passwords with bsd_auth(3)
+ *
+ * Copyright (c) 2009 Antoine Jacoutot <[email protected]>
+ * Copyright (c) 2021 Landry Breuil <[email protected]>
+ * Copyright (c) 2021 Natanael Copa <[email protected]>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdio.h>
+#include <signal.h>
+#include <err.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <sys/types.h>
+
+#include <login_cap.h>
+#include <bsd_auth.h>
+
+static void sighandler(int sig)
+{
+ if (sig > 0)
+ errx(sig, "caught signal %d", sig);
+}
+
+static void setup_signals(void)
+{
+ struct sigaction action;
+
+ memset((void *) &action, 0, sizeof(action));
+ action.sa_handler = sighandler;
+ action.sa_flags = SA_RESETHAND;
+ sigaction(SIGILL, &action, NULL);
+ sigaction(SIGTRAP, &action, NULL);
+ sigaction(SIGBUS, &action, NULL);
+ sigaction(SIGSEGV, &action, NULL);
+ action.sa_handler = SIG_IGN;
+ action.sa_flags = 0;
+ sigaction(SIGTERM, &action, NULL);
+ sigaction(SIGHUP, &action, NULL);
+ sigaction(SIGINT, &action, NULL);
+ sigaction(SIGQUIT, &action, NULL);
+ sigaction(SIGALRM, &action, NULL);
+}
+
+int
+main (int argc, const char *argv[]) {
+ char pass[8192];
+ int res, fd;
+
+ /* Make sure standard file descriptors are connected */
+ while ((fd = open("/dev/null", O_RDWR)) <= 2);
+ close(fd);
+
+ setup_signals();
+
+ char *user = getlogin();
+ if (user == NULL)
+ err (1, "failed to get login name");
+
+ int npass = read(STDIN_FILENO, pass, sizeof(pass)-1);
+ if (npass < 0)
+ err(1, "error reading password");
+ pass[npass] = '\0';
+
+ /* authenticate */
+ res = auth_userokay((char *)user, NULL, "auth-xfce-screensaver", pass);
+
+ return !res;
+}
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/x11/xfce4/xfce4-screensaver/pkg/PLIST,v
retrieving revision 1.5
diff -u -r1.5 PLIST
--- pkg/PLIST 9 Nov 2020 17:57:59 -0000 1.5
+++ pkg/PLIST 1 Nov 2021 10:53:53 -0000
@@ -4,9 +4,12 @@
bin/xfce4-screensaver-configure
@bin bin/xfce4-screensaver-preferences
libexec/xfce4-screensaver/
-@mode u+s
-@bin libexec/xfce4-screensaver-dialog
+@mode g+s
+@group auth
+@bin libexec/xfce4-screensaver-ask-pass
+@group
@mode
+@bin libexec/xfce4-screensaver-dialog
@bin libexec/xfce4-screensaver-gl-helper
@bin libexec/xfce4-screensaver/floaters
@bin libexec/xfce4-screensaver/popsquares
