Bug#1057279: xtrlock option to verify password via a subprocess
Matthew Vernon wrote: > I think both docs and making the hourglass optional would be good, > please; Revised patches attached. The runtime usage message was starting to get large, so I've appended a third patch that sets up standard --help and --version options, in case that's also useful to you. Cheers, Simon -- import hashlib; print((lambda p,q,g,y,r,s,m: (lambda w:(pow(g,int(hashlib.sha1( m.encode('ascii')).hexdigest(),16)*w%q,p)*pow(y,r*w%q,p)%p)%q)(pow(s,q-2,q))==r and s%q!=0 and m)(12342649995480866419, 2278082317364501, 1670428356600652640, 5398151833726432125, 645223105888478, 1916678356240619, "")) 0001-Add-check-option-to-specify-a-password-checking-subp.patch Description: Binary data 0002-Display-a-wait-cursor-while-password-is-being-valida.patch Description: Binary data 0003-Reorganise-help-output-into-help-and-version.patch Description: Binary data
Bug#1057279: xtrlock option to verify password via a subprocess
Hi, On 02/12/2023 15:23, Simon Tatham wrote: I run xtrlock on a machine which doesn't store all its passwd/shadow entries locally. So xtrlock is unable to verify my password by the usual method. To get around this, I added a feature which replaces the passwd/shadow based check with a user-provided subprogram. xtrlock pipes the password into the subprogram's standard input, and unlocks the screen if the program exits with a success status. Thanks for this and the attached patches; I think it's a useful addition to xtrlock. Both patches are attached. At the moment, they lack documentation, and also the hourglass-pointer patch is unconditional rather than configurable. I'm prepared to do extra polishing effort if it's useful! I think both docs and making the hourglass optional would be good, please; I'm sorry I've not done anything more useful in terms of review yet, but I'm currently a bit swamped, and I thought at least some reply would be better than continued silence! Regards, Matthew
Bug#1057279: xtrlock option to verify password via a subprocess
Simon Tatham wrote: > To get around this, I added a feature which replaces the passwd/shadow > based check with a user-provided subprogram. Now I look at the existing bug list, this might provide functionality related to two existing bugs: - #84419 xtrlock won't work with NIS/shadow maps This is exactly what I use it for, and it avoids complicating xtrlock itself any more than necessary. Perhaps the direct PAM-based check the reporter suggested could be turned into a more polished version of my horrid su-based check script, although I don't know how to do that off the top of my head. - #806734 xtrlock: add custom passphrase The requester wanted to prompt for a passphrase at startup, but perhaps having one configured in advance is at least good enough, and maybe even better? (If you use the same passphrase all the time, it'd be embarrassing to make a typo when leaving your desk, and then not be able to get back in.) Cheers, Simon -- import hashlib; print((lambda p,q,g,y,r,s,m: (lambda w:(pow(g,int(hashlib.sha1( m.encode('ascii')).hexdigest(),16)*w%q,p)*pow(y,r*w%q,p)%p)%q)(pow(s,q-2,q))==r and s%q!=0 and m)(12342649995480866419, 2278082317364501, 1670428356600652640, 5398151833726432125, 645223105888478, 1916678356240619, ""))
Bug#1057279: xtrlock option to verify password via a subprocess
Package: xtrlock Version: 2.15 Tags: patch I run xtrlock on a machine which doesn't store all its passwd/shadow entries locally. So xtrlock is unable to verify my password by the usual method. To get around this, I added a feature which replaces the passwd/shadow based check with a user-provided subprogram. xtrlock pipes the password into the subprogram's standard input, and unlocks the screen if the program exits with a success status. I can make this check my real login password by using a subprogram based on 'su $USERNAME -c true' (with some plumbing to run it in a pty and pipe the password through). Another obvious approach would be to define a 'screen-unlock password' separate from my login password, and a subprogram that checks that (say, against a file containing a crypt(3)ed version). This also means that xtrlock can do something useful even in situations where someone is not able to give it set-id access of any kind. The only problem I've found with this is that the su-based check takes noticeable time (several seconds in the environment where I use this), so that I start wondering whether I got my password wrong, or whether it's just being slow to check. To work around _that_, I've also arranged to temporarily turn the mouse pointer from a padlock to an hourglass while the check program is running. Both patches are attached. At the moment, they lack documentation, and also the hourglass-pointer patch is unconditional rather than configurable. I'm prepared to do extra polishing effort if it's useful! Cheers, Simon -- import hashlib; print((lambda p,q,g,y,r,s,m: (lambda w:(pow(g,int(hashlib.sha1( m.encode('ascii')).hexdigest(),16)*w%q,p)*pow(y,r*w%q,p)%p)%q)(pow(s,q-2,q))==r and s%q!=0 and m)(12342649995480866419, 2278082317364501, 1670428356600652640, 5398151833726432125, 645223105888478, 1916678356240619, "")) 0001-Add-check-option-to-specify-a-password-checking-subp.patch Description: Binary data 0002-Display-a-wait-cursor-while-password-is-being-valida.patch Description: Binary data