; screen-3.9.5-pamlock.patch ; (c) copyright 2000 by wojtekka@irc.pl ; ; cp /etc/pam.d/su /etc/pam.d/screen ; chmod 4755 /sbin/pwdb_chkpwd ; chown root.utmp /usr/bin/screen ; chmod 2755 /usr/bin/screen diff -uNr screen-3.9.5.orig/Makefile.in screen-3.9.5/Makefile.in --- screen-3.9.5.orig/Makefile.in Thu Sep 2 00:50:31 1999 +++ screen-3.9.5/Makefile.in Mon May 29 13:50:35 2000 @@ -23,7 +23,7 @@ CC = @CC@ CFLAGS = -O LDFLAGS = -LIBS = @LIBS@ +LIBS = @LIBS@ -lpam -ldl CPP_DEPEND=$(CC) -MM diff -uNr screen-3.9.5.orig/attacher.c screen-3.9.5/attacher.c --- screen-3.9.5.orig/attacher.c Mon Jul 26 19:58:03 1999 +++ screen-3.9.5/attacher.c Mon May 29 15:05:35 2000 @@ -35,6 +35,11 @@ #include +#ifdef PAMLOCK +# include +# include +#endif + static sigret_t AttacherSigInt __P(SIGPROTOARG); #if defined(SIGWINCH) && defined(TIOCGWINSZ) static sigret_t AttacherWinch __P(SIGPROTOARG); @@ -722,6 +727,46 @@ } } /* LockTerminal */ +#ifdef PAMLOCK + +char *pamlock_password; + +int pamlock_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) +{ + struct pam_response *my_resp = malloc(sizeof(struct pam_response)); + + my_resp->resp_retcode = 0; + my_resp->resp = strdup(pamlock_password); + *resp = my_resp; + + return PAM_SUCCESS; +} + +int pamlock_authenticate(char *pass) +{ + static struct pam_conv conv = { pamlock_conv, NULL }; + pam_handle_t *pamh = NULL; + int retval; + struct passwd *pw; + + if (!(pw = getpwuid(getuid()))) + return 0; + pamlock_password = pass; + + retval = pam_start("screen", pw->pw_name, &conv, &pamh); + if (retval == PAM_SUCCESS) + retval = pam_authenticate(pamh, 0); + if (retval == PAM_SUCCESS) + retval = pam_acct_mgmt(pamh, 0); + if (retval == PAM_SUCCESS) + retval = pam_end(pamh, PAM_SUCCESS); + + return (retval == PAM_SUCCESS) ? 1 : 0; +} + + +#endif + /* -- original copyright by Luigi Cannelloni 1985 (luigi@faui70.UUCP) -- */ static void screen_builtin_lck() @@ -729,7 +774,12 @@ char fullname[100], *cp1, message[100 + 100]; char *pass, mypass[9]; +#ifndef PAMLOCK pass = ppp->pw_passwd; +#else + pass = "lamelamelamelame"; +#endif + if (pass == 0 || *pass == 0) { if ((pass = getpass("Key: "))) @@ -784,6 +834,10 @@ AttacherFinit(SIGARG); /* NOTREACHED */ } +#ifdef PAMLOCK + if (pamlock_authenticate(cp1)) + break; +#else if (pass) { if (!strncmp(crypt(cp1, pass), pass, strlen(pass))) @@ -794,6 +848,7 @@ if (!strcmp(cp1, mypass)) break; } +#endif debug("screen_builtin_lck: NO!!!!!\n"); } debug("password ok.\n"); diff -uNr screen-3.9.5.orig/config.h.in screen-3.9.5/config.h.in --- screen-3.9.5.orig/config.h.in Thu Sep 2 00:50:30 1999 +++ screen-3.9.5/config.h.in Mon May 29 13:40:53 2000 @@ -114,6 +114,7 @@ /* * here come the erlangen extensions to screen: * define LOCK if you want to use a lock program for a screenlock. + * define PAMLOCK if you want to authenticate via PAM. * define PASSWORD for secure reattach of your screen. * define COPY_PASTE to use the famous hacker's treasure zoo. * define POW_DETACH to have a detach_and_logout key (requires DETACH). @@ -135,6 +136,7 @@ #undef SIMPLESCREEN #ifndef SIMPLESCREEN # define LOCK +# define PAMLOCK # define PASSWORD # define COPY_PASTE # define REMOTE_DETACH diff -uNr screen-3.9.5.orig/screen.c screen-3.9.5/screen.c --- screen-3.9.5.orig/screen.c Wed Sep 1 23:57:25 1999 +++ screen-3.9.5/screen.c Mon May 29 13:26:25 2000 @@ -97,6 +97,11 @@ # include #endif /* SHADOWPW */ +#ifdef PAMAUTH +# include +# include +#endif + #include "logfile.h" /* islogfile, logfflush */ #ifdef DEBUG