diff -cr --new-file xlock.orig/Imakefile xlock/Imakefile *** xlock.orig/Imakefile Fri Sep 27 18:10:27 1991 --- xlock/Imakefile Thu Aug 12 18:30:11 1993 *************** *** 5,11 **** DEPLIBS = $(DEPXLIB) LOCAL_LIBRARIES = $(XLIB) LINTLIBS = $(LINTXLIB) ! SYS_LIBRARIES = -lm SRCS = xlock.c hsbramp.c usleep.c resource.c \ hopalong.c qix.c life.c image.c blank.c \ swarm.c rotor.c pyro.c flame.c worm.c --- 5,11 ---- DEPLIBS = $(DEPXLIB) LOCAL_LIBRARIES = $(XLIB) LINTLIBS = $(LINTXLIB) ! SYS_LIBRARIES = -lm -lcrypt SRCS = xlock.c hsbramp.c usleep.c resource.c \ hopalong.c qix.c life.c image.c blank.c \ swarm.c rotor.c pyro.c flame.c worm.c *************** *** 15,18 **** --- 15,19 ---- ComplexProgramTarget(xlock) InstallAppDefaults(XLock) + InstallProgramWithFlags(xlock,$(BINDIR),$(INSTUIDFLAGS)) diff -cr --new-file xlock.orig/resource.c xlock/resource.c *** xlock.orig/resource.c Fri Sep 27 17:58:40 1991 --- xlock/resource.c Wed Aug 11 23:27:41 1993 *************** *** 36,41 **** --- 36,43 ---- * Declare external interface routines for supported screen savers. */ + extern double atof(); + extern void inithop(); extern void drawhop(); diff -cr --new-file xlock.orig/usleep.c xlock/usleep.c *** xlock.orig/usleep.c Fri May 24 09:58:12 1991 --- xlock/usleep.c Wed Aug 11 23:27:41 1993 *************** *** 13,18 **** --- 13,20 ---- #include "xlock.h" + #ifndef __386BSD__ + int usleep(usec) unsigned long usec; *************** *** 27,32 **** --- 29,36 ---- #endif return 0; } + + #endif /* __386BSD__ */ /* * returns the number of seconds since 01-Jan-70. diff -cr --new-file xlock.orig/xlock.c xlock/xlock.c *** xlock.orig/xlock.c Fri Sep 27 18:04:39 1991 --- xlock/xlock.c Sat Aug 14 14:52:42 1993 *************** *** 29,34 **** --- 29,37 ---- * Mountain View, CA 94043 * * Revision History: + * 12-Aug-93: added fetchPass function to properly deal with shadow + * password files. Also setup xlock to run with user's uid. + * 23-Jul-93: ported to 386BSD, revised getlogin and getpwnam routines. * 24-Jun-91: make foreground and background color get used on mono. * 24-May-91: added -usefirst. * 16-May-91: added pyro and random modes. *************** *** 129,134 **** --- 132,143 ---- extern char *crypt(); extern char *getenv(); + #define PASSLENGTH 20 + + static char userpass[PASSLENGTH]; + static char rootpass[PASSLENGTH]; + static char *user; + char *ProgramName; /* argv[0] */ perscreen Scr[MAXSCREENS]; Display *dsp = NULL; /* server display connection */ *************** *** 157,163 **** static int ssblanking; static int ssexposures; - #define PASSLENGTH 20 #define FALLBACK_FONTNAME "fixed" #define ICONW 64 #define ICONH 64 --- 166,171 ---- *************** *** 409,429 **** getPassword() { char buffer[PASSLENGTH]; - char userpass[PASSLENGTH]; - char rootpass[PASSLENGTH]; - char *user; XWindowAttributes xgwa; int y, left, done; - struct passwd *pw; - - pw = getpwnam("root"); - strcpy(rootpass, pw->pw_passwd); - pw = getpwnam(cuserid(NULL)); - strcpy(userpass, pw->pw_passwd); - - user = pw->pw_name; - XGetWindowAttributes(dsp, win[screen], &xgwa); XChangeGrabbedCursor(XCreateFontCursor(dsp, XC_left_ptr)); --- 417,425 ---- *************** *** 637,642 **** --- 633,644 ---- else ProgramName = argv[0]; + /* + * fetchPass() gets the encrypted password entries and then + * revokes xlock's suid status + */ + fetchPass(); + srandom(time((long *) 0)); /* random mode needs the seed set. */ GetResources(argc, argv); *************** *** 780,783 **** --- 782,812 ---- finish(); return 0; + } + + int fetchPass() + { + + struct passwd *pw; + int uid; + + pw = getpwuid(0); + strcpy(rootpass, pw->pw_passwd); + + pw = getpwuid(uid = getuid()); + strcpy(userpass, pw->pw_passwd); + user = pw->pw_name; + + /* We need to be root to get the password entries */ + if ( userpass[0] == '*' ) { + fprintf(stderr, "Your account has a null password\n"); + fprintf(stderr, "OR\n"); + fprintf(stderr, "The program needs to be installed set-uid to\n"); + fprintf(stderr, "the uid that 'owns' the password database in\n"); + fprintf(stderr, "order to read the encryped password entries\n"); + exit(-1); + } + + /* Back to regular user */ + setuid(getuid()); }