mikew@wyse.wyse.com (Mike Wexler) (09/15/88)
Submitted-by: cml@diplodocus.cis.ohio-state.edu (Christopher Lott) Posting-number: Volume 1, Issue 43 Archive-name: xsecure/part01 #! /bin/sh # This is a shell archive, meaning: # 1. Remove everything above the #! /bin/sh line. # 2. Save the resulting text in a file. # 3. Execute the file with /bin/sh (not csh) to create the files: # Makefile # README # patchlevel.h # xsecure.1 # xsecure.c # This archive created: Thu Sep 1 10:15:39 1988 export PATH; PATH=/bin:$PATH if test -f 'Makefile' then echo shar: will not over-write existing file "'Makefile'" else sed 's/^#//' << \SHAR_EOF > 'Makefile' #XSECURE = xsecure.c # #xsecure: $(XSECURE) # cc -O -o xsecure xsecure.c -lX # #clean: # rm -f xsecure *.o SHAR_EOF fi # end of overwriting check if test -f 'README' then echo shar: will not over-write existing file "'README'" else sed 's/^#//' << \SHAR_EOF > 'README' #xsecure secures a sun console under the X window system. # #It will black the screen (default) or can be told to leave the screen #visible; either way, a padlock icon is bounced around the screen until #the user enters his/her password (default). # # #the user can set the -r switch which means accept the root passwd as #well (like lockscreen under SunView) # #christopher lott, cml@cis.ohio-state.edu, OSU Computer Science Dept, 880826 SHAR_EOF fi # end of overwriting check if test -f 'patchlevel.h' then echo shar: will not over-write existing file "'patchlevel.h'" else sed 's/^#//' << \SHAR_EOF > 'patchlevel.h' #/* Version: 1.2 Patchlevel: 0 */ SHAR_EOF fi # end of overwriting check if test -f 'xsecure.1' then echo shar: will not over-write existing file "'xsecure.1'" else sed 's/^#//' << \SHAR_EOF > 'xsecure.1' #.TH XSECURE 1 "30 June 1988" "X Version 10" #.SH NAME #xsecure - X Window System Screen Locker #.SH SYNOPSIS #.B xsecure #[ -b ] [ -c ] [ -r ] #.SH DESCRIPTION #.I Xsecure #is the #.I X #window system console security mechanism and screen saver. #.I Xsecure #(optionally) blanks the screen and bounces a padlock icon around #the screen. Control #of the screen is relinquished after #.I xsecure #receives the password of the user or, optionally, the root password, on the #keyboard. No indication is given that any keystrokes have #been received, and a newline character must be entered after the #password. #.SH OPTIONS #.PP #.TP #.B \-b #Display the lock icon on a (b)lack background - black the screen. #.TP #.B \-c #Display the lock icon on a (c)lear background - don't black the screen. #.TP #.B \-r #Accept the root passwd in addition to the user's passwd. #.SH ARGUMENTS #.PP #None. #.SH DEFAULTS #.PP #Defaults to a black screen (-b option); #does not use the X defaults database. #.SH SEE ALSO #X(1), xwm(1) #.SH AUTHORS #.PP #Walter Milliken (milliken@bbn.com), original code #.PP #Christopher Lott (cml@cis.ohio-state.edu), enhancements #.SH BUGS #.PP #May refuse to start if you have too many windows active. #.PP #Should give some indication that it received the password after receiving #the return key. #.PP #Hitting return before entering the password is usually a good idea. #.SH NOTES #Few, if any, users will use the -r switch to allow the root password. #.I Xsecure #was written to require the -r switch to be explicitly #turned on before accepting root's password to #foil this slightly obscure security hole: Consider a public #lab where the monitor uses the root password to break locked screen #after some amount of idle time thus freeing the workstation. Any #user can run his own version of the lockscreen, leave, and have the #program log all passwords typed at it. The monitor will never know #that the root password has been compromised. SHAR_EOF fi # end of overwriting check if test -f 'xsecure.c' then echo shar: will not over-write existing file "'xsecure.c'" else sed 's/^#//' << \SHAR_EOF > 'xsecure.c' #/* secure a SUN console under X */ # #/* Walter Milliken (milliken@bbn.com) # BBN Advanced Computers, Inc. # 10 Fawcett St. # Cambridge, MA 02238 */ # #/* Christopher Lott (cml@cis.ohio-state.edu) # * Modified to accept root's passwd as well # * 3 November 1987 # * Modified further 28 June 1988: # * -b option == (b)lack screen (default) # * -c option == leave screen (c)lear - don't black it out # * # * Modified 26 August 1988 # * -r option == accept root's passwd; don't otherwise # * don't accept a passwd on the command line (security hole) # */ # ##include <stdio.h> ##include <ctype.h> ##include <strings.h> ##include <pwd.h> /* to use getpwent() */ ##include <sys/param.h> /* for NGROUPS value */ ##include <X/Xlib.h> # ##define TRUE 1 ##define FALSE 0 ##define SUPERUSER_ID 0 ##define LENGTH 100 # #char * crypt(); #long rand(); /* keep lint happy */ #char *sprintf(); # #Display * dsp; #OpaqueFrame frame; #Window w, sub_win; #Cursor mycursor; # #XEvent evt; #XKeyPressedEvent * kpevt; # ##define lckcurs_width 32 ##define lckcurs_height 32 ##define lckcurs_x_hot 16 ##define lckcurs_y_hot 20 #static short lckcurs_bits[] = { # 0x0000, 0x0000, 0xe000, 0x0007, # 0xf800, 0x001f, 0xfc00, 0x003f, # 0x3e00, 0x007c, 0x0f00, 0x00f0, # 0x0700, 0x00e0, 0x0380, 0x01c0, # 0x0380, 0x01c0, 0x0380, 0x01c0, # 0x01c0, 0x0380, 0x01c0, 0x0380, # 0x01c0, 0x0380, 0x01c0, 0x0380, # 0xfff0, 0x0fff, 0x0008, 0x1000, # 0x0008, 0x1000, 0xc008, 0x1003, # 0xe008, 0x1007, 0xf008, 0x100f, # 0xf008, 0x100f, 0xf008, 0x100f, # 0xe008, 0x1007, 0xc008, 0x1003, # 0xc008, 0x1003, 0xc008, 0x1003, # 0xc008, 0x1003, 0xc008, 0x1003, # 0x0008, 0x1000, 0x0008, 0x1000, # 0xfff0, 0x0fff, 0x0000, 0x0000}; # # ##define lckmask_width 32 ##define lckmask_height 32 #static short lckmask_bits[] = { # 0xe000, 0x0007, 0xf800, 0x001f, # 0xfc00, 0x003f, 0xfe00, 0x007f, # 0xff00, 0x00ff, 0x3f80, 0x01fc, # 0x0f80, 0x01f0, 0x07c0, 0x03e0, # 0x07c0, 0x03e0, 0x07c0, 0x03e0, # 0x03e0, 0x07c0, 0x03e0, 0x07c0, # 0x03e0, 0x07c0, 0x03e0, 0x07c0, # 0xfff0, 0x0fff, 0xfff8, 0x1fff, # 0xfff8, 0x1fff, 0xfff8, 0x1fff, # 0xfff8, 0x1fff, 0xfff8, 0x1fff, # 0xfff8, 0x1fff, 0xfff8, 0x1fff, # 0xfff8, 0x1fff, 0xfff8, 0x1fff, # 0xfff8, 0x1fff, 0xfff8, 0x1fff, # 0xfff8, 0x1fff, 0xfff8, 0x1fff, # 0xfff8, 0x1fff, 0xfff8, 0x1fff, # 0xfff0, 0x0fff, 0x0000, 0x0000}; # # # #/* print usage message and exit */ #int usage(s, ec) # char *s; # int ec; #{ # printf ("Usage: %s [-b] [-c] [-r]\n", s); # exit (ec); #} # # #/* read a string using X events # */ #int ReadXString(s, slen) # char * s; # int slen; #{ # int bp; # char c; # int n; # char * keystr; # # bp = 0; # c = 'x'; # # while (c != '\r') { # if (XPending() == 0) { # XWarpMouse(w, (rand() % (DisplayWidth()-64))+32, # (rand() % (DisplayHeight()-64))+32); # sleep(2); # } # else { # XNextEvent(&evt); # /* only handle KeyPressed event */ # if (evt.type == KeyPressed) { # keystr = XLookupMapping(kpevt, &n); # if (n>0) { # c = keystr[0]; # if (c == '\r') s[bp] = '\0'; # else s[bp] = c; # if (bp < slen-1) bp++; # } /* valid key */ # } /* event is key event */ # } /* else */ # } /* while */ # return (0); #} # # #main(argc, argv) # int argc; # char * argv[]; #{ # struct passwd *pw; # char geometry[40]; # char buf[200], user_pass[15], root_pass[15]; # char r[15], u[15]; /* space to encrypt what user enters */ # short black_screen, clear_screen, root_passwd; # int orig_x, orig_y; # char *ptr; /* save argv */ # # black_screen = clear_screen = root_passwd = FALSE; # ptr = *argv; # while (--argc) { # if (**++argv == '-') { # switch(*++*argv) { # case 'b': { # black_screen = TRUE; # if (clear_screen) usage(ptr, 1); # break; # } # case 'c': { # clear_screen = TRUE; # if (black_screen) usage(ptr, 2); # break; # } # case 'r': { # root_passwd = TRUE; # break; # } # default: { # fprintf (stderr, "Unknown flag -%c\n", **argv); # usage(ptr, 1); # break; # } /* def case */ # } /* end switch */ # } # else { # break; /* bad argument, just quit parsing them */ # } /* end if */ # } /* end while */ # # pw = getpwuid(getuid()); /* get user's system pw */ # (void) strcpy (user_pass, pw->pw_passwd); # # if (root_passwd) { # pw = getpwuid(SUPERUSER_ID); /* get root's pw */ # (void) strcpy(root_pass, pw->pw_passwd); /* save the string */ # } # else { # strcpy (root_pass, "nothing"); /* completely unmatchable - not 13 char */ # } # # /* now try to open the display */ # if (!(dsp = XOpenDisplay(NULL))) { /* disp open must work */ # perror ("XOpenDisplay"); # exit (1); # } # # kpevt = (XKeyPressedEvent *) &evt; # mycursor = XCreateCursor(lckcurs_width, lckcurs_height, lckcurs_bits, # lckmask_bits, lckcurs_x_hot, lckcurs_y_hot, # BlackPixel, WhitePixel, GXcopy); # frame.bdrwidth = 0; # frame.border = BlackPixmap; # frame.background = BlackPixmap; # if (clear_screen) /* black or clear */ # (void) sprintf(geometry, "%dx%d+0+0", 1, 1); # else # (void) sprintf(geometry, "%dx%d+0+0", DisplayWidth(), DisplayHeight()); # # w = XCreate(argv[0], argv[0], geometry, "", &frame, 1, 1); # # XSelectInput(w, KeyPressed); # XMapWindow(w); # XFocusKeyboard(w); # XGrabMouse(w, mycursor, -1); # /* save old position of mouse */ # XQueryMouse (w, &orig_x, &orig_y, &sub_win); # # do { # ReadXString(buf, 200); # (void) strcpy (u, crypt(buf, user_pass)); /* crypt for user pw */ # (void) strcpy (r, crypt(buf, root_pass)); /* crypt for root pw */ # } while ( (strcmp(u, user_pass)) && (strcmp(r, root_pass)) ); # # /* restore old position of mouse */ # XWarpMouse(w, orig_x, orig_y); # XUngrabMouse(); # XFocusKeyboard(RootWindow); # XDestroyWindow(w); # XFlush(); # exit (0); #} SHAR_EOF fi # end of overwriting check # End of shell archive exit 0 -- Mike Wexler(wyse!mikew) Phone: (408)433-1000 x1330