v01i043: xsecure: Secures a screen under X10, Part01/01
Mike Wexler
mikew at wyse.wyse.com
Thu Sep 15 04:07:21 AEST 1988
Submitted-by: cml at diplodocus.cis.ohio-state.edu (Christopher Lott)
Posting-number: Volume 1, Issue 43
Archive-name: xsecure/part01
#! /bin/sh
# This is a shell archive, meaning:
# 1. Remove everything above the #! /bin/sh line.
# 2. Save the resulting text in a file.
# 3. Execute the file with /bin/sh (not csh) to create the files:
# Makefile
# README
# patchlevel.h
# xsecure.1
# xsecure.c
# This archive created: Thu Sep 1 10:15:39 1988
export PATH; PATH=/bin:$PATH
if test -f 'Makefile'
then
echo shar: will not over-write existing file "'Makefile'"
else
sed 's/^#//' << \SHAR_EOF > 'Makefile'
#XSECURE = xsecure.c
#
#xsecure: $(XSECURE)
# cc -O -o xsecure xsecure.c -lX
#
#clean:
# rm -f xsecure *.o
SHAR_EOF
fi # end of overwriting check
if test -f 'README'
then
echo shar: will not over-write existing file "'README'"
else
sed 's/^#//' << \SHAR_EOF > 'README'
#xsecure secures a sun console under the X window system.
#
#It will black the screen (default) or can be told to leave the screen
#visible; either way, a padlock icon is bounced around the screen until
#the user enters his/her password (default).
#
#
#the user can set the -r switch which means accept the root passwd as
#well (like lockscreen under SunView)
#
#christopher lott, cml at cis.ohio-state.edu, OSU Computer Science Dept, 880826
SHAR_EOF
fi # end of overwriting check
if test -f 'patchlevel.h'
then
echo shar: will not over-write existing file "'patchlevel.h'"
else
sed 's/^#//' << \SHAR_EOF > 'patchlevel.h'
#/* Version: 1.2 Patchlevel: 0 */
SHAR_EOF
fi # end of overwriting check
if test -f 'xsecure.1'
then
echo shar: will not over-write existing file "'xsecure.1'"
else
sed 's/^#//' << \SHAR_EOF > 'xsecure.1'
#.TH XSECURE 1 "30 June 1988" "X Version 10"
#.SH NAME
#xsecure - X Window System Screen Locker
#.SH SYNOPSIS
#.B xsecure
#[ -b ] [ -c ] [ -r ]
#.SH DESCRIPTION
#.I Xsecure
#is the
#.I X
#window system console security mechanism and screen saver.
#.I Xsecure
#(optionally) blanks the screen and bounces a padlock icon around
#the screen. Control
#of the screen is relinquished after
#.I xsecure
#receives the password of the user or, optionally, the root password, on the
#keyboard. No indication is given that any keystrokes have
#been received, and a newline character must be entered after the
#password.
#.SH OPTIONS
#.PP
#.TP
#.B \-b
#Display the lock icon on a (b)lack background - black the screen.
#.TP
#.B \-c
#Display the lock icon on a (c)lear background - don't black the screen.
#.TP
#.B \-r
#Accept the root passwd in addition to the user's passwd.
#.SH ARGUMENTS
#.PP
#None.
#.SH DEFAULTS
#.PP
#Defaults to a black screen (-b option);
#does not use the X defaults database.
#.SH SEE ALSO
#X(1), xwm(1)
#.SH AUTHORS
#.PP
#Walter Milliken (milliken at bbn.com), original code
#.PP
#Christopher Lott (cml at cis.ohio-state.edu), enhancements
#.SH BUGS
#.PP
#May refuse to start if you have too many windows active.
#.PP
#Should give some indication that it received the password after receiving
#the return key.
#.PP
#Hitting return before entering the password is usually a good idea.
#.SH NOTES
#Few, if any, users will use the -r switch to allow the root password.
#.I Xsecure
#was written to require the -r switch to be explicitly
#turned on before accepting root's password to
#foil this slightly obscure security hole: Consider a public
#lab where the monitor uses the root password to break locked screen
#after some amount of idle time thus freeing the workstation. Any
#user can run his own version of the lockscreen, leave, and have the
#program log all passwords typed at it. The monitor will never know
#that the root password has been compromised.
SHAR_EOF
fi # end of overwriting check
if test -f 'xsecure.c'
then
echo shar: will not over-write existing file "'xsecure.c'"
else
sed 's/^#//' << \SHAR_EOF > 'xsecure.c'
#/* secure a SUN console under X */
#
#/* Walter Milliken (milliken at bbn.com)
# BBN Advanced Computers, Inc.
# 10 Fawcett St.
# Cambridge, MA 02238 */
#
#/* Christopher Lott (cml at cis.ohio-state.edu)
# * Modified to accept root's passwd as well
# * 3 November 1987
# * Modified further 28 June 1988:
# * -b option == (b)lack screen (default)
# * -c option == leave screen (c)lear - don't black it out
# *
# * Modified 26 August 1988
# * -r option == accept root's passwd; don't otherwise
# * don't accept a passwd on the command line (security hole)
# */
#
##include <stdio.h>
##include <ctype.h>
##include <strings.h>
##include <pwd.h> /* to use getpwent() */
##include <sys/param.h> /* for NGROUPS value */
##include <X/Xlib.h>
#
##define TRUE 1
##define FALSE 0
##define SUPERUSER_ID 0
##define LENGTH 100
#
#char * crypt();
#long rand(); /* keep lint happy */
#char *sprintf();
#
#Display * dsp;
#OpaqueFrame frame;
#Window w, sub_win;
#Cursor mycursor;
#
#XEvent evt;
#XKeyPressedEvent * kpevt;
#
##define lckcurs_width 32
##define lckcurs_height 32
##define lckcurs_x_hot 16
##define lckcurs_y_hot 20
#static short lckcurs_bits[] = {
# 0x0000, 0x0000, 0xe000, 0x0007,
# 0xf800, 0x001f, 0xfc00, 0x003f,
# 0x3e00, 0x007c, 0x0f00, 0x00f0,
# 0x0700, 0x00e0, 0x0380, 0x01c0,
# 0x0380, 0x01c0, 0x0380, 0x01c0,
# 0x01c0, 0x0380, 0x01c0, 0x0380,
# 0x01c0, 0x0380, 0x01c0, 0x0380,
# 0xfff0, 0x0fff, 0x0008, 0x1000,
# 0x0008, 0x1000, 0xc008, 0x1003,
# 0xe008, 0x1007, 0xf008, 0x100f,
# 0xf008, 0x100f, 0xf008, 0x100f,
# 0xe008, 0x1007, 0xc008, 0x1003,
# 0xc008, 0x1003, 0xc008, 0x1003,
# 0xc008, 0x1003, 0xc008, 0x1003,
# 0x0008, 0x1000, 0x0008, 0x1000,
# 0xfff0, 0x0fff, 0x0000, 0x0000};
#
#
##define lckmask_width 32
##define lckmask_height 32
#static short lckmask_bits[] = {
# 0xe000, 0x0007, 0xf800, 0x001f,
# 0xfc00, 0x003f, 0xfe00, 0x007f,
# 0xff00, 0x00ff, 0x3f80, 0x01fc,
# 0x0f80, 0x01f0, 0x07c0, 0x03e0,
# 0x07c0, 0x03e0, 0x07c0, 0x03e0,
# 0x03e0, 0x07c0, 0x03e0, 0x07c0,
# 0x03e0, 0x07c0, 0x03e0, 0x07c0,
# 0xfff0, 0x0fff, 0xfff8, 0x1fff,
# 0xfff8, 0x1fff, 0xfff8, 0x1fff,
# 0xfff8, 0x1fff, 0xfff8, 0x1fff,
# 0xfff8, 0x1fff, 0xfff8, 0x1fff,
# 0xfff8, 0x1fff, 0xfff8, 0x1fff,
# 0xfff8, 0x1fff, 0xfff8, 0x1fff,
# 0xfff8, 0x1fff, 0xfff8, 0x1fff,
# 0xfff8, 0x1fff, 0xfff8, 0x1fff,
# 0xfff0, 0x0fff, 0x0000, 0x0000};
#
#
#
#/* print usage message and exit */
#int usage(s, ec)
# char *s;
# int ec;
#{
# printf ("Usage: %s [-b] [-c] [-r]\n", s);
# exit (ec);
#}
#
#
#/* read a string using X events
# */
#int ReadXString(s, slen)
# char * s;
# int slen;
#{
# int bp;
# char c;
# int n;
# char * keystr;
#
# bp = 0;
# c = 'x';
#
# while (c != '\r') {
# if (XPending() == 0) {
# XWarpMouse(w, (rand() % (DisplayWidth()-64))+32,
# (rand() % (DisplayHeight()-64))+32);
# sleep(2);
# }
# else {
# XNextEvent(&evt);
# /* only handle KeyPressed event */
# if (evt.type == KeyPressed) {
# keystr = XLookupMapping(kpevt, &n);
# if (n>0) {
# c = keystr[0];
# if (c == '\r') s[bp] = '\0';
# else s[bp] = c;
# if (bp < slen-1) bp++;
# } /* valid key */
# } /* event is key event */
# } /* else */
# } /* while */
# return (0);
#}
#
#
#main(argc, argv)
# int argc;
# char * argv[];
#{
# struct passwd *pw;
# char geometry[40];
# char buf[200], user_pass[15], root_pass[15];
# char r[15], u[15]; /* space to encrypt what user enters */
# short black_screen, clear_screen, root_passwd;
# int orig_x, orig_y;
# char *ptr; /* save argv */
#
# black_screen = clear_screen = root_passwd = FALSE;
# ptr = *argv;
# while (--argc) {
# if (**++argv == '-') {
# switch(*++*argv) {
# case 'b': {
# black_screen = TRUE;
# if (clear_screen) usage(ptr, 1);
# break;
# }
# case 'c': {
# clear_screen = TRUE;
# if (black_screen) usage(ptr, 2);
# break;
# }
# case 'r': {
# root_passwd = TRUE;
# break;
# }
# default: {
# fprintf (stderr, "Unknown flag -%c\n", **argv);
# usage(ptr, 1);
# break;
# } /* def case */
# } /* end switch */
# }
# else {
# break; /* bad argument, just quit parsing them */
# } /* end if */
# } /* end while */
#
# pw = getpwuid(getuid()); /* get user's system pw */
# (void) strcpy (user_pass, pw->pw_passwd);
#
# if (root_passwd) {
# pw = getpwuid(SUPERUSER_ID); /* get root's pw */
# (void) strcpy(root_pass, pw->pw_passwd); /* save the string */
# }
# else {
# strcpy (root_pass, "nothing"); /* completely unmatchable - not 13 char */
# }
#
# /* now try to open the display */
# if (!(dsp = XOpenDisplay(NULL))) { /* disp open must work */
# perror ("XOpenDisplay");
# exit (1);
# }
#
# kpevt = (XKeyPressedEvent *) &evt;
# mycursor = XCreateCursor(lckcurs_width, lckcurs_height, lckcurs_bits,
# lckmask_bits, lckcurs_x_hot, lckcurs_y_hot,
# BlackPixel, WhitePixel, GXcopy);
# frame.bdrwidth = 0;
# frame.border = BlackPixmap;
# frame.background = BlackPixmap;
# if (clear_screen) /* black or clear */
# (void) sprintf(geometry, "%dx%d+0+0", 1, 1);
# else
# (void) sprintf(geometry, "%dx%d+0+0", DisplayWidth(), DisplayHeight());
#
# w = XCreate(argv[0], argv[0], geometry, "", &frame, 1, 1);
#
# XSelectInput(w, KeyPressed);
# XMapWindow(w);
# XFocusKeyboard(w);
# XGrabMouse(w, mycursor, -1);
# /* save old position of mouse */
# XQueryMouse (w, &orig_x, &orig_y, &sub_win);
#
# do {
# ReadXString(buf, 200);
# (void) strcpy (u, crypt(buf, user_pass)); /* crypt for user pw */
# (void) strcpy (r, crypt(buf, root_pass)); /* crypt for root pw */
# } while ( (strcmp(u, user_pass)) && (strcmp(r, root_pass)) );
#
# /* restore old position of mouse */
# XWarpMouse(w, orig_x, orig_y);
# XUngrabMouse();
# XFocusKeyboard(RootWindow);
# XDestroyWindow(w);
# XFlush();
# exit (0);
#}
SHAR_EOF
fi # end of overwriting check
# End of shell archive
exit 0
--
Mike Wexler(wyse!mikew) Phone: (408)433-1000 x1330
More information about the Comp.sources.x
mailing list