auth: fallback to su if pam_module not in /etc/pam.d

rare occasion where a path check even works on nix
hyprwm · Mar 22, 2024 · ba08709 · ba08709
1 parent c1fe8d9
commit ba08709
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 9 deletions.
diff --git a/src/core/Auth.cpp b/src/core/Auth.cpp
@@ -3,6 +3,7 @@
 #include "../helpers/Log.hpp"
 #include "src/config/ConfigManager.hpp"
 
+#include <filesystem>
 #include <unistd.h>
 #include <pwd.h>
 #include <security/pam_appl.h>
@@ -44,16 +45,24 @@ int conv(int num_msg, const struct pam_message** msg, struct pam_response** resp
     return PAM_SUCCESS;
 }
 
+CAuth::CAuth() {
+    static auto* const PPAMMODULE = (Hyprlang::STRING*)(g_pConfigManager->getValuePtr("general:pam_module"));
+    m_sPamModule                  = *PPAMMODULE;
+
+    if (!std::filesystem::exists(std::filesystem::path("/etc/pam.d/") / m_sPamModule)) {
+        Debug::log(ERR, "Pam module \"{}\" not found! Falling back to \"su\"", m_sPamModule);
+        m_sPamModule = "su";
+    }
+}
+
 static void passwordCheckTimerCallback(std::shared_ptr<CTimer> self, void* data) {
     g_pHyprlock->onPasswordCheckTimer();
 }
 
 void CAuth::start() {
     std::thread([this]() {
-        static auto* const PPAMMODULE = (Hyprlang::STRING*)(g_pConfigManager->getValuePtr("general:pam_module"));
-
         resetConversation();
-        auth(*PPAMMODULE);
+        auth(m_sPamModule);
 
         g_pHyprlock->addTimer(std::chrono::milliseconds(1), passwordCheckTimerCallback, nullptr);
     }).detach();

diff --git a/src/core/Auth.hpp b/src/core/Auth.hpp
@@ -31,6 +31,8 @@ class CAuth {
         bool        isFail = false;
     };
 
+    CAuth();
+
     void                     start();
     bool                     auth(std::string pam_module);
     bool                     didAuthSucceed();
@@ -48,7 +50,9 @@ class CAuth {
   private:
     SPamConversationState m_sConversationState;
 
+    std::string           m_sPamModule;
+
     void                  resetConversation();
 };
 
-inline std::unique_ptr<CAuth> g_pAuth = std::make_unique<CAuth>();
+inline std::unique_ptr<CAuth> g_pAuth;
diff --git a/src/core/hyprlock.cpp b/src/core/hyprlock.cpp
@@ -452,8 +452,6 @@ void CHyprlock::run() {
 
     m_sLoopState.event = true; // let it process once
 
-    g_pAuth->start();
-
     while (1) {
         std::unique_lock lk(m_sLoopState.eventRequestMutex);
         if (m_sLoopState.event == false)

diff --git a/src/main.cpp b/src/main.cpp
@@ -15,7 +15,7 @@ void help() {
 int main(int argc, char** argv, char** envp) {
     std::string configPath;
     std::string wlDisplay;
-    bool immediate = false;
+    bool        immediate = false;
 
     for (int i = 1; i < argc; ++i) {
         std::string arg = argv[i];
@@ -32,8 +32,7 @@ int main(int argc, char** argv, char** envp) {
         else if (arg == "--display" && i + 1 < argc) {
             wlDisplay = argv[i + 1];
             i++;
-        }
-        else if (arg == "--immediate") {
+        } else if (arg == "--immediate") {
             immediate = true;
         } else if (arg == "--help" || arg == "-h") {
             help();
@@ -52,6 +51,9 @@ int main(int argc, char** argv, char** envp) {
         return 1;
     }
 
+    g_pAuth = std::make_unique<CAuth>();
+    g_pAuth->start();
+
     g_pHyprlock = std::make_unique<CHyprlock>(wlDisplay, immediate);
     g_pHyprlock->run();