From f9fe60c7eb66c3a5e6ef56b66697de569a8479f4 Mon Sep 17 00:00:00 2001
From: Vaxry <vaxry@vaxry.net>
Date: Sun, 3 Mar 2024 02:27:32 +0000
Subject: [PATCH] pam: fallback auth to su

---
 src/core/Password.cpp | 55 +++++++++++++++++++++++--------------------
 1 file changed, 30 insertions(+), 25 deletions(-)

diff --git a/src/core/Password.cpp b/src/core/Password.cpp
index ddcd52c..ff59758 100644
--- a/src/core/Password.cpp
+++ b/src/core/Password.cpp
@@ -1,5 +1,6 @@
 #include "Password.hpp"
 #include "hyprlock.hpp"
+#include "../helpers/Log.hpp"
 
 #include <unistd.h>
 #include <security/pam_appl.h>
@@ -27,38 +28,42 @@ std::shared_ptr<CPassword::SVerificationResult> CPassword::verify(const std::str
     std::shared_ptr<CPassword::SVerificationResult> result = std::make_shared<CPassword::SVerificationResult>(false);
 
     std::thread([this, result, pass]() {
-        const pam_conv localConv = {conv, NULL};
-        pam_handle_t*  handle    = NULL;
+        auto auth = [&](std::string auth) -> bool {
+            const pam_conv localConv = {conv, NULL};
+            pam_handle_t*  handle    = NULL;
 
-        int            ret = pam_start("hyprlock", getlogin(), &localConv, &handle);
+            int            ret = pam_start(auth.c_str(), getlogin(), &localConv, &handle);
 
-        if (ret != PAM_SUCCESS) {
-            result->success    = false;
-            result->failReason = "pam_start failed";
-            result->realized   = true;
-            g_pHyprlock->addTimer(std::chrono::milliseconds(1), passwordCheckTimerCallback, nullptr);
-            return;
-        }
+            if (ret != PAM_SUCCESS) {
+                result->success    = false;
+                result->failReason = "pam_start failed";
+                Debug::log(ERR, "auth: pam_start failed for {}", auth);
+                return false;
+            }
 
-        reply = (struct pam_response*)malloc(sizeof(struct pam_response));
+            reply = (struct pam_response*)malloc(sizeof(struct pam_response));
 
-        reply->resp         = strdup(pass.c_str());
-        reply->resp_retcode = 0;
-        ret                 = pam_authenticate(handle, 0);
+            reply->resp         = strdup(pass.c_str());
+            reply->resp_retcode = 0;
+            ret                 = pam_authenticate(handle, 0);
 
-        if (ret != PAM_SUCCESS) {
-            result->success    = false;
-            result->failReason = ret == PAM_AUTH_ERR ? "Authentication failed" : "pam_authenticate failed";
-            result->realized   = true;
-            g_pHyprlock->addTimer(std::chrono::milliseconds(1), passwordCheckTimerCallback, nullptr);
-            return;
-        }
+            if (ret != PAM_SUCCESS) {
+                result->success    = false;
+                result->failReason = ret == PAM_AUTH_ERR ? "Authentication failed" : "pam_authenticate failed";
+                Debug::log(ERR, "auth: {} for {}", result->failReason, auth);
+                return false;
+            }
 
-        ret = pam_end(handle, ret);
+            ret = pam_end(handle, ret);
 
-        result->success    = true;
-        result->failReason = "Successfully authenticated";
-        result->realized   = true;
+            result->success    = true;
+            result->failReason = "Successfully authenticated";
+            Debug::log(LOG, "auth: authenticated for {}", auth);
+
+            return true;
+        };
+
+        result->realized = auth("hyprlock") || auth("su") || true;
         g_pHyprlock->addTimer(std::chrono::milliseconds(1), passwordCheckTimerCallback, nullptr);
     }).detach();