+ }
+
+ bool ok = XkbWriteXKBKeymap(temp, &result, false, false, NULL, NULL);
+ if (!ok) {
+ fprintf(stderr, "[i3lock] XkbWriteXKBKeymap failed\n");
+ goto out;
+ }
+
+ rewind(temp);
+
+ if (xkb_context == NULL) {
+ if ((xkb_context = xkb_context_new(0)) == NULL) {
+ fprintf(stderr, "[i3lock] could not create xkbcommon context\n");
+ goto out;
+ }
+ }
+
+ if (xkb_keymap != NULL)
+ xkb_keymap_unref(xkb_keymap);
+
+ if ((xkb_keymap = xkb_keymap_new_from_file(xkb_context, temp, XKB_KEYMAP_FORMAT_TEXT_V1, 0)) == NULL) {
+ fprintf(stderr, "[i3lock] xkb_keymap_new_from_file failed\n");
+ goto out;
+ }
+
+ struct xkb_state *new_state = xkb_state_new(xkb_keymap);
+ if (new_state == NULL) {
+ fprintf(stderr, "[i3lock] xkb_state_new failed\n");
+ goto out;
+ }
+
+ if (xkb_state != NULL)
+ xkb_state_unref(xkb_state);
+ xkb_state = new_state;
+
+ ret = true;
+out:
+ XkbFreeKeyboard(result.xkb, XkbAllComponentsMask, true);
+ fclose(temp);
+ return ret;
+}
+
+/*
+ * Clears the memory which stored the password to be a bit safer against
+ * cold-boot attacks.
+ *
+ */
+static void clear_password_memory(void) {
+ /* A volatile pointer to the password buffer to prevent the compiler from
+ * optimizing this out. */
+ volatile char *vpassword = password;
+ for (int c = 0; c < sizeof(password); c++)
+ /* We store a non-random pattern which consists of the (irrelevant)
+ * index plus (!) the value of the beep variable. This prevents the
+ * compiler from optimizing the calls away, since the value of 'beep'
+ * is not known at compile-time. */
+ vpassword[c] = c + (int)beep;
+}
+
+
+/*
+ * Resets pam_state to STATE_PAM_IDLE 2 seconds after an unsuccesful
+ * authentication event.
+ *
+ */
+static void clear_pam_wrong(EV_P_ ev_timer *w, int revents) {
+ DEBUG("clearing pam wrong\n");
+ pam_state = STATE_PAM_IDLE;
+ unlock_state = STATE_STARTED;
+ redraw_screen();
+
+ /* Now free this timeout. */
+ ev_timer_stop(main_loop, clear_pam_wrong_timeout);
+ free(clear_pam_wrong_timeout);
+ clear_pam_wrong_timeout = NULL;
+}
+
+static void clear_input(void) {
+ input_position = 0;
+ clear_password_memory();
+ password[input_position] = '\0';
+
+ /* Hide the unlock indicator after a bit if the password buffer is
+ * empty. */
+ start_clear_indicator_timeout();
+ unlock_state = STATE_BACKSPACE_ACTIVE;
+ redraw_screen();
+ unlock_state = STATE_KEY_PRESSED;
+}
+
+static void input_done(void) {
+ if (clear_pam_wrong_timeout) {
+ ev_timer_stop(main_loop, clear_pam_wrong_timeout);
+ free(clear_pam_wrong_timeout);
+ clear_pam_wrong_timeout = NULL;
+ }
+
+ pam_state = STATE_PAM_VERIFY;
+ redraw_screen();
+
+ if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) {
+ DEBUG("successfully authenticated\n");
+ clear_password_memory();
+ exit(0);
+ }
+
+ if (debug_mode)
+ fprintf(stderr, "Authentication failure\n");
+
+ pam_state = STATE_PAM_WRONG;
+ clear_input();
+ redraw_screen();
+
+ /* Clear this state after 2 seconds (unless the user enters another
+ * password during that time). */
+ ev_now_update(main_loop);
+ if ((clear_pam_wrong_timeout = calloc(sizeof(struct ev_timer), 1))) {
+ ev_timer_init(clear_pam_wrong_timeout, clear_pam_wrong, 2.0, 0.);
+ ev_timer_start(main_loop, clear_pam_wrong_timeout);
+ }
+
+ /* Cancel the clear_indicator_timeout, it would hide the unlock indicator
+ * too early. */
+ stop_clear_indicator_timeout();
+
+ /* beep on authentication failure, if enabled */
+ if (beep) {
+ xcb_bell(conn, 100);
+ xcb_flush(conn);
+ }
+}
+
+/*
+ * Called when the user releases a key. We need to leave the Mode_switch
+ * state when the user releases the Mode_switch key.
+ *
+ */
+static void handle_key_release(xcb_key_release_event_t *event) {
+ xkb_state_update_key(xkb_state, event->detail, XKB_KEY_UP);
+}
+
+static void redraw_timeout(EV_P_ ev_timer *w, int revents) {
+ redraw_screen();
+
+ ev_timer_stop(main_loop, w);
+ free(w);
+}
+
+/*
+ * Handle key presses. Fixes state, then looks up the key symbol for the
+ * given keycode, then looks up the key symbol (as UCS-2), converts it to
+ * UTF-8 and stores it in the password array.
+ *
+ */
+static void handle_key_press(xcb_key_press_event_t *event) {
+ xkb_keysym_t ksym;
+ char buffer[128];
+ int n;
+ bool ctrl;
+
+ ksym = xkb_state_key_get_one_sym(xkb_state, event->detail);
+ ctrl = xkb_state_mod_name_is_active(xkb_state, "Control", XKB_STATE_MODS_DEPRESSED);
+ xkb_state_update_key(xkb_state, event->detail, XKB_KEY_DOWN);
+
+ /* The buffer will be null-terminated, so n >= 2 for 1 actual character. */
+ memset(buffer, '\0', sizeof(buffer));
+ n = xkb_keysym_to_utf8(ksym, buffer, sizeof(buffer));
+
+ switch (ksym) {
+ case XKB_KEY_Return:
+ case XKB_KEY_KP_Enter:
+ case XKB_KEY_XF86ScreenSaver:
+ password[input_position] = '\0';
+ unlock_state = STATE_KEY_PRESSED;
+ redraw_screen();
+ input_done();
+ return;
+
+ case XKB_KEY_u:
+ if (ctrl) {
+ DEBUG("C-u pressed\n");
+ clear_input();
+ return;
+ }
+ break;
+
+ case XKB_KEY_Escape:
+ clear_input();
+ return;
+
+ case XKB_KEY_BackSpace:
+ if (input_position == 0)
+ return;
+
+ /* decrement input_position to point to the previous glyph */
+ u8_dec(password, &input_position);
+ password[input_position] = '\0';
+
+ /* Hide the unlock indicator after a bit if the password buffer is
+ * empty. */
+ start_clear_indicator_timeout();
+ unlock_state = STATE_BACKSPACE_ACTIVE;
+ redraw_screen();
+ unlock_state = STATE_KEY_PRESSED;
+ return;
+ }
+
+ if ((input_position + 8) >= sizeof(password))
+ return;
+
+#if 0
+ /* FIXME: handle all of these? */
+ printf("is_keypad_key = %d\n", xcb_is_keypad_key(sym));
+ printf("is_private_keypad_key = %d\n", xcb_is_private_keypad_key(sym));
+ printf("xcb_is_cursor_key = %d\n", xcb_is_cursor_key(sym));
+ printf("xcb_is_pf_key = %d\n", xcb_is_pf_key(sym));
+ printf("xcb_is_function_key = %d\n", xcb_is_function_key(sym));
+ printf("xcb_is_misc_function_key = %d\n", xcb_is_misc_function_key(sym));
+ printf("xcb_is_modifier_key = %d\n", xcb_is_modifier_key(sym));
+#endif
+
+ if (n < 2)
+ return;
+
+ /* store it in the password array as UTF-8 */
+ memcpy(password+input_position, buffer, n-1);
+ input_position += n-1;
+ DEBUG("current password = %.*s\n", input_position, password);
+
+ unlock_state = STATE_KEY_ACTIVE;
+ redraw_screen();
+ unlock_state = STATE_KEY_PRESSED;
+
+ struct ev_timer *timeout = calloc(sizeof(struct ev_timer), 1);
+ if (timeout) {
+ ev_timer_init(timeout, redraw_timeout, 0.25, 0.);
+ ev_timer_start(main_loop, timeout);
+ }
+
+ stop_clear_indicator_timeout();