+static void clear_password_memory(void) {
+ /* A volatile pointer to the password buffer to prevent the compiler from
+ * optimizing this out. */
+ volatile char *vpassword = password;
+ for (int c = 0; c < sizeof(password); c++)
+ /* We store a non-random pattern which consists of the (irrelevant)
+ * index plus (!) the value of the beep variable. This prevents the
+ * compiler from optimizing the calls away, since the value of 'beep'
+ * is not known at compile-time. */
+ vpassword[c] = c + (int)beep;
+}
+
+
+/*
+ * Resets pam_state to STATE_PAM_IDLE 2 seconds after an unsuccesful
+ * authentication event.
+ *
+ */
+static void clear_pam_wrong(EV_P_ ev_timer *w, int revents) {
+ DEBUG("clearing pam wrong\n");
+ pam_state = STATE_PAM_IDLE;
+ unlock_state = STATE_STARTED;
+ redraw_screen();
+
+ /* Now free this timeout. */
+ ev_timer_stop(main_loop, clear_pam_wrong_timeout);
+ free(clear_pam_wrong_timeout);
+ clear_pam_wrong_timeout = NULL;
+}
+
+static void clear_input(void) {
+ input_position = 0;
+ clear_password_memory();
+ password[input_position] = '\0';
+
+ /* Hide the unlock indicator after a bit if the password buffer is
+ * empty. */
+ start_clear_indicator_timeout();
+ unlock_state = STATE_BACKSPACE_ACTIVE;
+ redraw_screen();
+ unlock_state = STATE_KEY_PRESSED;
+}
+
+static void input_done(void) {
+ if (clear_pam_wrong_timeout) {
+ ev_timer_stop(main_loop, clear_pam_wrong_timeout);
+ free(clear_pam_wrong_timeout);
+ clear_pam_wrong_timeout = NULL;
+ }
+
+ pam_state = STATE_PAM_VERIFY;
+ redraw_screen();
+
+ if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) {
+ DEBUG("successfully authenticated\n");
+ clear_password_memory();
+ exit(0);
+ }
+
+ if (debug_mode)
+ fprintf(stderr, "Authentication failure\n");
+
+ pam_state = STATE_PAM_WRONG;
+ clear_input();
+ redraw_screen();
+
+ /* Clear this state after 2 seconds (unless the user enters another
+ * password during that time). */
+ ev_now_update(main_loop);
+ if ((clear_pam_wrong_timeout = calloc(sizeof(struct ev_timer), 1))) {
+ ev_timer_init(clear_pam_wrong_timeout, clear_pam_wrong, 2.0, 0.);
+ ev_timer_start(main_loop, clear_pam_wrong_timeout);
+ }
+
+ /* Cancel the clear_indicator_timeout, it would hide the unlock indicator
+ * too early. */
+ stop_clear_indicator_timeout();
+
+ /* beep on authentication failure, if enabled */
+ if (beep) {
+ xcb_bell(conn, 100);
+ xcb_flush(conn);
+ }
+}
+
+/*
+ * Called when the user releases a key. We need to leave the Mode_switch
+ * state when the user releases the Mode_switch key.
+ *
+ */
+static void handle_key_release(xcb_key_release_event_t *event) {
+ xkb_state_update_key(xkb_state, event->detail, XKB_KEY_UP);
+}
+
+static void redraw_timeout(EV_P_ ev_timer *w, int revents) {
+ redraw_screen();
+
+ ev_timer_stop(main_loop, w);
+ free(w);
+}
+
+/*
+ * Handle key presses. Fixes state, then looks up the key symbol for the
+ * given keycode, then looks up the key symbol (as UCS-2), converts it to
+ * UTF-8 and stores it in the password array.
+ *
+ */
+static void handle_key_press(xcb_key_press_event_t *event) {
+ xkb_keysym_t ksym;
+ char buffer[128];
+ int n;
+ bool ctrl;
+
+ ksym = xkb_state_key_get_one_sym(xkb_state, event->detail);
+ ctrl = xkb_state_mod_name_is_active(xkb_state, "Control", XKB_STATE_MODS_DEPRESSED);
+ xkb_state_update_key(xkb_state, event->detail, XKB_KEY_DOWN);
+
+ /* The buffer will be null-terminated, so n >= 2 for 1 actual character. */
+ memset(buffer, '\0', sizeof(buffer));
+ n = xkb_keysym_to_utf8(ksym, buffer, sizeof(buffer));
+
+ switch (ksym) {
+ case XKB_KEY_Return:
+ case XKB_KEY_KP_Enter:
+ case XKB_KEY_XF86ScreenSaver:
+ password[input_position] = '\0';
+ unlock_state = STATE_KEY_PRESSED;
+ redraw_screen();
+ input_done();
+ return;
+
+ case XKB_KEY_u:
+ if (ctrl) {
+ DEBUG("C-u pressed\n");
+ clear_input();
+ return;