/*
* vim:ts=4:sw=4:expandtab
*
- * © 2010-2011 Michael Stapelberg
+ * © 2010-2012 Michael Stapelberg
*
* See LICENSE for licensing information
*
#include <X11/keysym.h>
#include <getopt.h>
#include <string.h>
-#include <math.h>
#include <ev.h>
+#include <sys/mman.h>
#ifndef NOLIBCAIRO
#include "ucs2_to_utf8.h"
#include "xcb.h"
#include "cursors.h"
+#include "unlock_indicator.h"
+#include "xinerama.h"
-#define BUTTON_RADIUS 90
-#define BUTTON_SPACE (BUTTON_RADIUS + 5)
-#define BUTTON_CENTER (BUTTON_RADIUS + 5)
-#define BUTTON_DIAMETER (5 * BUTTON_SPACE)
-
-static char color[7] = "ffffff";
-static uint32_t last_resolution[2];
-static xcb_connection_t *conn;
-static xcb_window_t win;
-static xcb_visualtype_t *vistype;
+char color[7] = "ffffff";
+uint32_t last_resolution[2];
+xcb_window_t win;
static xcb_cursor_t cursor;
static xcb_key_symbols_t *symbols;
-static xcb_screen_t *scr;
static pam_handle_t *pam_handle;
-static int input_position = 0;
-/* holds the password you enter (in UTF-8) */
+int input_position = 0;
+/* Holds the password you enter (in UTF-8). */
static char password[512];
static bool modeswitch_active = false;
static bool iso_level3_shift_active = false;
-static int modeswitchmask;
+static bool iso_level5_shift_active = false;
static int numlockmask;
static bool beep = false;
static bool debug_mode = false;
static bool dpms = false;
-static bool unlock_indicator = true;
-static struct ev_loop *main_loop;
+bool unlock_indicator = true;
+static bool dont_fork = false;
+struct ev_loop *main_loop;
static struct ev_timer *clear_pam_wrong_timeout;
-static struct ev_timer *clear_indicator_timeout;
-
-static enum {
- STATE_STARTED = 0, /* default state */
- STATE_KEY_PRESSED = 1, /* key was pressed, show unlock indicator */
- STATE_KEY_ACTIVE = 2, /* a key was pressed recently, highlight part
- of the unlock indicator. */
- STATE_BACKSPACE_ACTIVE = 3 /* backspace was pressed recently, highlight
- part of the unlock indicator in red. */
-} unlock_state;
-
-static enum {
- STATE_PAM_IDLE = 0, /* no PAM interaction at the moment */
- STATE_PAM_VERIFY = 1, /* currently verifying the password via PAM */
- STATE_PAM_WRONG = 2 /* the password was wrong */
-} pam_state;
+extern unlock_state_t unlock_state;
+extern pam_state_t pam_state;
#define DEBUG(fmt, ...) do { \
if (debug_mode) \
} while (0)
#ifndef NOLIBCAIRO
-static cairo_surface_t *img = NULL;
-static bool tile = false;
+cairo_surface_t *img = NULL;
+bool tile = false;
#endif
/*
- * Draws global image with fill color onto a pixmap with the given
- * resolution and returns it.
+ * Clears the memory which stored the password to be a bit safer against
+ * cold-boot attacks.
*
*/
-static xcb_pixmap_t draw_image(xcb_visualtype_t *vistype, u_int32_t* resolution) {
- xcb_pixmap_t bg_pixmap = XCB_NONE;
-
-#ifndef NOLIBCAIRO
- bg_pixmap = create_bg_pixmap(conn, scr, resolution, color);
- /* Initialize cairo */
- cairo_surface_t *output;
- output = cairo_xcb_surface_create(conn, bg_pixmap, vistype,
- resolution[0], resolution[1]);
- cairo_t *ctx = cairo_create(output);
- if (img) {
- if (!tile) {
- cairo_set_source_surface(ctx, img, 0, 0);
- cairo_paint(ctx);
- } else {
- /* create a pattern and fill a rectangle as big as the screen */
- cairo_pattern_t *pattern;
- pattern = cairo_pattern_create_for_surface(img);
- cairo_set_source(ctx, pattern);
- cairo_pattern_set_extend(pattern, CAIRO_EXTEND_REPEAT);
- cairo_rectangle(ctx, 0, 0, resolution[0], resolution[1]);
- cairo_fill(ctx);
- cairo_pattern_destroy(pattern);
- }
- }
-
- if (unlock_state >= STATE_KEY_PRESSED && unlock_indicator) {
- cairo_pattern_t *outer_pat = NULL;
-
- outer_pat = cairo_pattern_create_linear(0, 0, 0, BUTTON_DIAMETER);
- switch (pam_state) {
- case STATE_PAM_VERIFY:
- cairo_pattern_add_color_stop_rgb(outer_pat, 0, 139.0/255, 0, 250.0/255);
- cairo_pattern_add_color_stop_rgb(outer_pat, 1, 51.0/255, 0, 250.0/255);
- break;
- case STATE_PAM_WRONG:
- cairo_pattern_add_color_stop_rgb(outer_pat, 0, 255.0/250, 139.0/255, 0);
- cairo_pattern_add_color_stop_rgb(outer_pat, 1, 125.0/255, 51.0/255, 0);
- break;
- case STATE_PAM_IDLE:
- cairo_pattern_add_color_stop_rgb(outer_pat, 0, 139.0/255, 125.0/255, 0);
- cairo_pattern_add_color_stop_rgb(outer_pat, 1, 51.0/255, 125.0/255, 0);
- break;
- }
-
- /* Draw a (centered) circle with transparent background. */
- cairo_set_line_width(ctx, 10.0);
- cairo_arc(ctx,
- (resolution[0] / 2) /* x */,
- (resolution[1] / 2) /* y */,
- BUTTON_RADIUS /* radius */,
- 0 /* start */,
- 2 * M_PI /* end */);
-
- /* Use the appropriate color for the different PAM states
- * (currently verifying, wrong password, or default) */
- switch (pam_state) {
- case STATE_PAM_VERIFY:
- cairo_set_source_rgba(ctx, 0, 114.0/255, 255.0/255, 0.75);
- break;
- case STATE_PAM_WRONG:
- cairo_set_source_rgba(ctx, 250.0/255, 0, 0, 0.75);
- break;
- default:
- cairo_set_source_rgba(ctx, 0, 0, 0, 0.75);
- break;
- }
- cairo_fill_preserve(ctx);
- cairo_set_source(ctx, outer_pat);
- cairo_stroke(ctx);
-
- /* Draw an inner seperator line. */
- cairo_set_source_rgb(ctx, 0, 0, 0);
- cairo_set_line_width(ctx, 2.0);
- cairo_arc(ctx,
- (resolution[0] / 2) /* x */,
- (resolution[1] / 2) /* y */,
- BUTTON_RADIUS - 5 /* radius */,
- 0,
- 2 * M_PI);
- cairo_stroke(ctx);
-
- cairo_set_line_width(ctx, 10.0);
-
- /* Display a (centered) text of the current PAM state. */
- char *text = NULL;
- switch (pam_state) {
- case STATE_PAM_VERIFY:
- text = "verifying…";
- break;
- case STATE_PAM_WRONG:
- text = "wrong!";
- break;
- default:
- break;
- }
-
- if (text) {
- cairo_text_extents_t extents;
- double x, y;
-
- cairo_set_source_rgb(ctx, 0, 0, 0);
- cairo_set_font_size(ctx, 28.0);
-
- cairo_text_extents(ctx, text, &extents);
- x = (resolution[0] / 2.0) - ((extents.width / 2) + extents.x_bearing);
- y = (resolution[1] / 2.0) - ((extents.height / 2) + extents.y_bearing);
-
- cairo_move_to(ctx, x, y);
- cairo_show_text(ctx, text);
- cairo_close_path(ctx);
- }
-
- /* After the user pressed any valid key or the backspace key, we
- * highlight a random part of the unlock indicator to confirm this
- * keypress. */
- if (unlock_state == STATE_KEY_ACTIVE ||
- unlock_state == STATE_BACKSPACE_ACTIVE) {
- cairo_new_sub_path(ctx);
- double highlight_start = (rand() % (int)(2 * M_PI * 100)) / 100.0;
- DEBUG("Highlighting part %.2f\n", highlight_start);
- cairo_arc(ctx, resolution[0] / 2 /* x */, resolution[1] / 2 /* y */,
- BUTTON_RADIUS /* radius */, highlight_start,
- highlight_start + (M_PI / 3.0));
- if (unlock_state == STATE_KEY_ACTIVE) {
- /* For normal keys, we use a lighter green. */
- outer_pat = cairo_pattern_create_linear(0, 0, 0, BUTTON_DIAMETER);
- cairo_pattern_add_color_stop_rgb(outer_pat, 0, 139.0/255, 219.0/255, 0);
- cairo_pattern_add_color_stop_rgb(outer_pat, 1, 51.0/255, 219.0/255, 0);
- } else {
- /* For backspace, we use red. */
- outer_pat = cairo_pattern_create_linear(0, 0, 0, BUTTON_DIAMETER);
- cairo_pattern_add_color_stop_rgb(outer_pat, 0, 219.0/255, 139.0/255, 0);
- cairo_pattern_add_color_stop_rgb(outer_pat, 1, 219.0/255, 51.0/255, 0);
- }
- cairo_set_source(ctx, outer_pat);
- cairo_stroke(ctx);
-
- /* Draw two little separators for the highlighted part of the
- * unlock indicator. */
- cairo_set_source_rgb(ctx, 0, 0, 0);
- cairo_arc(ctx,
- (resolution[0] / 2) /* x */,
- (resolution[1] / 2) /* y */,
- BUTTON_RADIUS /* radius */,
- highlight_start /* start */,
- highlight_start + (M_PI / 128.0) /* end */);
- cairo_stroke(ctx);
- cairo_arc(ctx,
- (resolution[0] / 2) /* x */,
- (resolution[1] / 2) /* y */,
- BUTTON_RADIUS /* radius */,
- highlight_start + (M_PI / 3.0) /* start */,
- (highlight_start + (M_PI / 3.0)) + (M_PI / 128.0) /* end */);
- cairo_stroke(ctx);
- }
- }
-
- cairo_surface_destroy(output);
- cairo_destroy(ctx);
-#endif
- return bg_pixmap;
+static void clear_password_memory() {
+ /* A volatile pointer to the password buffer to prevent the compiler from
+ * optimizing this out. */
+ volatile char *vpassword = password;
+ for (int c = 0; c < sizeof(password); c++)
+ /* We store a non-random pattern which consists of the (irrelevant)
+ * index plus (!) the value of the beep variable. This prevents the
+ * compiler from optimizing the calls away, since the value of 'beep'
+ * is not known at compile-time. */
+ vpassword[c] = c + (int)beep;
}
-/*
- * Calls draw_image on a new pixmap and swaps that with the current pixmap
- *
- */
-static void redraw_screen() {
- xcb_pixmap_t bg_pixmap = draw_image(vistype, last_resolution);
- xcb_change_window_attributes(conn, win, XCB_CW_BACK_PIXMAP, (uint32_t[1]){ bg_pixmap });
- /* XXX: Possible optimization: Only update the area in the middle of the
- * screen instead of the whole screen. */
- xcb_clear_area(conn, 0, win, 0, 0, scr->width_in_pixels, scr->height_in_pixels);
- xcb_free_pixmap(conn, bg_pixmap);
- xcb_flush(conn);
-}
/*
* Resets pam_state to STATE_PAM_IDLE 2 seconds after an unsuccesful
*
*/
static void clear_pam_wrong(EV_P_ ev_timer *w, int revents) {
+ DEBUG("clearing pam wrong\n");
pam_state = STATE_PAM_IDLE;
unlock_state = STATE_STARTED;
redraw_screen();
-}
-/*
- * Hides the unlock indicator completely when there is no content in the
- * password buffer.
- *
- */
-static void clear_indicator(EV_P_ ev_timer *w, int revents) {
- DEBUG("Clear indicator\n");
- unlock_state = STATE_STARTED;
- redraw_screen();
-}
-
-/*
- * (Re-)starts the clear_indicator timeout. Called after pressing backspace or
- * after an unsuccessful authentication attempt.
- *
- */
-static void start_clear_indicator_timeout() {
- if (clear_indicator_timeout) {
- ev_timer_stop(main_loop, clear_indicator_timeout);
- ev_timer_set(clear_indicator_timeout, 1.0, 0.);
- ev_timer_start(main_loop, clear_indicator_timeout);
- } else {
- clear_indicator_timeout = calloc(sizeof(struct ev_timer), 1);
- ev_timer_init(clear_indicator_timeout, clear_indicator, 1.0, 0.);
- ev_timer_start(main_loop, clear_indicator_timeout);
- }
+ /* Now free this timeout. */
+ ev_timer_stop(main_loop, clear_pam_wrong_timeout);
+ free(clear_pam_wrong_timeout);
+ clear_pam_wrong_timeout = NULL;
}
static void input_done() {
if (clear_pam_wrong_timeout) {
ev_timer_stop(main_loop, clear_pam_wrong_timeout);
+ free(clear_pam_wrong_timeout);
clear_pam_wrong_timeout = NULL;
}
if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) {
printf("successfully authenticated\n");
+ clear_password_memory();
exit(0);
}
/* Clear this state after 2 seconds (unless the user enters another
* password during that time). */
ev_now_update(main_loop);
- clear_pam_wrong_timeout = calloc(sizeof(struct ev_timer), 1);
- ev_timer_init(clear_pam_wrong_timeout, clear_pam_wrong, 2.0, 0.);
- ev_timer_start(main_loop, clear_pam_wrong_timeout);
+ if ((clear_pam_wrong_timeout = calloc(sizeof(struct ev_timer), 1))) {
+ ev_timer_init(clear_pam_wrong_timeout, clear_pam_wrong, 2.0, 0.);
+ ev_timer_start(main_loop, clear_pam_wrong_timeout);
+ }
+
+ /* Cancel the clear_indicator_timeout, it would hide the unlock indicator
+ * too early. */
+ stop_clear_indicator_timeout();
/* beep on authentication failure, if enabled */
if (beep) {
*
*/
static void handle_key_release(xcb_key_release_event_t *event) {
- DEBUG("releasing key %d, state raw = %d, modeswitch_active = %d, iso_level3_shift_active = %d\n",
- event->detail, event->state, modeswitch_active, iso_level3_shift_active);
+ DEBUG("releasing key %d, state raw = %d, modeswitch_active = %d, iso_level3_shift_active = %d, iso_level5_shift_active = %d\n",
+ event->detail, event->state, modeswitch_active, iso_level3_shift_active, iso_level5_shift_active);
/* We don’t care about the column here and just use the first symbol. Since
* we only check for Mode_switch and ISO_Level3_Shift, this *should* work.
modeswitch_active = false;
} else if (sym == XK_ISO_Level3_Shift) {
iso_level3_shift_active = false;
+ } else if (sym == XK_ISO_Level5_Shift) {
+ iso_level5_shift_active = false;
}
- DEBUG("release done. modeswitch_active = %d, iso_level3_shift_active = %d\n",
- modeswitch_active, iso_level3_shift_active);
+ DEBUG("release done. modeswitch_active = %d, iso_level3_shift_active = %d, iso_level5_shift_active = %d\n",
+ modeswitch_active, iso_level3_shift_active, iso_level5_shift_active);
}
static void redraw_timeout(EV_P_ ev_timer *w, int revents) {
redraw_screen();
+
+ ev_timer_stop(main_loop, w);
+ free(w);
}
/*
base_column = 2;
if (iso_level3_shift_active)
base_column = 4;
+ if (iso_level5_shift_active)
+ base_column = 6;
sym0 = xcb_key_press_lookup_keysym(symbols, event, base_column);
sym1 = xcb_key_press_lookup_keysym(symbols, event, base_column + 1);
switch (sym0) {
DEBUG("ISO_Level3_Shift enabled\n");
iso_level3_shift_active = true;
return;
+ case XK_ISO_Level5_Shift:
+ DEBUG("ISO_Level5_Shift enabled\n");
+ iso_level5_shift_active = true;
+ return;
case XK_Return:
case XK_KP_Enter:
input_done();
case XK_Escape:
input_position = 0;
+ clear_password_memory();
password[input_position] = '\0';
return;
unlock_state = STATE_KEY_PRESSED;
struct ev_timer *timeout = calloc(sizeof(struct ev_timer), 1);
- ev_timer_init(timeout, redraw_timeout, 0.25, 0.);
- ev_timer_start(main_loop, timeout);
-
- if (clear_indicator_timeout) {
- ev_timer_stop(main_loop, clear_indicator_timeout);
- clear_indicator_timeout = NULL;
+ if (timeout) {
+ ev_timer_init(timeout, redraw_timeout, 0.25, 0.);
+ ev_timer_start(main_loop, timeout);
}
+
+ stop_clear_indicator_timeout();
}
/*
static void handle_mapping_notify(xcb_mapping_notify_event_t *event) {
xcb_refresh_keyboard_mapping(symbols, event);
- modeswitchmask = get_mod_mask(conn, symbols, XK_Mode_switch);
numlockmask = get_mod_mask(conn, symbols, XK_Num_Lock);
}
* and also redraw the image, if any.
*
*/
-void handle_screen_resize(xcb_visualtype_t *vistype, xcb_window_t win, uint32_t* last_resolution) {
+void handle_screen_resize() {
xcb_get_geometry_cookie_t geomc;
xcb_get_geometry_reply_t *geom;
- geomc = xcb_get_geometry(conn, scr->root);
- if ((geom = xcb_get_geometry_reply(conn, geomc, 0)) == NULL) {
- return;
- }
+ geomc = xcb_get_geometry(conn, screen->root);
+ if ((geom = xcb_get_geometry_reply(conn, geomc, 0)) == NULL)
+ return;
- if (last_resolution[0] == geom->width && last_resolution[1] == geom->height)
- return;
+ if (last_resolution[0] == geom->width &&
+ last_resolution[1] == geom->height) {
+ free(geom);
+ return;
+ }
last_resolution[0] = geom->width;
last_resolution[1] = geom->height;
+ free(geom);
+
#ifndef NOLIBCAIRO
- if (img) {
- xcb_pixmap_t bg_pixmap = draw_image(vistype, last_resolution);
- xcb_change_window_attributes(conn, win, XCB_CW_BACK_PIXMAP, (uint32_t[1]){ bg_pixmap });
- xcb_free_pixmap(conn, bg_pixmap);
- }
+ redraw_screen();
#endif
uint32_t mask = XCB_CONFIG_WINDOW_WIDTH | XCB_CONFIG_WINDOW_HEIGHT;
/* Strip off the highest bit (set if the event is generated) */
int type = (event->response_type & 0x7F);
+ switch (type) {
+ case XCB_KEY_PRESS:
+ handle_key_press((xcb_key_press_event_t*)event);
+ break;
- if (type == XCB_KEY_PRESS) {
- handle_key_press((xcb_key_press_event_t*)event);
- continue;
- }
+ case XCB_KEY_RELEASE:
+ handle_key_release((xcb_key_release_event_t*)event);
- if (type == XCB_KEY_RELEASE) {
- handle_key_release((xcb_key_release_event_t*)event);
+ /* If this was the backspace or escape key we are back at an
+ * empty input, so turn off the screen if DPMS is enabled */
+ if (dpms && input_position == 0)
+ dpms_turn_off_screen(conn);
- /* If this was the backspace or escape key we are back at an
- * empty input, so turn off the screen if DPMS is enabled */
- if (dpms && input_position == 0)
- dpms_turn_off_screen(conn);
+ break;
- continue;
- }
+ case XCB_VISIBILITY_NOTIFY:
+ handle_visibility_notify((xcb_visibility_notify_event_t*)event);
+ break;
- if (type == XCB_VISIBILITY_NOTIFY) {
- handle_visibility_notify((xcb_visibility_notify_event_t*)event);
- continue;
- }
+ case XCB_MAP_NOTIFY:
+ if (!dont_fork) {
+ /* After the first MapNotify, we never fork again. We don’t
+ * expect to get another MapNotify, but better be sure… */
+ dont_fork = true;
- if (type == XCB_MAPPING_NOTIFY) {
- handle_mapping_notify((xcb_mapping_notify_event_t*)event);
- continue;
- }
+ /* In the parent process, we exit */
+ if (fork() != 0)
+ exit(0);
+ }
+ break;
- if (type == XCB_CONFIGURE_NOTIFY) {
- handle_screen_resize(vistype, win, last_resolution);
- continue;
- }
+ case XCB_MAPPING_NOTIFY:
+ handle_mapping_notify((xcb_mapping_notify_event_t*)event);
+ break;
- printf("WARNING: unhandled event of type %d\n", type);
+ case XCB_CONFIGURE_NOTIFY:
+ handle_screen_resize();
+ break;
+ }
free(event);
}
}
int main(int argc, char *argv[]) {
- bool dont_fork = false;
char *username;
#ifndef NOLIBCAIRO
char *image_path = NULL;
#endif
int ret;
struct pam_conv conv = {conv_callback, NULL};
- int screen;
+ int nscreen;
int curs_choice = CURS_NONE;
char o;
int optind = 0;
, longopts, &optind)) != -1) {
switch (o) {
case 'v':
- errx(EXIT_SUCCESS, "version " VERSION " © 2010-2011 Michael Stapelberg");
+ errx(EXIT_SUCCESS, "version " VERSION " © 2010-2012 Michael Stapelberg");
case 'n':
dont_fork = true;
break;
/* Initialize PAM */
ret = pam_start("i3lock", username, &conv, &pam_handle);
if (ret != PAM_SUCCESS)
- errx(EXIT_FAILURE, "PAM: %s\n", pam_strerror(pam_handle, ret));
+ errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret));
+
+ /* Lock the area where we store the password in memory, we don’t want it to
+ * be swapped to disk. Since Linux 2.6.9, this does not require any
+ * privileges, just enough bytes in the RLIMIT_MEMLOCK limit. */
+ if (mlock(password, sizeof(password)) != 0)
+ err(EXIT_FAILURE, "Could not lock page in memory, check RLIMIT_MEMLOCK");
/* Initialize connection to X11 */
- if ((conn = xcb_connect(NULL, &screen)) == NULL ||
+ if ((conn = xcb_connect(NULL, &nscreen)) == NULL ||
xcb_connection_has_error(conn))
errx(EXIT_FAILURE, "Could not connect to X11, maybe you need to set DISPLAY?");
- if (!dont_fork) {
- /* In the parent process, we exit */
- if (fork() != 0)
- return 0;
- }
+ xinerama_init();
+ xinerama_query_screens();
/* if DPMS is enabled, check if the X server really supports it */
if (dpms) {
xcb_dpms_capable_cookie_t dpmsc = xcb_dpms_capable(conn);
xcb_dpms_capable_reply_t *dpmsr;
- if ((dpmsr = xcb_dpms_capable_reply(conn, dpmsc, NULL)) && !dpmsr->capable) {
- fprintf(stderr, "Disabling DPMS, X server not DPMS capable\n");
- dpms = false;
+ if ((dpmsr = xcb_dpms_capable_reply(conn, dpmsc, NULL))) {
+ if (!dpmsr->capable) {
+ fprintf(stderr, "Disabling DPMS, X server not DPMS capable\n");
+ dpms = false;
+ }
+ free(dpmsr);
}
}
- scr = xcb_setup_roots_iterator(xcb_get_setup(conn)).data;
- vistype = get_root_visual_type(scr);
+ screen = xcb_setup_roots_iterator(xcb_get_setup(conn)).data;
- last_resolution[0] = scr->width_in_pixels;
- last_resolution[1] = scr->height_in_pixels;
+ last_resolution[0] = screen->width_in_pixels;
+ last_resolution[1] = screen->height_in_pixels;
#ifndef NOLIBCAIRO
#endif
/* Pixmap on which the image is rendered to (if any) */
- xcb_pixmap_t bg_pixmap = draw_image(vistype, last_resolution);
+ xcb_pixmap_t bg_pixmap = draw_image(last_resolution);
/* open the fullscreen window, already with the correct pixmap in place */
- win = open_fullscreen_window(conn, scr, color, bg_pixmap);
+ win = open_fullscreen_window(conn, screen, color, bg_pixmap);
xcb_free_pixmap(conn, bg_pixmap);
- cursor = create_cursor(conn, scr, win, curs_choice);
+ cursor = create_cursor(conn, screen, win, curs_choice);
- grab_pointer_and_keyboard(conn, scr, cursor);
+ grab_pointer_and_keyboard(conn, screen, cursor);
symbols = xcb_key_symbols_alloc(conn);
- modeswitchmask = get_mod_mask(conn, symbols, XK_Mode_switch);
numlockmask = get_mod_mask(conn, symbols, XK_Num_Lock);
if (dpms)