X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=i3lock.c;h=208e4acba4ae5533d37b7bf7d5371ccef248923c;hb=14667d8304382bb766ddbab5c58c2c81bfe16b6c;hp=de880c3e51268dea8e071cb659860c10cce81f95;hpb=2e5bee59d5444f84126df845bfb8e02cd252576f;p=i3%2Fi3lock diff --git a/i3lock.c b/i3lock.c index de880c3..208e4ac 100644 --- a/i3lock.c +++ b/i3lock.c @@ -1,370 +1,1073 @@ /* - * vim:ts=8:expandtab + * vim:ts=4:sw=4:expandtab * - * i3lock - an improved version of slock + * © 2010 Michael Stapelberg * - * i3lock © 2009 Michael Stapelberg and contributors - * i3lock © 2009 Jan-Erik Rediger - * slock © 2006-2008 Anselm R Garbe - * - * See file LICENSE for license information. - * - * Note that on any error (calloc is out of memory for example) - * we do not do anything so that the user can fix the error by - * himself (kill X to get more free memory or stop some other - * program using SSH/console). + * See LICENSE for licensing information * */ -#define _XOPEN_SOURCE 500 - -#include -#include -#include #include -#include +#include +#include +#include #include -#include #include -#include -#include -#include -#include -#include -#include #include -#include +#include +#include +#include #include - +#include +#ifdef __OpenBSD__ +#include +#else #include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef __OpenBSD__ +#include /* explicit_bzero(3) */ +#endif -static char passwd[256]; +#include "i3lock.h" +#include "xcb.h" +#include "cursors.h" +#include "unlock_indicator.h" +#include "xinerama.h" + +#define TSTAMP_N_SECS(n) (n * 1.0) +#define TSTAMP_N_MINS(n) (60 * TSTAMP_N_SECS(n)) +#define START_TIMER(timer_obj, timeout, callback) \ + timer_obj = start_timer(timer_obj, timeout, callback) +#define STOP_TIMER(timer_obj) \ + timer_obj = stop_timer(timer_obj) + +typedef void (*ev_callback_t)(EV_P_ ev_timer *w, int revents); +static void input_done(void); + +char color[7] = "ffffff"; +uint32_t last_resolution[2]; +xcb_window_t win; +static xcb_cursor_t cursor; +#ifndef __OpenBSD__ +static pam_handle_t *pam_handle; +#endif +int input_position = 0; +/* Holds the password you enter (in UTF-8). */ +static char password[512]; +static bool beep = false; +bool debug_mode = false; +bool unlock_indicator = true; +char *modifier_string = NULL; +static bool dont_fork = false; +struct ev_loop *main_loop; +static struct ev_timer *clear_auth_wrong_timeout; +static struct ev_timer *clear_indicator_timeout; +static struct ev_timer *discard_passwd_timeout; +extern unlock_state_t unlock_state; +extern auth_state_t auth_state; +int failed_attempts = 0; +bool show_failed_attempts = false; +bool retry_verification = false; + +static struct xkb_state *xkb_state; +static struct xkb_context *xkb_context; +static struct xkb_keymap *xkb_keymap; +static struct xkb_compose_table *xkb_compose_table; +static struct xkb_compose_state *xkb_compose_state; +static uint8_t xkb_base_event; +static uint8_t xkb_base_error; + +cairo_surface_t *img = NULL; +bool tile = false; +bool ignore_empty_password = false; +bool skip_repeated_empty_password = false; + +/* isutf, u8_dec © 2005 Jeff Bezanson, public domain */ +#define isutf(c) (((c)&0xC0) != 0x80) /* - * displays an xpm image tiled over the whole screen - * (the image will be visible on all screens - * when using a multi monitor setup) + * Decrements i to point to the previous unicode glyph * */ -static void tile_image(XpmImage *image, int disp_height, int disp_width, - Display *dpy, Pixmap pix, Window w, GC gc) -{ - int rows = (int)ceil(disp_height / (float)image->height), - cols = (int)ceil(disp_width / (float)image->width); - - for (int y = 0; y < rows; y++) { - for (int x = 0; x < cols; x++) { - XCopyArea(dpy, pix, w, gc, 0, 0, - image->width, image->height, - image->width * x, image->height * y); - } +void u8_dec(char *s, int *i) { + (void)(isutf(s[--(*i)]) || isutf(s[--(*i)]) || isutf(s[--(*i)]) || --(*i)); +} + +/* + * Loads the XKB keymap from the X11 server and feeds it to xkbcommon. + * Necessary so that we can properly let xkbcommon track the keyboard state and + * translate keypresses to utf-8. + * + */ +static bool load_keymap(void) { + if (xkb_context == NULL) { + if ((xkb_context = xkb_context_new(0)) == NULL) { + fprintf(stderr, "[i3lock] could not create xkbcommon context\n"); + return false; } + } + + xkb_keymap_unref(xkb_keymap); + + int32_t device_id = xkb_x11_get_core_keyboard_device_id(conn); + DEBUG("device = %d\n", device_id); + if ((xkb_keymap = xkb_x11_keymap_new_from_device(xkb_context, conn, device_id, 0)) == NULL) { + fprintf(stderr, "[i3lock] xkb_x11_keymap_new_from_device failed\n"); + return false; + } + + struct xkb_state *new_state = + xkb_x11_state_new_from_device(xkb_keymap, conn, device_id); + if (new_state == NULL) { + fprintf(stderr, "[i3lock] xkb_x11_state_new_from_device failed\n"); + return false; + } + + xkb_state_unref(xkb_state); + xkb_state = new_state; + + return true; } /* - * Returns the colorpixel to use for the given hex color (think of HTML). + * Loads the XKB compose table from the given locale. * - * The hex_color may not start with #, for example FF00FF works. + */ +static bool load_compose_table(const char *locale) { + xkb_compose_table_unref(xkb_compose_table); + + if ((xkb_compose_table = xkb_compose_table_new_from_locale(xkb_context, locale, 0)) == NULL) { + fprintf(stderr, "[i3lock] xkb_compose_table_new_from_locale failed\n"); + return false; + } + + struct xkb_compose_state *new_compose_state = xkb_compose_state_new(xkb_compose_table, 0); + if (new_compose_state == NULL) { + fprintf(stderr, "[i3lock] xkb_compose_state_new failed\n"); + return false; + } + + xkb_compose_state_unref(xkb_compose_state); + xkb_compose_state = new_compose_state; + + return true; +} + +/* + * Clears the memory which stored the password to be a bit safer against + * cold-boot attacks. * - * NOTE that get_colorpixel() does _NOT_ check the given color code for validity. - * This has to be done by the caller. + */ +static void clear_password_memory(void) { +#ifdef __OpenBSD__ + /* Use explicit_bzero(3) which was explicitly designed not to be + * optimized out by the compiler. */ + explicit_bzero(password, strlen(password)); +#else + /* A volatile pointer to the password buffer to prevent the compiler from + * optimizing this out. */ + volatile char *vpassword = password; + for (int c = 0; c < sizeof(password); c++) + /* We store a non-random pattern which consists of the (irrelevant) + * index plus (!) the value of the beep variable. This prevents the + * compiler from optimizing the calls away, since the value of 'beep' + * is not known at compile-time. */ + vpassword[c] = c + (int)beep; +#endif +} + +ev_timer *start_timer(ev_timer *timer_obj, ev_tstamp timeout, ev_callback_t callback) { + if (timer_obj) { + ev_timer_stop(main_loop, timer_obj); + ev_timer_set(timer_obj, timeout, 0.); + ev_timer_start(main_loop, timer_obj); + } else { + /* When there is no memory, we just don’t have a timeout. We cannot + * exit() here, since that would effectively unlock the screen. */ + timer_obj = calloc(sizeof(struct ev_timer), 1); + if (timer_obj) { + ev_timer_init(timer_obj, callback, timeout, 0.); + ev_timer_start(main_loop, timer_obj); + } + } + return timer_obj; +} + +ev_timer *stop_timer(ev_timer *timer_obj) { + if (timer_obj) { + ev_timer_stop(main_loop, timer_obj); + free(timer_obj); + } + return NULL; +} + +/* + * Neccessary calls after ending input via enter or others * */ -static uint32_t get_colorpixel(char *hex) { - char strgroups[3][3] = {{hex[0], hex[1], '\0'}, - {hex[2], hex[3], '\0'}, - {hex[4], hex[5], '\0'}}; - uint32_t rgb16[3] = {(strtol(strgroups[0], NULL, 16)), - (strtol(strgroups[1], NULL, 16)), - (strtol(strgroups[2], NULL, 16))}; - - return (rgb16[0] << 16) + (rgb16[1] << 8) + rgb16[2]; +static void finish_input(void) { + password[input_position] = '\0'; + unlock_state = STATE_KEY_PRESSED; + redraw_screen(); + input_done(); } /* - * Check if given file can be opened => exists + * Resets auth_state to STATE_AUTH_IDLE 2 seconds after an unsuccessful + * authentication event. * */ -static bool file_exists(const char *filename) -{ - FILE * file = fopen(filename, "r"); - if(file) - { - fclose(file); - return true; +static void clear_auth_wrong(EV_P_ ev_timer *w, int revents) { + DEBUG("clearing auth wrong\n"); + auth_state = STATE_AUTH_IDLE; + redraw_screen(); + + /* Clear modifier string. */ + if (modifier_string != NULL) { + free(modifier_string); + modifier_string = NULL; + } + + /* Now free this timeout. */ + STOP_TIMER(clear_auth_wrong_timeout); + + /* retry with input done during auth verification */ + if (retry_verification) { + retry_verification = false; + finish_input(); + } +} + +static void clear_indicator_cb(EV_P_ ev_timer *w, int revents) { + clear_indicator(); + STOP_TIMER(clear_indicator_timeout); +} + +static void clear_input(void) { + input_position = 0; + clear_password_memory(); + password[input_position] = '\0'; +} + +static void discard_passwd_cb(EV_P_ ev_timer *w, int revents) { + clear_input(); + STOP_TIMER(discard_passwd_timeout); +} + +static void input_done(void) { + STOP_TIMER(clear_auth_wrong_timeout); + auth_state = STATE_AUTH_VERIFY; + unlock_state = STATE_STARTED; + redraw_screen(); + +#ifdef __OpenBSD__ + struct passwd *pw; + + if (!(pw = getpwuid(getuid()))) + errx(1, "unknown uid %u.", getuid()); + + if (auth_userokay(pw->pw_name, NULL, NULL, password) != 0) { + DEBUG("successfully authenticated\n"); + clear_password_memory(); + + exit(0); + } +#else + if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) { + DEBUG("successfully authenticated\n"); + clear_password_memory(); + + /* PAM credentials should be refreshed, this will for example update any kerberos tickets. + * Related to credentials pam_end() needs to be called to cleanup any temporary + * credentials like kerberos /tmp/krb5cc_pam_* files which may of been left behind if the + * refresh of the credentials failed. */ + pam_setcred(pam_handle, PAM_REFRESH_CRED); + pam_end(pam_handle, PAM_SUCCESS); + + exit(0); + } +#endif + + if (debug_mode) + fprintf(stderr, "Authentication failure\n"); + + /* Get state of Caps and Num lock modifiers, to be displayed in + * STATE_AUTH_WRONG state */ + xkb_mod_index_t idx, num_mods; + const char *mod_name; + + num_mods = xkb_keymap_num_mods(xkb_keymap); + + for (idx = 0; idx < num_mods; idx++) { + if (!xkb_state_mod_index_is_active(xkb_state, idx, XKB_STATE_MODS_EFFECTIVE)) + continue; + + mod_name = xkb_keymap_mod_get_name(xkb_keymap, idx); + if (mod_name == NULL) + continue; + + /* Replace certain xkb names with nicer, human-readable ones. */ + if (strcmp(mod_name, XKB_MOD_NAME_CAPS) == 0) + mod_name = "Caps Lock"; + else if (strcmp(mod_name, XKB_MOD_NAME_ALT) == 0) + mod_name = "Alt"; + else if (strcmp(mod_name, XKB_MOD_NAME_NUM) == 0) + mod_name = "Num Lock"; + else if (strcmp(mod_name, XKB_MOD_NAME_LOGO) == 0) + mod_name = "Win"; + + char *tmp; + if (modifier_string == NULL) { + if (asprintf(&tmp, "%s", mod_name) != -1) + modifier_string = tmp; + } else if (asprintf(&tmp, "%s, %s", modifier_string, mod_name) != -1) { + free(modifier_string); + modifier_string = tmp; } + } + + auth_state = STATE_AUTH_WRONG; + failed_attempts += 1; + clear_input(); + if (unlock_indicator) + redraw_screen(); + + /* Clear this state after 2 seconds (unless the user enters another + * password during that time). */ + ev_now_update(main_loop); + START_TIMER(clear_auth_wrong_timeout, TSTAMP_N_SECS(2), clear_auth_wrong); + + /* Cancel the clear_indicator_timeout, it would hide the unlock indicator + * too early. */ + STOP_TIMER(clear_indicator_timeout); + + /* beep on authentication failure, if enabled */ + if (beep) { + xcb_bell(conn, 100); + xcb_flush(conn); + } +} + +static void redraw_timeout(EV_P_ ev_timer *w, int revents) { + redraw_screen(); + STOP_TIMER(w); +} + +static bool skip_without_validation(void) { + if (input_position != 0) return false; + + if (skip_repeated_empty_password || ignore_empty_password) + return true; + + return false; } /* - * Puts the given XPM error code to stderr + * Handle key presses. Fixes state, then looks up the key symbol for the + * given keycode, then looks up the key symbol (as UCS-2), converts it to + * UTF-8 and stores it in the password array. * */ -static void print_xpm_error(int err) -{ - switch (err) { - case XpmColorError: - fprintf(stderr, "XPM: Could not parse or alloc requested color\n"); - break; - case XpmOpenFailed: - fprintf(stderr, "XPM: Cannot open file\n"); - break; - case XpmFileInvalid: - fprintf(stderr, "XPM: invalid XPM file\n"); - break; - case XpmNoMemory: - fprintf(stderr, "XPM: Not enough memory\n"); - break; - case XpmColorFailed: - fprintf(stderr, "XPM: Color not found\n"); - break; +static void handle_key_press(xcb_key_press_event_t *event) { + xkb_keysym_t ksym; + char buffer[128]; + int n; + bool ctrl; + bool composed = false; + + ksym = xkb_state_key_get_one_sym(xkb_state, event->detail); + ctrl = xkb_state_mod_name_is_active(xkb_state, XKB_MOD_NAME_CTRL, XKB_STATE_MODS_DEPRESSED); + + /* The buffer will be null-terminated, so n >= 2 for 1 actual character. */ + memset(buffer, '\0', sizeof(buffer)); + + if (xkb_compose_state && xkb_compose_state_feed(xkb_compose_state, ksym) == XKB_COMPOSE_FEED_ACCEPTED) { + switch (xkb_compose_state_get_status(xkb_compose_state)) { + case XKB_COMPOSE_NOTHING: + break; + case XKB_COMPOSE_COMPOSING: + return; + case XKB_COMPOSE_COMPOSED: + /* xkb_compose_state_get_utf8 doesn't include the terminating byte in the return value + * as xkb_keysym_to_utf8 does. Adding one makes the variable n consistent. */ + n = xkb_compose_state_get_utf8(xkb_compose_state, buffer, sizeof(buffer)) + 1; + ksym = xkb_compose_state_get_one_sym(xkb_compose_state); + composed = true; + break; + case XKB_COMPOSE_CANCELLED: + xkb_compose_state_reset(xkb_compose_state); + return; } + } + + if (!composed) { + n = xkb_keysym_to_utf8(ksym, buffer, sizeof(buffer)); + } + + switch (ksym) { + case XKB_KEY_j: + case XKB_KEY_m: + case XKB_KEY_Return: + case XKB_KEY_KP_Enter: + case XKB_KEY_XF86ScreenSaver: + if ((ksym == XKB_KEY_j || ksym == XKB_KEY_m) && !ctrl) + break; + + if (auth_state == STATE_AUTH_WRONG) { + retry_verification = true; + return; + } + + if (skip_without_validation()) { + clear_input(); + return; + } + finish_input(); + skip_repeated_empty_password = true; + return; + default: + skip_repeated_empty_password = false; + } + + switch (ksym) { + case XKB_KEY_u: + case XKB_KEY_Escape: + if ((ksym == XKB_KEY_u && ctrl) || + ksym == XKB_KEY_Escape) { + DEBUG("C-u pressed\n"); + clear_input(); + /* Hide the unlock indicator after a bit if the password buffer is + * empty. */ + if (unlock_indicator) { + START_TIMER(clear_indicator_timeout, 1.0, clear_indicator_cb); + unlock_state = STATE_BACKSPACE_ACTIVE; + redraw_screen(); + unlock_state = STATE_KEY_PRESSED; + } + return; + } + break; + + case XKB_KEY_Delete: + case XKB_KEY_KP_Delete: + /* Deleting forward doesn’t make sense, as i3lock doesn’t allow you + * to move the cursor when entering a password. We need to eat this + * key press so that it won’t be treated as part of the password, + * see issue #50. */ + return; + + case XKB_KEY_h: + case XKB_KEY_BackSpace: + if (ksym == XKB_KEY_h && !ctrl) + break; + + if (input_position == 0) + return; + + /* decrement input_position to point to the previous glyph */ + u8_dec(password, &input_position); + password[input_position] = '\0'; + + /* Hide the unlock indicator after a bit if the password buffer is + * empty. */ + START_TIMER(clear_indicator_timeout, 1.0, clear_indicator_cb); + unlock_state = STATE_BACKSPACE_ACTIVE; + redraw_screen(); + unlock_state = STATE_KEY_PRESSED; + return; + } + + if ((input_position + 8) >= sizeof(password)) + return; + +#if 0 + /* FIXME: handle all of these? */ + printf("is_keypad_key = %d\n", xcb_is_keypad_key(sym)); + printf("is_private_keypad_key = %d\n", xcb_is_private_keypad_key(sym)); + printf("xcb_is_cursor_key = %d\n", xcb_is_cursor_key(sym)); + printf("xcb_is_pf_key = %d\n", xcb_is_pf_key(sym)); + printf("xcb_is_function_key = %d\n", xcb_is_function_key(sym)); + printf("xcb_is_misc_function_key = %d\n", xcb_is_misc_function_key(sym)); + printf("xcb_is_modifier_key = %d\n", xcb_is_modifier_key(sym)); +#endif + + if (n < 2) + return; + + /* store it in the password array as UTF-8 */ + memcpy(password + input_position, buffer, n - 1); + input_position += n - 1; + DEBUG("current password = %.*s\n", input_position, password); + + if (unlock_indicator) { + unlock_state = STATE_KEY_ACTIVE; + redraw_screen(); + unlock_state = STATE_KEY_PRESSED; + + struct ev_timer *timeout = NULL; + START_TIMER(timeout, TSTAMP_N_SECS(0.25), redraw_timeout); + STOP_TIMER(clear_indicator_timeout); + } + + START_TIMER(discard_passwd_timeout, TSTAMP_N_MINS(3), discard_passwd_cb); +} + +/* + * A visibility notify event will be received when the visibility (= can the + * user view the complete window) changes, so for example when a popup overlays + * some area of the i3lock window. + * + * In this case, we raise our window on top so that the popup (or whatever is + * hiding us) gets hidden. + * + */ +static void handle_visibility_notify(xcb_connection_t *conn, + xcb_visibility_notify_event_t *event) { + if (event->state != XCB_VISIBILITY_UNOBSCURED) { + uint32_t values[] = {XCB_STACK_MODE_ABOVE}; + xcb_configure_window(conn, event->window, XCB_CONFIG_WINDOW_STACK_MODE, values); + xcb_flush(conn); + } +} + +/* + * Called when the keyboard mapping changes. We update our symbols. + * + * We ignore errors — if the new keymap cannot be loaded it’s better if the + * screen stays locked and the user intervenes by using killall i3lock. + * + */ +static void process_xkb_event(xcb_generic_event_t *gevent) { + union xkb_event { + struct { + uint8_t response_type; + uint8_t xkbType; + uint16_t sequence; + xcb_timestamp_t time; + uint8_t deviceID; + } any; + xcb_xkb_new_keyboard_notify_event_t new_keyboard_notify; + xcb_xkb_map_notify_event_t map_notify; + xcb_xkb_state_notify_event_t state_notify; + } *event = (union xkb_event *)gevent; + + DEBUG("process_xkb_event for device %d\n", event->any.deviceID); + + if (event->any.deviceID != xkb_x11_get_core_keyboard_device_id(conn)) + return; + + /* + * XkbNewKkdNotify and XkbMapNotify together capture all sorts of keymap + * updates (e.g. xmodmap, xkbcomp, setxkbmap), with minimal redundent + * recompilations. + */ + switch (event->any.xkbType) { + case XCB_XKB_NEW_KEYBOARD_NOTIFY: + if (event->new_keyboard_notify.changed & XCB_XKB_NKN_DETAIL_KEYCODES) + (void)load_keymap(); + break; + + case XCB_XKB_MAP_NOTIFY: + (void)load_keymap(); + break; + + case XCB_XKB_STATE_NOTIFY: + xkb_state_update_mask(xkb_state, + event->state_notify.baseMods, + event->state_notify.latchedMods, + event->state_notify.lockedMods, + event->state_notify.baseGroup, + event->state_notify.latchedGroup, + event->state_notify.lockedGroup); + break; + } } +/* + * Called when the properties on the root window change, e.g. when the screen + * resolution changes. If so we update the window to cover the whole screen + * and also redraw the image, if any. + * + */ +void handle_screen_resize(void) { + xcb_get_geometry_cookie_t geomc; + xcb_get_geometry_reply_t *geom; + geomc = xcb_get_geometry(conn, screen->root); + if ((geom = xcb_get_geometry_reply(conn, geomc, 0)) == NULL) + return; + + if (last_resolution[0] == geom->width && + last_resolution[1] == geom->height) { + free(geom); + return; + } + + last_resolution[0] = geom->width; + last_resolution[1] = geom->height; + + free(geom); + + redraw_screen(); + uint32_t mask = XCB_CONFIG_WINDOW_WIDTH | XCB_CONFIG_WINDOW_HEIGHT; + xcb_configure_window(conn, win, mask, last_resolution); + xcb_flush(conn); + + xinerama_query_screens(); + redraw_screen(); +} + +#ifndef __OpenBSD__ /* * Callback function for PAM. We only react on password request callbacks. * */ static int conv_callback(int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *appdata_ptr) -{ - if (num_msg == 0) - return 1; - - /* PAM expects an arry of responses, one for each message */ - if ((*resp = calloc(num_msg, sizeof(struct pam_message))) == NULL) { - perror("calloc"); - return 1; - } + struct pam_response **resp, void *appdata_ptr) { + if (num_msg == 0) + return 1; - for (int c = 0; c < num_msg; c++) { - if (msg[c]->msg_style != PAM_PROMPT_ECHO_OFF && - msg[c]->msg_style != PAM_PROMPT_ECHO_ON) - continue; + /* PAM expects an array of responses, one for each message */ + if ((*resp = calloc(num_msg, sizeof(struct pam_response))) == NULL) { + perror("calloc"); + return 1; + } - /* return code is currently not used but should be set to zero */ - resp[c]->resp_retcode = 0; - if ((resp[c]->resp = strdup(passwd)) == NULL) { - perror("strdup"); - return 1; - } + for (int c = 0; c < num_msg; c++) { + if (msg[c]->msg_style != PAM_PROMPT_ECHO_OFF && + msg[c]->msg_style != PAM_PROMPT_ECHO_ON) + continue; + + /* return code is currently not used but should be set to zero */ + resp[c]->resp_retcode = 0; + if ((resp[c]->resp = strdup(password)) == NULL) { + perror("strdup"); + return 1; } + } - return 0; + return 0; } +#endif -int main(int argc, char *argv[]) -{ - char curs[] = {0, 0, 0, 0, 0, 0, 0, 0}; - char buf[32]; - char *username; - int num, screen; - - unsigned int len; - bool running = true; - - /* By default, fork, don’t beep and don’t turn off monitor */ - bool dont_fork = false; - bool beep = false; - bool dpms = false; - bool xpm_image = false; - bool tiling = false; - char xpm_image_path[256]; - char color[7] = "ffffff"; // white - Cursor invisible; - Display *dpy; - KeySym ksym; - Pixmap pmap; - Window root, w; - XColor black, dummy; - XEvent ev; - XSetWindowAttributes wa; - - pam_handle_t *handle; - struct pam_conv conv = {conv_callback, NULL}; - - char opt; - int optind = 0; - static struct option long_options[] = { - {"version", no_argument, NULL, 'v'}, - {"nofork", no_argument, NULL, 'n'}, - {"beep", no_argument, NULL, 'b'}, - {"dpms", no_argument, NULL, 'd'}, - {"image", required_argument, NULL, 'i'}, - {"color", required_argument, NULL, 'c'}, - {"tiling", no_argument, NULL, 't'}, - {NULL, no_argument, NULL, 0} - }; - - while ((opt = getopt_long(argc, argv, "vnbdi:c:t", long_options, &optind)) != -1) { - switch (opt) { - case 'v': - errx(0, "i3lock-"VERSION", © 2009 Michael Stapelberg\n" - "based on slock, which is © 2006-2008 Anselm R Garbe\n"); - case 'n': - dont_fork = true; - break; - case 'b': - beep = true; - break; - case 'd': - dpms = true; - break; - case 'i': - strncpy(xpm_image_path, optarg, 255); - xpm_image = true; - break; - case 'c': - { - char *arg = optarg; - /* Skip # if present */ - if (arg[0] == '#') - arg++; - - if (strlen(arg) != 6 || sscanf(arg, "%06[0-9a-fA-F]", color) != 1) - errx(1, "color is invalid, color must be given in 6-byte format: rrggbb\n"); - - break; - } - case 't': - tiling = true; - break; - default: - errx(1, "i3lock: Unknown option. Syntax: i3lock [-v] [-n] [-b] [-d] [-i image.xpm] [-c color] [-t]\n"); - } - } +/* + * This callback is only a dummy, see xcb_prepare_cb and xcb_check_cb. + * See also man libev(3): "ev_prepare" and "ev_check" - customise your event loop + * + */ +static void xcb_got_event(EV_P_ struct ev_io *w, int revents) { + /* empty, because xcb_prepare_cb and xcb_check_cb are used */ +} + +/* + * Flush before blocking (and waiting for new events) + * + */ +static void xcb_prepare_cb(EV_P_ ev_prepare *w, int revents) { + xcb_flush(conn); +} - if ((username = getenv("USER")) == NULL) - errx(1, "USER environment variable not set, please set it.\n"); +/* + * Try closing logind sleep lock fd passed over from xss-lock, in case we're + * being run from there. + * + */ +static void maybe_close_sleep_lock_fd(void) { + const char *sleep_lock_fd = getenv("XSS_SLEEP_LOCK_FD"); + char *endptr; + if (sleep_lock_fd && *sleep_lock_fd != 0) { + long int fd = strtol(sleep_lock_fd, &endptr, 10); + if (*endptr == 0) { + close(fd); + } + } +} - int ret = pam_start("i3lock", username, &conv, &handle); - if (ret != PAM_SUCCESS) - errx(1, "PAM: %s\n", pam_strerror(handle, ret)); +/* + * Instead of polling the X connection socket we leave this to + * xcb_poll_for_event() which knows better than we can ever know. + * + */ +static void xcb_check_cb(EV_P_ ev_check *w, int revents) { + xcb_generic_event_t *event; - if(!(dpy = XOpenDisplay(0))) - errx(1, "i3lock: cannot open display\n"); - screen = DefaultScreen(dpy); - root = RootWindow(dpy, screen); + if (xcb_connection_has_error(conn)) + errx(EXIT_FAILURE, "X11 connection broke, did your server terminate?\n"); - if (!dont_fork) { - if (fork() != 0) - return 0; + while ((event = xcb_poll_for_event(conn)) != NULL) { + if (event->response_type == 0) { + xcb_generic_error_t *error = (xcb_generic_error_t *)event; + if (debug_mode) + fprintf(stderr, "X11 Error received! sequence 0x%x, error_code = %d\n", + error->sequence, error->error_code); + free(event); + continue; } - /* init */ - wa.override_redirect = 1; - wa.background_pixel = get_colorpixel(color); - w = XCreateWindow(dpy, root, 0, 0, DisplayWidth(dpy, screen), DisplayHeight(dpy, screen), - 0, DefaultDepth(dpy, screen), CopyFromParent, - DefaultVisual(dpy, screen), CWOverrideRedirect | CWBackPixel, &wa); - XAllocNamedColor(dpy, DefaultColormap(dpy, screen), "black", &black, &dummy); - pmap = XCreateBitmapFromData(dpy, w, curs, 8, 8); - invisible = XCreatePixmapCursor(dpy, pmap, pmap, &black, &black, 0, 0); - XDefineCursor(dpy, w, invisible); - XMapRaised(dpy, w); - - if (xpm_image && file_exists(xpm_image_path)) { - GC gc = XDefaultGC(dpy, 0); - int depth = DefaultDepth(dpy, screen); - int disp_width = DisplayWidth(dpy, screen); - int disp_height = DisplayHeight(dpy, screen); - Pixmap pix = XCreatePixmap(dpy, w, disp_width, disp_height, depth); - XpmImage xpm_image; - XpmInfo xpm_info; - - int err = XpmReadFileToXpmImage(xpm_image_path, &xpm_image, &xpm_info); - if (err != 0) { - print_xpm_error(err); - return 1; - } + /* Strip off the highest bit (set if the event is generated) */ + int type = (event->response_type & 0x7F); - err = XpmCreatePixmapFromXpmImage(dpy, w, &xpm_image, &pix, 0, 0); - if (err != 0) { - print_xpm_error(err); - return 1; + switch (type) { + case XCB_KEY_PRESS: + handle_key_press((xcb_key_press_event_t *)event); + break; + + case XCB_VISIBILITY_NOTIFY: + handle_visibility_notify(conn, (xcb_visibility_notify_event_t *)event); + break; + + case XCB_MAP_NOTIFY: + maybe_close_sleep_lock_fd(); + if (!dont_fork) { + /* After the first MapNotify, we never fork again. We don’t + * expect to get another MapNotify, but better be sure… */ + dont_fork = true; + + /* In the parent process, we exit */ + if (fork() != 0) + exit(0); + + ev_loop_fork(EV_DEFAULT); } + break; - if (tiling) - tile_image(&xpm_image, disp_height, disp_width, dpy, pix, w, gc); - else - XCopyArea(dpy, pix, w, gc, 0, 0, disp_width, disp_height, 0, 0); + case XCB_CONFIGURE_NOTIFY: + handle_screen_resize(); + break; + + default: + if (type == xkb_base_event) + process_xkb_event(event); } - for(len = 1000; len; len--) { - if(XGrabPointer(dpy, root, False, ButtonPressMask | ButtonReleaseMask, - GrabModeAsync, GrabModeAsync, None, invisible, CurrentTime) == GrabSuccess) - break; - usleep(1000); + free(event); + } +} + +/* + * This function is called from a fork()ed child and will raise the i3lock + * window when the window is obscured, even when the main i3lock process is + * blocked due to the authentication backend. + * + */ +static void raise_loop(xcb_window_t window) { + xcb_connection_t *conn; + xcb_generic_event_t *event; + int screens; + + if ((conn = xcb_connect(NULL, &screens)) == NULL || + xcb_connection_has_error(conn)) + errx(EXIT_FAILURE, "Cannot open display\n"); + + /* We need to know about the window being obscured or getting destroyed. */ + xcb_change_window_attributes(conn, window, XCB_CW_EVENT_MASK, + (uint32_t[]){ + XCB_EVENT_MASK_VISIBILITY_CHANGE | + XCB_EVENT_MASK_STRUCTURE_NOTIFY}); + xcb_flush(conn); + + DEBUG("Watching window 0x%08x\n", window); + while ((event = xcb_wait_for_event(conn)) != NULL) { + if (event->response_type == 0) { + xcb_generic_error_t *error = (xcb_generic_error_t *)event; + DEBUG("X11 Error received! sequence 0x%x, error_code = %d\n", + error->sequence, error->error_code); + free(event); + continue; } - if((running = running && (len > 0))) { - for(len = 1000; len; len--) { - if(XGrabKeyboard(dpy, root, True, GrabModeAsync, GrabModeAsync, CurrentTime) - == GrabSuccess) - break; - usleep(1000); - } - running = (len > 0); + /* Strip off the highest bit (set if the event is generated) */ + int type = (event->response_type & 0x7F); + DEBUG("Read event of type %d\n", type); + switch (type) { + case XCB_VISIBILITY_NOTIFY: + handle_visibility_notify(conn, (xcb_visibility_notify_event_t *)event); + break; + case XCB_UNMAP_NOTIFY: + DEBUG("UnmapNotify for 0x%08x\n", (((xcb_unmap_notify_event_t *)event)->window)); + if (((xcb_unmap_notify_event_t *)event)->window == window) + exit(EXIT_SUCCESS); + break; + case XCB_DESTROY_NOTIFY: + DEBUG("DestroyNotify for 0x%08x\n", (((xcb_destroy_notify_event_t *)event)->window)); + if (((xcb_destroy_notify_event_t *)event)->window == window) + exit(EXIT_SUCCESS); + break; + default: + DEBUG("Unhandled event type %d\n", type); + break; } - len = 0; - XSync(dpy, False); - - /* main event loop */ - while(running && !XNextEvent(dpy, &ev)) { - if (len == 0 && dpms && DPMSCapable(dpy)) { - DPMSEnable(dpy); - DPMSForceLevel(dpy, DPMSModeOff); - } + free(event); + } +} - if(ev.type != KeyPress) - continue; +int main(int argc, char *argv[]) { + struct passwd *pw; + char *username; + char *image_path = NULL; +#ifndef __OpenBSD__ + int ret; + struct pam_conv conv = {conv_callback, NULL}; +#endif + int curs_choice = CURS_NONE; + int o; + int optind = 0; + struct option longopts[] = { + {"version", no_argument, NULL, 'v'}, + {"nofork", no_argument, NULL, 'n'}, + {"beep", no_argument, NULL, 'b'}, + {"dpms", no_argument, NULL, 'd'}, + {"color", required_argument, NULL, 'c'}, + {"pointer", required_argument, NULL, 'p'}, + {"debug", no_argument, NULL, 0}, + {"help", no_argument, NULL, 'h'}, + {"no-unlock-indicator", no_argument, NULL, 'u'}, + {"image", required_argument, NULL, 'i'}, + {"tiling", no_argument, NULL, 't'}, + {"ignore-empty-password", no_argument, NULL, 'e'}, + {"inactivity-timeout", required_argument, NULL, 'I'}, + {"show-failed-attempts", no_argument, NULL, 'f'}, + {NULL, no_argument, NULL, 0}}; - buf[0] = 0; - num = XLookupString(&ev.xkey, buf, sizeof buf, &ksym, 0); - if(IsKeypadKey(ksym)) { - if(ksym == XK_KP_Enter) - ksym = XK_Return; - else if(ksym >= XK_KP_0 && ksym <= XK_KP_9) - ksym = (ksym - XK_KP_0) + XK_0; - } - if(IsFunctionKey(ksym) || - IsKeypadKey(ksym) || - IsMiscFunctionKey(ksym) || - IsPFKey(ksym) || - IsPrivateKeypadKey(ksym)) - continue; - switch(ksym) { - case XK_Return: - passwd[len] = 0; - /* Skip empty passwords */ - if (len == 0) - continue; - if ((ret = pam_authenticate(handle, 0)) == PAM_SUCCESS) - running = false; - else { - fprintf(stderr, "PAM: %s\n", pam_strerror(handle, ret)); - if (beep) - XBell(dpy, 100); - } - len = 0; - break; - case XK_Escape: - len = 0; - break; - case XK_BackSpace: - if (len > 0) - len--; - break; - default: - if(num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) { - memcpy(passwd + len, buf, num); - len += num; - } - break; + if ((pw = getpwuid(getuid())) == NULL) + err(EXIT_FAILURE, "getpwuid() failed"); + if ((username = pw->pw_name) == NULL) + errx(EXIT_FAILURE, "pw->pw_name is NULL.\n"); + + char *optstring = "hvnbdc:p:ui:teI:f"; + while ((o = getopt_long(argc, argv, optstring, longopts, &optind)) != -1) { + switch (o) { + case 'v': + errx(EXIT_SUCCESS, "version " VERSION " © 2010 Michael Stapelberg"); + case 'n': + dont_fork = true; + break; + case 'b': + beep = true; + break; + case 'd': + fprintf(stderr, "DPMS support has been removed from i3lock. Please see the manpage i3lock(1).\n"); + break; + case 'I': { + fprintf(stderr, "Inactivity timeout only makes sense with DPMS, which was removed. Please see the manpage i3lock(1).\n"); + break; + } + case 'c': { + char *arg = optarg; + + /* Skip # if present */ + if (arg[0] == '#') + arg++; + + if (strlen(arg) != 6 || sscanf(arg, "%06[0-9a-fA-F]", color) != 1) + errx(EXIT_FAILURE, "color is invalid, it must be given in 3-byte hexadecimal format: rrggbb\n"); + + break; + } + case 'u': + unlock_indicator = false; + break; + case 'i': + image_path = strdup(optarg); + break; + case 't': + tile = true; + break; + case 'p': + if (!strcmp(optarg, "win")) { + curs_choice = CURS_WIN; + } else if (!strcmp(optarg, "default")) { + curs_choice = CURS_DEFAULT; + } else { + errx(EXIT_FAILURE, "i3lock: Invalid pointer type given. Expected one of \"win\" or \"default\".\n"); } + break; + case 'e': + ignore_empty_password = true; + break; + case 0: + if (strcmp(longopts[optind].name, "debug") == 0) + debug_mode = true; + break; + case 'f': + show_failed_attempts = true; + break; + default: + errx(EXIT_FAILURE, "Syntax: i3lock [-v] [-n] [-b] [-d] [-c color] [-u] [-p win|default]" + " [-i image.png] [-t] [-e] [-I timeout] [-f]"); + } + } + + /* We need (relatively) random numbers for highlighting a random part of + * the unlock indicator upon keypresses. */ + srand(time(NULL)); + +#ifndef __OpenBSD__ + /* Initialize PAM */ + if ((ret = pam_start("i3lock", username, &conv, &pam_handle)) != PAM_SUCCESS) + errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret)); + + if ((ret = pam_set_item(pam_handle, PAM_TTY, getenv("DISPLAY"))) != PAM_SUCCESS) + errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret)); +#endif + +/* Using mlock() as non-super-user seems only possible in Linux. + * Users of other operating systems should use encrypted swap/no swap + * (or remove the ifdef and run i3lock as super-user). + * Alas, swap is encrypted by default on OpenBSD so swapping out + * is not necessarily an issue. */ +#if defined(__linux__) + /* Lock the area where we store the password in memory, we don’t want it to + * be swapped to disk. Since Linux 2.6.9, this does not require any + * privileges, just enough bytes in the RLIMIT_MEMLOCK limit. */ + if (mlock(password, sizeof(password)) != 0) + err(EXIT_FAILURE, "Could not lock page in memory, check RLIMIT_MEMLOCK"); +#endif + + /* Double checking that connection is good and operatable with xcb */ + int screennr; + if ((conn = xcb_connect(NULL, &screennr)) == NULL || + xcb_connection_has_error(conn)) + errx(EXIT_FAILURE, "Could not connect to X11, maybe you need to set DISPLAY?"); + + if (xkb_x11_setup_xkb_extension(conn, + XKB_X11_MIN_MAJOR_XKB_VERSION, + XKB_X11_MIN_MINOR_XKB_VERSION, + 0, + NULL, + NULL, + &xkb_base_event, + &xkb_base_error) != 1) + errx(EXIT_FAILURE, "Could not setup XKB extension."); + + static const xcb_xkb_map_part_t required_map_parts = + (XCB_XKB_MAP_PART_KEY_TYPES | + XCB_XKB_MAP_PART_KEY_SYMS | + XCB_XKB_MAP_PART_MODIFIER_MAP | + XCB_XKB_MAP_PART_EXPLICIT_COMPONENTS | + XCB_XKB_MAP_PART_KEY_ACTIONS | + XCB_XKB_MAP_PART_VIRTUAL_MODS | + XCB_XKB_MAP_PART_VIRTUAL_MOD_MAP); + + static const xcb_xkb_event_type_t required_events = + (XCB_XKB_EVENT_TYPE_NEW_KEYBOARD_NOTIFY | + XCB_XKB_EVENT_TYPE_MAP_NOTIFY | + XCB_XKB_EVENT_TYPE_STATE_NOTIFY); + + xcb_xkb_select_events( + conn, + xkb_x11_get_core_keyboard_device_id(conn), + required_events, + 0, + required_events, + required_map_parts, + required_map_parts, + 0); + + /* When we cannot initially load the keymap, we better exit */ + if (!load_keymap()) + errx(EXIT_FAILURE, "Could not load keymap"); + + const char *locale = getenv("LC_ALL"); + if (!locale || !*locale) + locale = getenv("LC_CTYPE"); + if (!locale || !*locale) + locale = getenv("LANG"); + if (!locale || !*locale) { + if (debug_mode) + fprintf(stderr, "Can't detect your locale, fallback to C\n"); + locale = "C"; + } + + load_compose_table(locale); + + xinerama_init(); + xinerama_query_screens(); + + screen = xcb_setup_roots_iterator(xcb_get_setup(conn)).data; + + last_resolution[0] = screen->width_in_pixels; + last_resolution[1] = screen->height_in_pixels; + + xcb_change_window_attributes(conn, screen->root, XCB_CW_EVENT_MASK, + (uint32_t[]){XCB_EVENT_MASK_STRUCTURE_NOTIFY}); + + if (image_path) { + /* Create a pixmap to render on, fill it with the background color */ + img = cairo_image_surface_create_from_png(image_path); + /* In case loading failed, we just pretend no -i was specified. */ + if (cairo_surface_status(img) != CAIRO_STATUS_SUCCESS) { + fprintf(stderr, "Could not load image \"%s\": %s\n", + image_path, cairo_status_to_string(cairo_surface_status(img))); + img = NULL; } - XUngrabPointer(dpy, CurrentTime); - XFreePixmap(dpy, pmap); - XDestroyWindow(dpy, w); - XCloseDisplay(dpy); - return 0; + free(image_path); + } + + /* Pixmap on which the image is rendered to (if any) */ + xcb_pixmap_t bg_pixmap = draw_image(last_resolution); + + /* Open the fullscreen window, already with the correct pixmap in place */ + win = open_fullscreen_window(conn, screen, color, bg_pixmap); + xcb_free_pixmap(conn, bg_pixmap); + + cursor = create_cursor(conn, screen, win, curs_choice); + + /* Display the "locking…" message while trying to grab the pointer/keyboard. */ + auth_state = STATE_AUTH_LOCK; + grab_pointer_and_keyboard(conn, screen, cursor); + + pid_t pid = fork(); + /* The pid == -1 case is intentionally ignored here: + * While the child process is useful for preventing other windows from + * popping up while i3lock blocks, it is not critical. */ + if (pid == 0) { + /* Child */ + close(xcb_get_file_descriptor(conn)); + maybe_close_sleep_lock_fd(); + raise_loop(win); + exit(EXIT_SUCCESS); + } + + /* Load the keymap again to sync the current modifier state. Since we first + * loaded the keymap, there might have been changes, but starting from now, + * we should get all key presses/releases due to having grabbed the + * keyboard. */ + (void)load_keymap(); + + /* Initialize the libev event loop. */ + main_loop = EV_DEFAULT; + if (main_loop == NULL) + errx(EXIT_FAILURE, "Could not initialize libev. Bad LIBEV_FLAGS?\n"); + + /* Explicitly call the screen redraw in case "locking…" message was displayed */ + auth_state = STATE_AUTH_IDLE; + redraw_screen(); + + struct ev_io *xcb_watcher = calloc(sizeof(struct ev_io), 1); + struct ev_check *xcb_check = calloc(sizeof(struct ev_check), 1); + struct ev_prepare *xcb_prepare = calloc(sizeof(struct ev_prepare), 1); + + ev_io_init(xcb_watcher, xcb_got_event, xcb_get_file_descriptor(conn), EV_READ); + ev_io_start(main_loop, xcb_watcher); + + ev_check_init(xcb_check, xcb_check_cb); + ev_check_start(main_loop, xcb_check); + + ev_prepare_init(xcb_prepare, xcb_prepare_cb); + ev_prepare_start(main_loop, xcb_prepare); + + /* Invoke the event callback once to catch all the events which were + * received up until now. ev will only pick up new events (when the X11 + * file descriptor becomes readable). */ + ev_invoke(main_loop, xcb_check, 0); + ev_loop(main_loop, 0); }