X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=i3lock.c;h=87a77b1d004270a73ba74595765300716437bb6b;hb=2d7f846c3c963d1cf655f98453f3ec03b00f0d9a;hp=18d7667ddfa1e8b3e55cca3ce499c396f8c0523f;hpb=d91c20a9f266be2290814750c4dacfcdeb89f700;p=i3%2Fi3lock diff --git a/i3lock.c b/i3lock.c index 18d7667..87a77b1 100644 --- a/i3lock.c +++ b/i3lock.c @@ -16,10 +16,13 @@ #include #include #include -#include #include #include +#ifdef __OpenBSD__ +#include +#else #include +#endif #include #include #include @@ -29,6 +32,9 @@ #include #include #include +#ifdef __OpenBSD__ +#include /* explicit_bzero(3) */ +#endif #include "i3lock.h" #include "xcb.h" @@ -44,32 +50,32 @@ timer_obj = stop_timer(timer_obj) typedef void (*ev_callback_t)(EV_P_ ev_timer *w, int revents); +static void input_done(void); -/* We need this for libxkbfile */ char color[7] = "ffffff"; -int inactivity_timeout = 30; uint32_t last_resolution[2]; xcb_window_t win; static xcb_cursor_t cursor; +#ifndef __OpenBSD__ static pam_handle_t *pam_handle; +#endif int input_position = 0; /* Holds the password you enter (in UTF-8). */ static char password[512]; static bool beep = false; bool debug_mode = false; -static bool dpms = false; bool unlock_indicator = true; char *modifier_string = NULL; static bool dont_fork = false; struct ev_loop *main_loop; -static struct ev_timer *clear_pam_wrong_timeout; +static struct ev_timer *clear_auth_wrong_timeout; static struct ev_timer *clear_indicator_timeout; -static struct ev_timer *dpms_timeout; static struct ev_timer *discard_passwd_timeout; extern unlock_state_t unlock_state; -extern pam_state_t pam_state; +extern auth_state_t auth_state; int failed_attempts = 0; bool show_failed_attempts = false; +bool retry_verification = false; static struct xkb_state *xkb_state; static struct xkb_context *xkb_context; @@ -95,16 +101,6 @@ void u8_dec(char *s, int *i) { (void)(isutf(s[--(*i)]) || isutf(s[--(*i)]) || isutf(s[--(*i)]) || --(*i)); } -static void turn_monitors_on(void) { - if (dpms) - dpms_set_mode(conn, XCB_DPMS_DPMS_MODE_ON); -} - -static void turn_monitors_off(void) { - if (dpms) - dpms_set_mode(conn, XCB_DPMS_DPMS_MODE_OFF); -} - /* * Loads the XKB keymap from the X11 server and feeds it to xkbcommon. * Necessary so that we can properly let xkbcommon track the keyboard state and @@ -171,6 +167,11 @@ static bool load_compose_table(const char *locale) { * */ static void clear_password_memory(void) { +#ifdef __OpenBSD__ + /* Use explicit_bzero(3) which was explicitly designed not to be + * optimized out by the compiler. */ + explicit_bzero(password, strlen(password)); +#else /* A volatile pointer to the password buffer to prevent the compiler from * optimizing this out. */ volatile char *vpassword = password; @@ -180,6 +181,7 @@ static void clear_password_memory(void) { * compiler from optimizing the calls away, since the value of 'beep' * is not known at compile-time. */ vpassword[c] = c + (int)beep; +#endif } ev_timer *start_timer(ev_timer *timer_obj, ev_tstamp timeout, ev_callback_t callback) { @@ -208,14 +210,24 @@ ev_timer *stop_timer(ev_timer *timer_obj) { } /* - * Resets pam_state to STATE_PAM_IDLE 2 seconds after an unsuccessful + * Neccessary calls after ending input via enter or others + * + */ +static void finish_input(void) { + password[input_position] = '\0'; + unlock_state = STATE_KEY_PRESSED; + redraw_screen(); + input_done(); +} + +/* + * Resets auth_state to STATE_AUTH_IDLE 2 seconds after an unsuccessful * authentication event. * */ -static void clear_pam_wrong(EV_P_ ev_timer *w, int revents) { - DEBUG("clearing pam wrong\n"); - pam_state = STATE_PAM_IDLE; - unlock_state = STATE_STARTED; +static void clear_auth_wrong(EV_P_ ev_timer *w, int revents) { + DEBUG("clearing auth wrong\n"); + auth_state = STATE_AUTH_IDLE; redraw_screen(); /* Clear modifier string. */ @@ -225,7 +237,13 @@ static void clear_pam_wrong(EV_P_ ev_timer *w, int revents) { } /* Now free this timeout. */ - STOP_TIMER(clear_pam_wrong_timeout); + STOP_TIMER(clear_auth_wrong_timeout); + + /* retry with input done during auth verification */ + if (retry_verification) { + retry_verification = false; + finish_input(); + } } static void clear_indicator_cb(EV_P_ ev_timer *w, int revents) { @@ -237,41 +255,35 @@ static void clear_input(void) { input_position = 0; clear_password_memory(); password[input_position] = '\0'; - - /* Hide the unlock indicator after a bit if the password buffer is - * empty. */ - if (unlock_indicator) { - START_TIMER(clear_indicator_timeout, 1.0, clear_indicator_cb); - unlock_state = STATE_BACKSPACE_ACTIVE; - redraw_screen(); - unlock_state = STATE_KEY_PRESSED; - } -} - -static void turn_off_monitors_cb(EV_P_ ev_timer *w, int revents) { - if (input_position == 0) - turn_monitors_off(); - - STOP_TIMER(dpms_timeout); } static void discard_passwd_cb(EV_P_ ev_timer *w, int revents) { clear_input(); - turn_monitors_off(); STOP_TIMER(discard_passwd_timeout); } static void input_done(void) { - STOP_TIMER(clear_pam_wrong_timeout); - pam_state = STATE_PAM_VERIFY; + STOP_TIMER(clear_auth_wrong_timeout); + auth_state = STATE_AUTH_VERIFY; + unlock_state = STATE_STARTED; redraw_screen(); +#ifdef __OpenBSD__ + struct passwd *pw; + + if (!(pw = getpwuid(getuid()))) + errx(1, "unknown uid %u.", getuid()); + + if (auth_userokay(pw->pw_name, NULL, NULL, password) != 0) { + DEBUG("successfully authenticated\n"); + clear_password_memory(); + + exit(0); + } +#else if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) { DEBUG("successfully authenticated\n"); clear_password_memory(); - /* Turn the screen on, as it may have been turned off - * on release of the 'enter' key. */ - turn_monitors_on(); /* PAM credentials should be refreshed, this will for example update any kerberos tickets. * Related to credentials pam_end() needs to be called to cleanup any temporary @@ -282,12 +294,13 @@ static void input_done(void) { exit(0); } +#endif if (debug_mode) fprintf(stderr, "Authentication failure\n"); /* Get state of Caps and Num lock modifiers, to be displayed in - * STATE_PAM_WRONG state */ + * STATE_AUTH_WRONG state */ xkb_mod_index_t idx, num_mods; const char *mod_name; @@ -321,7 +334,7 @@ static void input_done(void) { } } - pam_state = STATE_PAM_WRONG; + auth_state = STATE_AUTH_WRONG; failed_attempts += 1; clear_input(); if (unlock_indicator) @@ -330,7 +343,7 @@ static void input_done(void) { /* Clear this state after 2 seconds (unless the user enters another * password during that time). */ ev_now_update(main_loop); - START_TIMER(clear_pam_wrong_timeout, TSTAMP_N_SECS(2), clear_pam_wrong); + START_TIMER(clear_auth_wrong_timeout, TSTAMP_N_SECS(2), clear_auth_wrong); /* Cancel the clear_indicator_timeout, it would hide the unlock indicator * too early. */ @@ -401,20 +414,24 @@ static void handle_key_press(xcb_key_press_event_t *event) { } switch (ksym) { + case XKB_KEY_j: + case XKB_KEY_m: case XKB_KEY_Return: case XKB_KEY_KP_Enter: case XKB_KEY_XF86ScreenSaver: - if (pam_state == STATE_PAM_WRONG) + if ((ksym == XKB_KEY_j || ksym == XKB_KEY_m) && !ctrl) + break; + + if (auth_state == STATE_AUTH_WRONG) { + retry_verification = true; return; + } if (skip_without_validation()) { clear_input(); return; } - password[input_position] = '\0'; - unlock_state = STATE_KEY_PRESSED; - redraw_screen(); - input_done(); + finish_input(); skip_repeated_empty_password = true; return; default: @@ -423,18 +440,36 @@ static void handle_key_press(xcb_key_press_event_t *event) { switch (ksym) { case XKB_KEY_u: - if (ctrl) { + case XKB_KEY_Escape: + if ((ksym == XKB_KEY_u && ctrl) || + ksym == XKB_KEY_Escape) { DEBUG("C-u pressed\n"); clear_input(); + /* Hide the unlock indicator after a bit if the password buffer is + * empty. */ + if (unlock_indicator) { + START_TIMER(clear_indicator_timeout, 1.0, clear_indicator_cb); + unlock_state = STATE_BACKSPACE_ACTIVE; + redraw_screen(); + unlock_state = STATE_KEY_PRESSED; + } return; } break; - case XKB_KEY_Escape: - clear_input(); + case XKB_KEY_Delete: + case XKB_KEY_KP_Delete: + /* Deleting forward doesn’t make sense, as i3lock doesn’t allow you + * to move the cursor when entering a password. We need to eat this + * key press so that it won’t be treated as part of the password, + * see issue #50. */ return; + case XKB_KEY_h: case XKB_KEY_BackSpace: + if (ksym == XKB_KEY_h && !ctrl) + break; + if (input_position == 0) return; @@ -443,7 +478,7 @@ static void handle_key_press(xcb_key_press_event_t *event) { password[input_position] = '\0'; /* Hide the unlock indicator after a bit if the password buffer is - * empty. */ + * empty. */ START_TIMER(clear_indicator_timeout, 1.0, clear_indicator_cb); unlock_state = STATE_BACKSPACE_ACTIVE; redraw_screen(); @@ -591,6 +626,7 @@ void handle_screen_resize(void) { redraw_screen(); } +#ifndef __OpenBSD__ /* * Callback function for PAM. We only react on password request callbacks. * @@ -621,6 +657,7 @@ static int conv_callback(int num_msg, const struct pam_message **msg, return 0; } +#endif /* * This callback is only a dummy, see xcb_prepare_cb and xcb_check_cb. @@ -639,6 +676,22 @@ static void xcb_prepare_cb(EV_P_ ev_prepare *w, int revents) { xcb_flush(conn); } +/* + * Try closing logind sleep lock fd passed over from xss-lock, in case we're + * being run from there. + * + */ +static void maybe_close_sleep_lock_fd(void) { + const char *sleep_lock_fd = getenv("XSS_SLEEP_LOCK_FD"); + char *endptr; + if (sleep_lock_fd && *sleep_lock_fd != 0) { + long int fd = strtol(sleep_lock_fd, &endptr, 10); + if (*endptr == 0) { + close(fd); + } + } +} + /* * Instead of polling the X connection socket we leave this to * xcb_poll_for_event() which knows better than we can ever know. @@ -668,20 +721,12 @@ static void xcb_check_cb(EV_P_ ev_check *w, int revents) { handle_key_press((xcb_key_press_event_t *)event); break; - case XCB_KEY_RELEASE: - /* If this was the backspace or escape key we are back at an - * empty input, so turn off the screen if DPMS is enabled, but - * only do that after some timeout: maybe user mistyped and - * will type again right away */ - START_TIMER(dpms_timeout, TSTAMP_N_SECS(inactivity_timeout), - turn_off_monitors_cb); - break; - case XCB_VISIBILITY_NOTIFY: handle_visibility_notify(conn, (xcb_visibility_notify_event_t *)event); break; case XCB_MAP_NOTIFY: + maybe_close_sleep_lock_fd(); if (!dont_fork) { /* After the first MapNotify, we never fork again. We don’t * expect to get another MapNotify, but better be sure… */ @@ -711,7 +756,7 @@ static void xcb_check_cb(EV_P_ ev_check *w, int revents) { /* * This function is called from a fork()ed child and will raise the i3lock * window when the window is obscured, even when the main i3lock process is - * blocked due to PAM. + * blocked due to the authentication backend. * */ static void raise_loop(xcb_window_t window) { @@ -768,8 +813,10 @@ int main(int argc, char *argv[]) { struct passwd *pw; char *username; char *image_path = NULL; +#ifndef __OpenBSD__ int ret; struct pam_conv conv = {conv_callback, NULL}; +#endif int curs_choice = CURS_NONE; int o; int optind = 0; @@ -807,13 +854,10 @@ int main(int argc, char *argv[]) { beep = true; break; case 'd': - dpms = true; + fprintf(stderr, "DPMS support has been removed from i3lock. Please see the manpage i3lock(1).\n"); break; case 'I': { - int time = 0; - if (sscanf(optarg, "%d", &time) != 1 || time < 0) - errx(EXIT_FAILURE, "invalid timeout, it must be a positive integer\n"); - inactivity_timeout = time; + fprintf(stderr, "Inactivity timeout only makes sense with DPMS, which was removed. Please see the manpage i3lock(1).\n"); break; } case 'c': { @@ -866,14 +910,20 @@ int main(int argc, char *argv[]) { * the unlock indicator upon keypresses. */ srand(time(NULL)); +#ifndef __OpenBSD__ /* Initialize PAM */ - ret = pam_start("i3lock", username, &conv, &pam_handle); - if (ret != PAM_SUCCESS) + if ((ret = pam_start("i3lock", username, &conv, &pam_handle)) != PAM_SUCCESS) errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret)); -/* Using mlock() as non-super-user seems only possible in Linux. Users of other - * operating systems should use encrypted swap/no swap (or remove the ifdef and - * run i3lock as super-user). */ + if ((ret = pam_set_item(pam_handle, PAM_TTY, getenv("DISPLAY"))) != PAM_SUCCESS) + errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret)); +#endif + +/* Using mlock() as non-super-user seems only possible in Linux. + * Users of other operating systems should use encrypted swap/no swap + * (or remove the ifdef and run i3lock as super-user). + * Alas, swap is encrypted by default on OpenBSD so swapping out + * is not necessarily an issue. */ #if defined(__linux__) /* Lock the area where we store the password in memory, we don’t want it to * be swapped to disk. Since Linux 2.6.9, this does not require any @@ -942,20 +992,6 @@ int main(int argc, char *argv[]) { xinerama_init(); xinerama_query_screens(); - /* if DPMS is enabled, check if the X server really supports it */ - if (dpms) { - xcb_dpms_capable_cookie_t dpmsc = xcb_dpms_capable(conn); - xcb_dpms_capable_reply_t *dpmsr; - if ((dpmsr = xcb_dpms_capable_reply(conn, dpmsc, NULL))) { - if (!dpmsr->capable) { - if (debug_mode) - fprintf(stderr, "Disabling DPMS, X server not DPMS capable\n"); - dpms = false; - } - free(dpmsr); - } - } - screen = xcb_setup_roots_iterator(xcb_get_setup(conn)).data; last_resolution[0] = screen->width_in_pixels; @@ -973,15 +1009,22 @@ int main(int argc, char *argv[]) { image_path, cairo_status_to_string(cairo_surface_status(img))); img = NULL; } + free(image_path); } /* Pixmap on which the image is rendered to (if any) */ xcb_pixmap_t bg_pixmap = draw_image(last_resolution); - /* open the fullscreen window, already with the correct pixmap in place */ + /* Open the fullscreen window, already with the correct pixmap in place */ win = open_fullscreen_window(conn, screen, color, bg_pixmap); xcb_free_pixmap(conn, bg_pixmap); + cursor = create_cursor(conn, screen, win, curs_choice); + + /* Display the "locking…" message while trying to grab the pointer/keyboard. */ + auth_state = STATE_AUTH_LOCK; + grab_pointer_and_keyboard(conn, screen, cursor); + pid_t pid = fork(); /* The pid == -1 case is intentionally ignored here: * While the child process is useful for preventing other windows from @@ -989,26 +1032,26 @@ int main(int argc, char *argv[]) { if (pid == 0) { /* Child */ close(xcb_get_file_descriptor(conn)); + maybe_close_sleep_lock_fd(); raise_loop(win); exit(EXIT_SUCCESS); } - cursor = create_cursor(conn, screen, win, curs_choice); - - grab_pointer_and_keyboard(conn, screen, cursor); /* Load the keymap again to sync the current modifier state. Since we first * loaded the keymap, there might have been changes, but starting from now, * we should get all key presses/releases due to having grabbed the * keyboard. */ (void)load_keymap(); - turn_monitors_off(); - /* Initialize the libev event loop. */ main_loop = EV_DEFAULT; if (main_loop == NULL) errx(EXIT_FAILURE, "Could not initialize libev. Bad LIBEV_FLAGS?\n"); + /* Explicitly call the screen redraw in case "locking…" message was displayed */ + auth_state = STATE_AUTH_IDLE; + redraw_screen(); + struct ev_io *xcb_watcher = calloc(sizeof(struct ev_io), 1); struct ev_check *xcb_check = calloc(sizeof(struct ev_check), 1); struct ev_prepare *xcb_prepare = calloc(sizeof(struct ev_prepare), 1);