/*
* vim:ts=4:sw=4:expandtab
*
- * © 2010-2013 Michael Stapelberg
+ * © 2010 Michael Stapelberg
*
* See LICENSE for licensing information
*
*/
+#include <config.h>
+
#include <stdio.h>
#include <stdlib.h>
#include <pwd.h>
#include <stdint.h>
#include <xcb/xcb.h>
#include <xcb/xkb.h>
-#include <xcb/dpms.h>
#include <err.h>
+#include <errno.h>
#include <assert.h>
+#ifdef __OpenBSD__
+#include <bsd_auth.h>
+#else
#include <security/pam_appl.h>
+#endif
#include <getopt.h>
#include <string.h>
#include <ev.h>
#include <sys/mman.h>
#include <xkbcommon/xkbcommon.h>
+#include <xkbcommon/xkbcommon-compose.h>
#include <xkbcommon/xkbcommon-x11.h>
#include <cairo.h>
#include <cairo/cairo-xcb.h>
+#ifdef __OpenBSD__
+#include <strings.h> /* explicit_bzero(3) */
+#endif
+#include <xcb/xcb_aux.h>
+#include <xcb/randr.h>
+#if defined(__linux__)
+#include <fcntl.h>
+#include <linux/vt.h>
+#include <sys/ioctl.h>
+#endif
#include "i3lock.h"
#include "xcb.h"
#include "cursors.h"
#include "unlock_indicator.h"
-#include "xinerama.h"
+#include "randr.h"
+#include "dpi.h"
#define TSTAMP_N_SECS(n) (n * 1.0)
#define TSTAMP_N_MINS(n) (60 * TSTAMP_N_SECS(n))
timer_obj = stop_timer(timer_obj)
typedef void (*ev_callback_t)(EV_P_ ev_timer *w, int revents);
+static void input_done(void);
-/* We need this for libxkbfile */
char color[7] = "ffffff";
-int inactivity_timeout = 30;
uint32_t last_resolution[2];
xcb_window_t win;
static xcb_cursor_t cursor;
+#ifndef __OpenBSD__
static pam_handle_t *pam_handle;
+#endif
int input_position = 0;
/* Holds the password you enter (in UTF-8). */
static char password[512];
static bool beep = false;
bool debug_mode = false;
-static bool dpms = false;
bool unlock_indicator = true;
+char *modifier_string = NULL;
static bool dont_fork = false;
struct ev_loop *main_loop;
-static struct ev_timer *clear_pam_wrong_timeout;
+static struct ev_timer *clear_auth_wrong_timeout;
static struct ev_timer *clear_indicator_timeout;
-static struct ev_timer *dpms_timeout;
static struct ev_timer *discard_passwd_timeout;
extern unlock_state_t unlock_state;
-extern pam_state_t pam_state;
+extern auth_state_t auth_state;
int failed_attempts = 0;
bool show_failed_attempts = false;
+bool retry_verification = false;
static struct xkb_state *xkb_state;
static struct xkb_context *xkb_context;
static struct xkb_keymap *xkb_keymap;
+static struct xkb_compose_table *xkb_compose_table;
+static struct xkb_compose_state *xkb_compose_state;
static uint8_t xkb_base_event;
static uint8_t xkb_base_error;
+static int randr_base = -1;
cairo_surface_t *img = NULL;
bool tile = false;
bool skip_repeated_empty_password = false;
/* isutf, u8_dec © 2005 Jeff Bezanson, public domain */
-#define isutf(c) (((c) & 0xC0) != 0x80)
+#define isutf(c) (((c)&0xC0) != 0x80)
/*
* Decrements i to point to the previous unicode glyph
(void)(isutf(s[--(*i)]) || isutf(s[--(*i)]) || isutf(s[--(*i)]) || --(*i));
}
-static void turn_monitors_on(void) {
- if (dpms)
- dpms_set_mode(conn, XCB_DPMS_DPMS_MODE_ON);
-}
-
-static void turn_monitors_off(void) {
- if (dpms)
- dpms_set_mode(conn, XCB_DPMS_DPMS_MODE_OFF);
-}
-
/*
* Loads the XKB keymap from the X11 server and feeds it to xkbcommon.
* Necessary so that we can properly let xkbcommon track the keyboard state and
return true;
}
+/*
+ * Loads the XKB compose table from the given locale.
+ *
+ */
+static bool load_compose_table(const char *locale) {
+ xkb_compose_table_unref(xkb_compose_table);
+
+ if ((xkb_compose_table = xkb_compose_table_new_from_locale(xkb_context, locale, 0)) == NULL) {
+ fprintf(stderr, "[i3lock] xkb_compose_table_new_from_locale failed\n");
+ return false;
+ }
+
+ struct xkb_compose_state *new_compose_state = xkb_compose_state_new(xkb_compose_table, 0);
+ if (new_compose_state == NULL) {
+ fprintf(stderr, "[i3lock] xkb_compose_state_new failed\n");
+ return false;
+ }
+
+ xkb_compose_state_unref(xkb_compose_state);
+ xkb_compose_state = new_compose_state;
+
+ return true;
+}
+
/*
* Clears the memory which stored the password to be a bit safer against
* cold-boot attacks.
*
*/
static void clear_password_memory(void) {
+#ifdef __OpenBSD__
+ /* Use explicit_bzero(3) which was explicitly designed not to be
+ * optimized out by the compiler. */
+ explicit_bzero(password, strlen(password));
+#else
/* A volatile pointer to the password buffer to prevent the compiler from
* optimizing this out. */
volatile char *vpassword = password;
- for (int c = 0; c < sizeof(password); c++)
+ for (size_t c = 0; c < sizeof(password); c++)
/* We store a non-random pattern which consists of the (irrelevant)
* index plus (!) the value of the beep variable. This prevents the
* compiler from optimizing the calls away, since the value of 'beep'
* is not known at compile-time. */
vpassword[c] = c + (int)beep;
+#endif
}
-ev_timer* start_timer(ev_timer *timer_obj, ev_tstamp timeout, ev_callback_t callback) {
+ev_timer *start_timer(ev_timer *timer_obj, ev_tstamp timeout, ev_callback_t callback) {
if (timer_obj) {
ev_timer_stop(main_loop, timer_obj);
ev_timer_set(timer_obj, timeout, 0.);
return timer_obj;
}
-ev_timer* stop_timer(ev_timer *timer_obj) {
+ev_timer *stop_timer(ev_timer *timer_obj) {
if (timer_obj) {
ev_timer_stop(main_loop, timer_obj);
free(timer_obj);
}
/*
- * Resets pam_state to STATE_PAM_IDLE 2 seconds after an unsuccessful
+ * Neccessary calls after ending input via enter or others
+ *
+ */
+static void finish_input(void) {
+ password[input_position] = '\0';
+ unlock_state = STATE_KEY_PRESSED;
+ redraw_screen();
+ input_done();
+}
+
+/*
+ * Resets auth_state to STATE_AUTH_IDLE 2 seconds after an unsuccessful
* authentication event.
*
*/
-static void clear_pam_wrong(EV_P_ ev_timer *w, int revents) {
- DEBUG("clearing pam wrong\n");
- pam_state = STATE_PAM_IDLE;
- unlock_state = STATE_STARTED;
+static void clear_auth_wrong(EV_P_ ev_timer *w, int revents) {
+ DEBUG("clearing auth wrong\n");
+ auth_state = STATE_AUTH_IDLE;
redraw_screen();
+ /* Clear modifier string. */
+ if (modifier_string != NULL) {
+ free(modifier_string);
+ modifier_string = NULL;
+ }
+
/* Now free this timeout. */
- STOP_TIMER(clear_pam_wrong_timeout);
+ STOP_TIMER(clear_auth_wrong_timeout);
+
+ /* retry with input done during auth verification */
+ if (retry_verification) {
+ retry_verification = false;
+ finish_input();
+ }
}
static void clear_indicator_cb(EV_P_ ev_timer *w, int revents) {
input_position = 0;
clear_password_memory();
password[input_position] = '\0';
-
- /* Hide the unlock indicator after a bit if the password buffer is
- * empty. */
- START_TIMER(clear_indicator_timeout, 1.0, clear_indicator_cb);
- unlock_state = STATE_BACKSPACE_ACTIVE;
- redraw_screen();
- unlock_state = STATE_KEY_PRESSED;
-}
-
-static void turn_off_monitors_cb(EV_P_ ev_timer *w, int revents) {
- if (input_position == 0)
- turn_monitors_off();
-
- STOP_TIMER(dpms_timeout);
}
static void discard_passwd_cb(EV_P_ ev_timer *w, int revents) {
clear_input();
- turn_monitors_off();
STOP_TIMER(discard_passwd_timeout);
}
static void input_done(void) {
- STOP_TIMER(clear_pam_wrong_timeout);
- pam_state = STATE_PAM_VERIFY;
+ STOP_TIMER(clear_auth_wrong_timeout);
+ auth_state = STATE_AUTH_VERIFY;
+ unlock_state = STATE_STARTED;
redraw_screen();
+#ifdef __OpenBSD__
+ struct passwd *pw;
+
+ if (!(pw = getpwuid(getuid())))
+ errx(1, "unknown uid %u.", getuid());
+
+ if (auth_userokay(pw->pw_name, NULL, NULL, password) != 0) {
+ DEBUG("successfully authenticated\n");
+ clear_password_memory();
+
+ ev_break(EV_DEFAULT, EVBREAK_ALL);
+ return;
+ }
+#else
if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) {
DEBUG("successfully authenticated\n");
clear_password_memory();
- /* Turn the screen on, as it may have been turned off
- * on release of the 'enter' key. */
- turn_monitors_on();
- exit(0);
+
+ /* PAM credentials should be refreshed, this will for example update any kerberos tickets.
+ * Related to credentials pam_end() needs to be called to cleanup any temporary
+ * credentials like kerberos /tmp/krb5cc_pam_* files which may of been left behind if the
+ * refresh of the credentials failed. */
+ pam_setcred(pam_handle, PAM_REFRESH_CRED);
+ pam_end(pam_handle, PAM_SUCCESS);
+
+ ev_break(EV_DEFAULT, EVBREAK_ALL);
+ return;
}
+#endif
if (debug_mode)
fprintf(stderr, "Authentication failure\n");
- pam_state = STATE_PAM_WRONG;
+ /* Get state of Caps and Num lock modifiers, to be displayed in
+ * STATE_AUTH_WRONG state */
+ xkb_mod_index_t idx, num_mods;
+ const char *mod_name;
+
+ num_mods = xkb_keymap_num_mods(xkb_keymap);
+
+ for (idx = 0; idx < num_mods; idx++) {
+ if (!xkb_state_mod_index_is_active(xkb_state, idx, XKB_STATE_MODS_EFFECTIVE))
+ continue;
+
+ mod_name = xkb_keymap_mod_get_name(xkb_keymap, idx);
+ if (mod_name == NULL)
+ continue;
+
+ /* Replace certain xkb names with nicer, human-readable ones. */
+ if (strcmp(mod_name, XKB_MOD_NAME_CAPS) == 0)
+ mod_name = "Caps Lock";
+ else if (strcmp(mod_name, XKB_MOD_NAME_ALT) == 0)
+ mod_name = "Alt";
+ else if (strcmp(mod_name, XKB_MOD_NAME_NUM) == 0)
+ mod_name = "Num Lock";
+ else if (strcmp(mod_name, XKB_MOD_NAME_LOGO) == 0)
+ mod_name = "Super";
+
+ char *tmp;
+ if (modifier_string == NULL) {
+ if (asprintf(&tmp, "%s", mod_name) != -1)
+ modifier_string = tmp;
+ } else if (asprintf(&tmp, "%s, %s", modifier_string, mod_name) != -1) {
+ free(modifier_string);
+ modifier_string = tmp;
+ }
+ }
+
+ auth_state = STATE_AUTH_WRONG;
failed_attempts += 1;
clear_input();
- redraw_screen();
+ if (unlock_indicator)
+ redraw_screen();
/* Clear this state after 2 seconds (unless the user enters another
* password during that time). */
ev_now_update(main_loop);
- START_TIMER(clear_pam_wrong_timeout, TSTAMP_N_SECS(2), clear_pam_wrong);
+ START_TIMER(clear_auth_wrong_timeout, TSTAMP_N_SECS(2), clear_auth_wrong);
/* Cancel the clear_indicator_timeout, it would hide the unlock indicator
* too early. */
char buffer[128];
int n;
bool ctrl;
+ bool composed = false;
ksym = xkb_state_key_get_one_sym(xkb_state, event->detail);
- ctrl = xkb_state_mod_name_is_active(xkb_state, "Control", XKB_STATE_MODS_DEPRESSED);
+ ctrl = xkb_state_mod_name_is_active(xkb_state, XKB_MOD_NAME_CTRL, XKB_STATE_MODS_DEPRESSED);
/* The buffer will be null-terminated, so n >= 2 for 1 actual character. */
memset(buffer, '\0', sizeof(buffer));
- n = xkb_keysym_to_utf8(ksym, buffer, sizeof(buffer));
+
+ if (xkb_compose_state && xkb_compose_state_feed(xkb_compose_state, ksym) == XKB_COMPOSE_FEED_ACCEPTED) {
+ switch (xkb_compose_state_get_status(xkb_compose_state)) {
+ case XKB_COMPOSE_NOTHING:
+ break;
+ case XKB_COMPOSE_COMPOSING:
+ return;
+ case XKB_COMPOSE_COMPOSED:
+ /* xkb_compose_state_get_utf8 doesn't include the terminating byte in the return value
+ * as xkb_keysym_to_utf8 does. Adding one makes the variable n consistent. */
+ n = xkb_compose_state_get_utf8(xkb_compose_state, buffer, sizeof(buffer)) + 1;
+ ksym = xkb_compose_state_get_one_sym(xkb_compose_state);
+ composed = true;
+ break;
+ case XKB_COMPOSE_CANCELLED:
+ xkb_compose_state_reset(xkb_compose_state);
+ return;
+ }
+ }
+
+ if (!composed) {
+ n = xkb_keysym_to_utf8(ksym, buffer, sizeof(buffer));
+ }
switch (ksym) {
- case XKB_KEY_Return:
- case XKB_KEY_KP_Enter:
- case XKB_KEY_XF86ScreenSaver:
- if (pam_state == STATE_PAM_WRONG)
- return;
+ case XKB_KEY_j:
+ case XKB_KEY_m:
+ case XKB_KEY_Return:
+ case XKB_KEY_KP_Enter:
+ case XKB_KEY_XF86ScreenSaver:
+ if ((ksym == XKB_KEY_j || ksym == XKB_KEY_m) && !ctrl)
+ break;
+
+ if (auth_state == STATE_AUTH_WRONG) {
+ retry_verification = true;
+ return;
+ }
- if (skip_without_validation()) {
- clear_input();
+ if (skip_without_validation()) {
+ clear_input();
+ return;
+ }
+ finish_input();
+ skip_repeated_empty_password = true;
return;
- }
- password[input_position] = '\0';
- unlock_state = STATE_KEY_PRESSED;
- redraw_screen();
- input_done();
- skip_repeated_empty_password = true;
- return;
- default:
- skip_repeated_empty_password = false;
+ default:
+ skip_repeated_empty_password = false;
+ // A new password is being entered, but a previous one is pending.
+ // Discard the old one and clear the retry_verification flag.
+ if (retry_verification) {
+ retry_verification = false;
+ clear_input();
+ }
}
switch (ksym) {
- case XKB_KEY_u:
- if (ctrl) {
- DEBUG("C-u pressed\n");
- clear_input();
+ case XKB_KEY_u:
+ case XKB_KEY_Escape:
+ if ((ksym == XKB_KEY_u && ctrl) ||
+ ksym == XKB_KEY_Escape) {
+ DEBUG("C-u pressed\n");
+ clear_input();
+ /* Also hide the unlock indicator */
+ if (unlock_indicator)
+ clear_indicator();
+ return;
+ }
+ break;
+
+ case XKB_KEY_Delete:
+ case XKB_KEY_KP_Delete:
+ /* Deleting forward doesn’t make sense, as i3lock doesn’t allow you
+ * to move the cursor when entering a password. We need to eat this
+ * key press so that it won’t be treated as part of the password,
+ * see issue #50. */
return;
- }
- break;
- case XKB_KEY_Escape:
- clear_input();
- return;
+ case XKB_KEY_h:
+ case XKB_KEY_BackSpace:
+ if (ksym == XKB_KEY_h && !ctrl)
+ break;
- case XKB_KEY_BackSpace:
- if (input_position == 0)
- return;
+ if (input_position == 0) {
+ START_TIMER(clear_indicator_timeout, 1.0, clear_indicator_cb);
+ unlock_state = STATE_NOTHING_TO_DELETE;
+ redraw_screen();
+ return;
+ }
- /* decrement input_position to point to the previous glyph */
- u8_dec(password, &input_position);
- password[input_position] = '\0';
+ /* decrement input_position to point to the previous glyph */
+ u8_dec(password, &input_position);
+ password[input_position] = '\0';
- /* Hide the unlock indicator after a bit if the password buffer is
- * empty. */
- START_TIMER(clear_indicator_timeout, 1.0, clear_indicator_cb);
- unlock_state = STATE_BACKSPACE_ACTIVE;
- redraw_screen();
- unlock_state = STATE_KEY_PRESSED;
- return;
+ /* Hide the unlock indicator after a bit if the password buffer is
+ * empty. */
+ START_TIMER(clear_indicator_timeout, 1.0, clear_indicator_cb);
+ unlock_state = STATE_BACKSPACE_ACTIVE;
+ redraw_screen();
+ unlock_state = STATE_KEY_PRESSED;
+ return;
}
- if ((input_position + 8) >= sizeof(password))
+ if ((input_position + 8) >= (int)sizeof(password))
return;
#if 0
return;
/* store it in the password array as UTF-8 */
- memcpy(password+input_position, buffer, n-1);
- input_position += n-1;
+ memcpy(password + input_position, buffer, n - 1);
+ input_position += n - 1;
DEBUG("current password = %.*s\n", input_position, password);
- unlock_state = STATE_KEY_ACTIVE;
- redraw_screen();
- unlock_state = STATE_KEY_PRESSED;
+ if (unlock_indicator) {
+ unlock_state = STATE_KEY_ACTIVE;
+ redraw_screen();
+ unlock_state = STATE_KEY_PRESSED;
+
+ struct ev_timer *timeout = NULL;
+ START_TIMER(timeout, TSTAMP_N_SECS(0.25), redraw_timeout);
+ STOP_TIMER(clear_indicator_timeout);
+ }
- struct ev_timer *timeout = NULL;
- START_TIMER(timeout, TSTAMP_N_SECS(0.25), redraw_timeout);
- STOP_TIMER(clear_indicator_timeout);
START_TIMER(discard_passwd_timeout, TSTAMP_N_MINS(3), discard_passwd_cb);
}
*
*/
static void handle_visibility_notify(xcb_connection_t *conn,
- xcb_visibility_notify_event_t *event) {
+ xcb_visibility_notify_event_t *event) {
if (event->state != XCB_VISIBILITY_UNOBSCURED) {
- uint32_t values[] = { XCB_STACK_MODE_ABOVE };
+ uint32_t values[] = {XCB_STACK_MODE_ABOVE};
xcb_configure_window(conn, event->window, XCB_CONFIG_WINDOW_STACK_MODE, values);
xcb_flush(conn);
}
xcb_xkb_new_keyboard_notify_event_t new_keyboard_notify;
xcb_xkb_map_notify_event_t map_notify;
xcb_xkb_state_notify_event_t state_notify;
- } *event = (union xkb_event*)gevent;
+ } *event = (union xkb_event *)gevent;
DEBUG("process_xkb_event for device %d\n", event->any.deviceID);
xcb_configure_window(conn, win, mask, last_resolution);
xcb_flush(conn);
- xinerama_query_screens();
+ randr_query(screen->root);
redraw_screen();
}
+static bool verify_png_image(const char *image_path) {
+ if (!image_path) {
+ return false;
+ }
+
+ /* Check file exists and has correct PNG header */
+ FILE *png_file = fopen(image_path, "r");
+ if (png_file == NULL) {
+ fprintf(stderr, "Image file path \"%s\" cannot be opened: %s\n", image_path, strerror(errno));
+ return false;
+ }
+ unsigned char png_header[8];
+ memset(png_header, '\0', sizeof(png_header));
+ int bytes_read = fread(png_header, 1, sizeof(png_header), png_file);
+ fclose(png_file);
+ if (bytes_read != sizeof(png_header)) {
+ fprintf(stderr, "Could not read PNG header from \"%s\"\n", image_path);
+ return false;
+ }
+
+ // Check PNG header according to the specification, available at:
+ // https://www.w3.org/TR/2003/REC-PNG-20031110/#5PNG-file-signature
+ static unsigned char PNG_REFERENCE_HEADER[8] = {137, 80, 78, 71, 13, 10, 26, 10};
+ if (memcmp(PNG_REFERENCE_HEADER, png_header, sizeof(png_header)) != 0) {
+ fprintf(stderr, "File \"%s\" does not start with a PNG header. i3lock currently only supports loading PNG files.\n", image_path);
+ return false;
+ }
+ return true;
+}
+
+#ifndef __OpenBSD__
/*
* Callback function for PAM. We only react on password request callbacks.
*
*/
static int conv_callback(int num_msg, const struct pam_message **msg,
- struct pam_response **resp, void *appdata_ptr)
-{
+ struct pam_response **resp, void *appdata_ptr) {
if (num_msg == 0)
return 1;
return 0;
}
+#endif
/*
* This callback is only a dummy, see xcb_prepare_cb and xcb_check_cb.
xcb_flush(conn);
}
+/*
+ * Try closing logind sleep lock fd passed over from xss-lock, in case we're
+ * being run from there.
+ *
+ */
+static void maybe_close_sleep_lock_fd(void) {
+ const char *sleep_lock_fd = getenv("XSS_SLEEP_LOCK_FD");
+ char *endptr;
+ if (sleep_lock_fd && *sleep_lock_fd != 0) {
+ long int fd = strtol(sleep_lock_fd, &endptr, 10);
+ if (*endptr == 0) {
+ close(fd);
+ }
+ }
+}
+
/*
* Instead of polling the X connection socket we leave this to
* xcb_poll_for_event() which knows better than we can ever know.
xcb_generic_event_t *event;
if (xcb_connection_has_error(conn))
- errx(EXIT_FAILURE, "X11 connection broke, did your server terminate?\n");
+ errx(EXIT_FAILURE, "X11 connection broke, did your server terminate?");
while ((event = xcb_poll_for_event(conn)) != NULL) {
if (event->response_type == 0) {
- xcb_generic_error_t *error = (xcb_generic_error_t*)event;
+ xcb_generic_error_t *error = (xcb_generic_error_t *)event;
if (debug_mode)
fprintf(stderr, "X11 Error received! sequence 0x%x, error_code = %d\n",
error->sequence, error->error_code);
switch (type) {
case XCB_KEY_PRESS:
- handle_key_press((xcb_key_press_event_t*)event);
- break;
-
- case XCB_KEY_RELEASE:
- /* If this was the backspace or escape key we are back at an
- * empty input, so turn off the screen if DPMS is enabled, but
- * only do that after some timeout: maybe user mistyped and
- * will type again right away */
- START_TIMER(dpms_timeout, TSTAMP_N_SECS(inactivity_timeout),
- turn_off_monitors_cb);
+ handle_key_press((xcb_key_press_event_t *)event);
break;
case XCB_VISIBILITY_NOTIFY:
- handle_visibility_notify(conn, (xcb_visibility_notify_event_t*)event);
+ handle_visibility_notify(conn, (xcb_visibility_notify_event_t *)event);
break;
case XCB_MAP_NOTIFY:
+ maybe_close_sleep_lock_fd();
if (!dont_fork) {
/* After the first MapNotify, we never fork again. We don’t
* expect to get another MapNotify, but better be sure… */
break;
default:
- if (type == xkb_base_event)
+ if (type == xkb_base_event) {
process_xkb_event(event);
+ }
+ if (randr_base > -1 &&
+ type == randr_base + XCB_RANDR_SCREEN_CHANGE_NOTIFY) {
+ randr_query(screen->root);
+ handle_screen_resize();
+ }
}
free(event);
/*
* This function is called from a fork()ed child and will raise the i3lock
* window when the window is obscured, even when the main i3lock process is
- * blocked due to PAM.
+ * blocked due to the authentication backend.
*
*/
static void raise_loop(xcb_window_t window) {
xcb_generic_event_t *event;
int screens;
- if ((conn = xcb_connect(NULL, &screens)) == NULL ||
- xcb_connection_has_error(conn))
- errx(EXIT_FAILURE, "Cannot open display\n");
+ if (xcb_connection_has_error((conn = xcb_connect(NULL, &screens))) > 0)
+ errx(EXIT_FAILURE, "Cannot open display");
/* We need to know about the window being obscured or getting destroyed. */
xcb_change_window_attributes(conn, window, XCB_CW_EVENT_MASK,
- (uint32_t[]){
- XCB_EVENT_MASK_VISIBILITY_CHANGE |
- XCB_EVENT_MASK_STRUCTURE_NOTIFY
- });
+ (uint32_t[]){
+ XCB_EVENT_MASK_VISIBILITY_CHANGE |
+ XCB_EVENT_MASK_STRUCTURE_NOTIFY});
xcb_flush(conn);
DEBUG("Watching window 0x%08x\n", window);
while ((event = xcb_wait_for_event(conn)) != NULL) {
if (event->response_type == 0) {
- xcb_generic_error_t *error = (xcb_generic_error_t*)event;
+ xcb_generic_error_t *error = (xcb_generic_error_t *)event;
DEBUG("X11 Error received! sequence 0x%x, error_code = %d\n",
- error->sequence, error->error_code);
+ error->sequence, error->error_code);
free(event);
continue;
}
DEBUG("Read event of type %d\n", type);
switch (type) {
case XCB_VISIBILITY_NOTIFY:
- handle_visibility_notify(conn, (xcb_visibility_notify_event_t*)event);
+ handle_visibility_notify(conn, (xcb_visibility_notify_event_t *)event);
break;
case XCB_UNMAP_NOTIFY:
- DEBUG("UnmapNotify for 0x%08x\n", (((xcb_unmap_notify_event_t*)event)->window));
- if (((xcb_unmap_notify_event_t*)event)->window == window)
+ DEBUG("UnmapNotify for 0x%08x\n", (((xcb_unmap_notify_event_t *)event)->window));
+ if (((xcb_unmap_notify_event_t *)event)->window == window)
exit(EXIT_SUCCESS);
break;
case XCB_DESTROY_NOTIFY:
- DEBUG("DestroyNotify for 0x%08x\n", (((xcb_destroy_notify_event_t*)event)->window));
- if (((xcb_destroy_notify_event_t*)event)->window == window)
+ DEBUG("DestroyNotify for 0x%08x\n", (((xcb_destroy_notify_event_t *)event)->window));
+ if (((xcb_destroy_notify_event_t *)event)->window == window)
exit(EXIT_SUCCESS);
break;
default:
}
int main(int argc, char *argv[]) {
- char *username = getpwuid(getuid())->pw_name;
+ struct passwd *pw;
+ char *username;
char *image_path = NULL;
+#ifndef __OpenBSD__
int ret;
struct pam_conv conv = {conv_callback, NULL};
+#endif
+#if defined(__linux__)
+ bool lock_tty_switching = false;
+ int term = -1;
+#endif
+
int curs_choice = CURS_NONE;
int o;
- int optind = 0;
+ int longoptind = 0;
struct option longopts[] = {
{"version", no_argument, NULL, 'v'},
{"nofork", no_argument, NULL, 'n'},
{"beep", no_argument, NULL, 'b'},
{"dpms", no_argument, NULL, 'd'},
{"color", required_argument, NULL, 'c'},
- {"pointer", required_argument, NULL , 'p'},
+ {"pointer", required_argument, NULL, 'p'},
{"debug", no_argument, NULL, 0},
{"help", no_argument, NULL, 'h'},
{"no-unlock-indicator", no_argument, NULL, 'u'},
{"ignore-empty-password", no_argument, NULL, 'e'},
{"inactivity-timeout", required_argument, NULL, 'I'},
{"show-failed-attempts", no_argument, NULL, 'f'},
- {NULL, no_argument, NULL, 0}
- };
+ {"lock-console", no_argument, NULL, 'l'},
+ {NULL, no_argument, NULL, 0}};
- if (username == NULL)
+ if ((pw = getpwuid(getuid())) == NULL)
err(EXIT_FAILURE, "getpwuid() failed");
+ if ((username = pw->pw_name) == NULL)
+ errx(EXIT_FAILURE, "pw->pw_name is NULL.");
- char *optstring = "hvnbdc:p:ui:teI:f";
- while ((o = getopt_long(argc, argv, optstring, longopts, &optind)) != -1) {
+ char *optstring = "hvnbdc:p:ui:teI:fl";
+ while ((o = getopt_long(argc, argv, optstring, longopts, &longoptind)) != -1) {
switch (o) {
- case 'v':
- errx(EXIT_SUCCESS, "version " VERSION " © 2010-2012 Michael Stapelberg");
- case 'n':
- dont_fork = true;
- break;
- case 'b':
- beep = true;
- break;
- case 'd':
- dpms = true;
- break;
- case 'I': {
- int time = 0;
- if (sscanf(optarg, "%d", &time) != 1 || time < 0)
- errx(EXIT_FAILURE, "invalid timeout, it must be a positive integer\n");
- inactivity_timeout = time;
- break;
- }
- case 'c': {
- char *arg = optarg;
+ case 'v':
+ errx(EXIT_SUCCESS, "version " I3LOCK_VERSION " © 2010 Michael Stapelberg");
+ case 'n':
+ dont_fork = true;
+ break;
+ case 'b':
+ beep = true;
+ break;
+ case 'd':
+ fprintf(stderr, "DPMS support has been removed from i3lock. Please see the manpage i3lock(1).\n");
+ break;
+ case 'I': {
+ fprintf(stderr, "Inactivity timeout only makes sense with DPMS, which was removed. Please see the manpage i3lock(1).\n");
+ break;
+ }
+ case 'c': {
+ char *arg = optarg;
- /* Skip # if present */
- if (arg[0] == '#')
- arg++;
+ /* Skip # if present */
+ if (arg[0] == '#')
+ arg++;
- if (strlen(arg) != 6 || sscanf(arg, "%06[0-9a-fA-F]", color) != 1)
- errx(EXIT_FAILURE, "color is invalid, it must be given in 3-byte hexadecimal format: rrggbb\n");
+ if (strlen(arg) != 6 || sscanf(arg, "%06[0-9a-fA-F]", color) != 1)
+ errx(EXIT_FAILURE, "color is invalid, it must be given in 3-byte hexadecimal format: rrggbb");
- break;
- }
- case 'u':
- unlock_indicator = false;
- break;
- case 'i':
- image_path = strdup(optarg);
- break;
- case 't':
- tile = true;
- break;
- case 'p':
- if (!strcmp(optarg, "win")) {
- curs_choice = CURS_WIN;
- } else if (!strcmp(optarg, "default")) {
- curs_choice = CURS_DEFAULT;
- } else {
- errx(EXIT_FAILURE, "i3lock: Invalid pointer type given. Expected one of \"win\" or \"default\".\n");
+ break;
}
- break;
- case 'e':
- ignore_empty_password = true;
- break;
- case 0:
- if (strcmp(longopts[optind].name, "debug") == 0)
- debug_mode = true;
- break;
- case 'f':
- show_failed_attempts = true;
- break;
- default:
- errx(EXIT_FAILURE, "Syntax: i3lock [-v] [-n] [-b] [-d] [-c color] [-u] [-p win|default]"
- " [-i image.png] [-t] [-e] [-I] [-f]"
- );
+ case 'u':
+ unlock_indicator = false;
+ break;
+ case 'i':
+ image_path = strdup(optarg);
+ break;
+ case 't':
+ tile = true;
+ break;
+ case 'p':
+ if (!strcmp(optarg, "win")) {
+ curs_choice = CURS_WIN;
+ } else if (!strcmp(optarg, "default")) {
+ curs_choice = CURS_DEFAULT;
+ } else {
+ errx(EXIT_FAILURE, "i3lock: Invalid pointer type given. Expected one of \"win\" or \"default\".");
+ }
+ break;
+ case 'e':
+ ignore_empty_password = true;
+ break;
+ case 0:
+ if (strcmp(longopts[longoptind].name, "debug") == 0)
+ debug_mode = true;
+ break;
+ case 'f':
+ show_failed_attempts = true;
+ break;
+ case 'l':
+#if defined(__linux__)
+ lock_tty_switching = true;
+#else
+ errx(EXIT_FAILURE, "TTY switch locking is only supported on Linux.");
+#endif
+ break;
+ default:
+ errx(EXIT_FAILURE, "Syntax: i3lock [-v] [-n] [-b] [-d] [-c color] [-u] [-p win|default]"
+ " [-i image.png] [-t] [-e] [-I timeout] [-f] [-l]");
}
}
* the unlock indicator upon keypresses. */
srand(time(NULL));
+#ifndef __OpenBSD__
/* Initialize PAM */
- ret = pam_start("i3lock", username, &conv, &pam_handle);
- if (ret != PAM_SUCCESS)
+ if ((ret = pam_start("i3lock", username, &conv, &pam_handle)) != PAM_SUCCESS)
+ errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret));
+
+ if ((ret = pam_set_item(pam_handle, PAM_TTY, getenv("DISPLAY"))) != PAM_SUCCESS)
errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret));
+#endif
-/* Using mlock() as non-super-user seems only possible in Linux. Users of other
- * operating systems should use encrypted swap/no swap (or remove the ifdef and
- * run i3lock as super-user). */
+/* Using mlock() as non-super-user seems only possible in Linux.
+ * Users of other operating systems should use encrypted swap/no swap
+ * (or remove the ifdef and run i3lock as super-user).
+ * Alas, swap is encrypted by default on OpenBSD so swapping out
+ * is not necessarily an issue. */
#if defined(__linux__)
/* Lock the area where we store the password in memory, we don’t want it to
* be swapped to disk. Since Linux 2.6.9, this does not require any
errx(EXIT_FAILURE, "Could not connect to X11, maybe you need to set DISPLAY?");
if (xkb_x11_setup_xkb_extension(conn,
- XKB_X11_MIN_MAJOR_XKB_VERSION,
- XKB_X11_MIN_MINOR_XKB_VERSION,
- 0,
- NULL,
- NULL,
- &xkb_base_event,
- &xkb_base_error) != 1)
+ XKB_X11_MIN_MAJOR_XKB_VERSION,
+ XKB_X11_MIN_MINOR_XKB_VERSION,
+ 0,
+ NULL,
+ NULL,
+ &xkb_base_event,
+ &xkb_base_error) != 1)
errx(EXIT_FAILURE, "Could not setup XKB extension.");
static const xcb_xkb_map_part_t required_map_parts =
if (!load_keymap())
errx(EXIT_FAILURE, "Could not load keymap");
- xinerama_init();
- xinerama_query_screens();
-
- /* if DPMS is enabled, check if the X server really supports it */
- if (dpms) {
- xcb_dpms_capable_cookie_t dpmsc = xcb_dpms_capable(conn);
- xcb_dpms_capable_reply_t *dpmsr;
- if ((dpmsr = xcb_dpms_capable_reply(conn, dpmsc, NULL))) {
- if (!dpmsr->capable) {
- if (debug_mode)
- fprintf(stderr, "Disabling DPMS, X server not DPMS capable\n");
- dpms = false;
- }
- free(dpmsr);
- }
+ const char *locale = getenv("LC_ALL");
+ if (!locale || !*locale)
+ locale = getenv("LC_CTYPE");
+ if (!locale || !*locale)
+ locale = getenv("LANG");
+ if (!locale || !*locale) {
+ if (debug_mode)
+ fprintf(stderr, "Can't detect your locale, fallback to C\n");
+ locale = "C";
}
+ load_compose_table(locale);
+
screen = xcb_setup_roots_iterator(xcb_get_setup(conn)).data;
+ init_dpi();
+
+ randr_init(&randr_base, screen->root);
+ randr_query(screen->root);
+
last_resolution[0] = screen->width_in_pixels;
last_resolution[1] = screen->height_in_pixels;
xcb_change_window_attributes(conn, screen->root, XCB_CW_EVENT_MASK,
- (uint32_t[]){ XCB_EVENT_MASK_STRUCTURE_NOTIFY });
+ (uint32_t[]){XCB_EVENT_MASK_STRUCTURE_NOTIFY});
- if (image_path) {
+ if (verify_png_image(image_path)) {
/* Create a pixmap to render on, fill it with the background color */
img = cairo_image_surface_create_from_png(image_path);
/* In case loading failed, we just pretend no -i was specified. */
img = NULL;
}
}
+ free(image_path);
/* Pixmap on which the image is rendered to (if any) */
xcb_pixmap_t bg_pixmap = draw_image(last_resolution);
- /* open the fullscreen window, already with the correct pixmap in place */
+ xcb_window_t stolen_focus = find_focused_window(conn, screen->root);
+
+ /* Open the fullscreen window, already with the correct pixmap in place */
win = open_fullscreen_window(conn, screen, color, bg_pixmap);
xcb_free_pixmap(conn, bg_pixmap);
+ cursor = create_cursor(conn, screen, win, curs_choice);
+
+ /* Display the "locking…" message while trying to grab the pointer/keyboard. */
+ auth_state = STATE_AUTH_LOCK;
+ if (!grab_pointer_and_keyboard(conn, screen, cursor, 1000)) {
+ DEBUG("stole focus from X11 window 0x%08x\n", stolen_focus);
+
+ /* Set the focus to i3lock, possibly closing context menus which would
+ * otherwise prevent us from grabbing keyboard/pointer.
+ *
+ * We cannot use set_focused_window because _NET_ACTIVE_WINDOW only
+ * works for managed windows, but i3lock uses an unmanaged window
+ * (override_redirect=1). */
+ xcb_set_input_focus(conn, XCB_INPUT_FOCUS_PARENT /* revert_to */, win, XCB_CURRENT_TIME);
+ if (!grab_pointer_and_keyboard(conn, screen, cursor, 9000)) {
+ auth_state = STATE_I3LOCK_LOCK_FAILED;
+ redraw_screen();
+ sleep(1);
+ errx(EXIT_FAILURE, "Cannot grab pointer/keyboard");
+ }
+ }
+
pid_t pid = fork();
/* The pid == -1 case is intentionally ignored here:
* While the child process is useful for preventing other windows from
if (pid == 0) {
/* Child */
close(xcb_get_file_descriptor(conn));
+ maybe_close_sleep_lock_fd();
raise_loop(win);
exit(EXIT_SUCCESS);
}
- cursor = create_cursor(conn, screen, win, curs_choice);
-
- grab_pointer_and_keyboard(conn, screen, cursor);
/* Load the keymap again to sync the current modifier state. Since we first
* loaded the keymap, there might have been changes, but starting from now,
* we should get all key presses/releases due to having grabbed the
* keyboard. */
(void)load_keymap();
- turn_monitors_off();
-
/* Initialize the libev event loop. */
main_loop = EV_DEFAULT;
if (main_loop == NULL)
- errx(EXIT_FAILURE, "Could not initialize libev. Bad LIBEV_FLAGS?\n");
+ errx(EXIT_FAILURE, "Could not initialize libev. Bad LIBEV_FLAGS?");
+
+#if defined(__linux__)
+
+ /* Lock tty switching */
+ if (lock_tty_switching) {
+ if ((term = open("/dev/console", O_RDWR)) == -1) {
+ perror("error locking TTY switching: opening console failed");
+ }
+
+ if (term != -1 && (ioctl(term, VT_LOCKSWITCH)) == -1) {
+ perror("error locking TTY switching: locking console failed");
+ }
+ }
+
+#endif
+
+ /* Explicitly call the screen redraw in case "locking…" message was displayed */
+ auth_state = STATE_AUTH_IDLE;
+ redraw_screen();
struct ev_io *xcb_watcher = calloc(sizeof(struct ev_io), 1);
struct ev_check *xcb_check = calloc(sizeof(struct ev_check), 1);
* file descriptor becomes readable). */
ev_invoke(main_loop, xcb_check, 0);
ev_loop(main_loop, 0);
+
+ if (stolen_focus == XCB_NONE) {
+ return 0;
+ }
+
+#if defined(__linux__)
+ /* Restore tty switching */
+ if (lock_tty_switching) {
+ if (term != -1 && (ioctl(term, VT_UNLOCKSWITCH)) == -1) {
+ perror("error unlocking TTY switching: unlocking console failed");
+ }
+
+ close(term);
+ }
+
+#endif
+
+ DEBUG("restoring focus to X11 window 0x%08x\n", stolen_focus);
+ xcb_ungrab_pointer(conn, XCB_CURRENT_TIME);
+ xcb_ungrab_keyboard(conn, XCB_CURRENT_TIME);
+ xcb_destroy_window(conn, win);
+ set_focused_window(conn, screen->root, stolen_focus);
+ xcb_aux_sync(conn);
+
+ return 0;
}
projects / i3 / i3lock / blobdiff