X-Git-Url: https://git.sur5r.net/?p=i3%2Fi3lock;a=blobdiff_plain;f=i3lock.c;h=43829c5ff9a20babd67c4f02f79054541f5c6992;hp=bead8841cd5aa1f4a20d3d815a69e53301b53dd8;hb=HEAD;hpb=7d52029ae3a8bb21951106fe8e3e88156a57859b diff --git a/i3lock.c b/i3lock.c index bead884..43829c5 100644 --- a/i3lock.c +++ b/i3lock.c @@ -1,11 +1,13 @@ /* * vim:ts=4:sw=4:expandtab * - * © 2010-2013 Michael Stapelberg + * © 2010 Michael Stapelberg * * See LICENSE for licensing information * */ +#include + #include #include #include @@ -16,24 +18,40 @@ #include #include #include -#include #include +#include #include +#ifdef __OpenBSD__ +#include +#else #include +#endif #include #include #include #include #include +#include #include #include #include +#ifdef __OpenBSD__ +#include /* explicit_bzero(3) */ +#endif +#include +#include +#if defined(__linux__) +#include +#include +#include +#endif #include "i3lock.h" #include "xcb.h" #include "cursors.h" #include "unlock_indicator.h" -#include "xinerama.h" +#include "randr.h" +#include "dpi.h" #define TSTAMP_N_SECS(n) (n * 1.0) #define TSTAMP_N_MINS(n) (60 * TSTAMP_N_SECS(n)) @@ -43,37 +61,41 @@ timer_obj = stop_timer(timer_obj) typedef void (*ev_callback_t)(EV_P_ ev_timer *w, int revents); +static void input_done(void); -/* We need this for libxkbfile */ char color[7] = "ffffff"; -int inactivity_timeout = 30; uint32_t last_resolution[2]; xcb_window_t win; static xcb_cursor_t cursor; +#ifndef __OpenBSD__ static pam_handle_t *pam_handle; +#endif int input_position = 0; /* Holds the password you enter (in UTF-8). */ static char password[512]; static bool beep = false; bool debug_mode = false; -static bool dpms = false; bool unlock_indicator = true; +char *modifier_string = NULL; static bool dont_fork = false; struct ev_loop *main_loop; -static struct ev_timer *clear_pam_wrong_timeout; +static struct ev_timer *clear_auth_wrong_timeout; static struct ev_timer *clear_indicator_timeout; -static struct ev_timer *dpms_timeout; static struct ev_timer *discard_passwd_timeout; extern unlock_state_t unlock_state; -extern pam_state_t pam_state; +extern auth_state_t auth_state; int failed_attempts = 0; bool show_failed_attempts = false; +bool retry_verification = false; static struct xkb_state *xkb_state; static struct xkb_context *xkb_context; static struct xkb_keymap *xkb_keymap; +static struct xkb_compose_table *xkb_compose_table; +static struct xkb_compose_state *xkb_compose_state; static uint8_t xkb_base_event; static uint8_t xkb_base_error; +static int randr_base = -1; cairo_surface_t *img = NULL; bool tile = false; @@ -81,7 +103,7 @@ bool ignore_empty_password = false; bool skip_repeated_empty_password = false; /* isutf, u8_dec © 2005 Jeff Bezanson, public domain */ -#define isutf(c) (((c) & 0xC0) != 0x80) +#define isutf(c) (((c)&0xC0) != 0x80) /* * Decrements i to point to the previous unicode glyph @@ -91,16 +113,6 @@ void u8_dec(char *s, int *i) { (void)(isutf(s[--(*i)]) || isutf(s[--(*i)]) || isutf(s[--(*i)]) || --(*i)); } -static void turn_monitors_on(void) { - if (dpms) - dpms_set_mode(conn, XCB_DPMS_DPMS_MODE_ON); -} - -static void turn_monitors_off(void) { - if (dpms) - dpms_set_mode(conn, XCB_DPMS_DPMS_MODE_OFF); -} - /* * Loads the XKB keymap from the X11 server and feeds it to xkbcommon. * Necessary so that we can properly let xkbcommon track the keyboard state and @@ -137,24 +149,54 @@ static bool load_keymap(void) { return true; } +/* + * Loads the XKB compose table from the given locale. + * + */ +static bool load_compose_table(const char *locale) { + xkb_compose_table_unref(xkb_compose_table); + + if ((xkb_compose_table = xkb_compose_table_new_from_locale(xkb_context, locale, 0)) == NULL) { + fprintf(stderr, "[i3lock] xkb_compose_table_new_from_locale failed\n"); + return false; + } + + struct xkb_compose_state *new_compose_state = xkb_compose_state_new(xkb_compose_table, 0); + if (new_compose_state == NULL) { + fprintf(stderr, "[i3lock] xkb_compose_state_new failed\n"); + return false; + } + + xkb_compose_state_unref(xkb_compose_state); + xkb_compose_state = new_compose_state; + + return true; +} + /* * Clears the memory which stored the password to be a bit safer against * cold-boot attacks. * */ static void clear_password_memory(void) { +#ifdef __OpenBSD__ + /* Use explicit_bzero(3) which was explicitly designed not to be + * optimized out by the compiler. */ + explicit_bzero(password, strlen(password)); +#else /* A volatile pointer to the password buffer to prevent the compiler from * optimizing this out. */ volatile char *vpassword = password; - for (int c = 0; c < sizeof(password); c++) + for (size_t c = 0; c < sizeof(password); c++) /* We store a non-random pattern which consists of the (irrelevant) * index plus (!) the value of the beep variable. This prevents the * compiler from optimizing the calls away, since the value of 'beep' * is not known at compile-time. */ vpassword[c] = c + (int)beep; +#endif } -ev_timer* start_timer(ev_timer *timer_obj, ev_tstamp timeout, ev_callback_t callback) { +ev_timer *start_timer(ev_timer *timer_obj, ev_tstamp timeout, ev_callback_t callback) { if (timer_obj) { ev_timer_stop(main_loop, timer_obj); ev_timer_set(timer_obj, timeout, 0.); @@ -171,7 +213,7 @@ ev_timer* start_timer(ev_timer *timer_obj, ev_tstamp timeout, ev_callback_t call return timer_obj; } -ev_timer* stop_timer(ev_timer *timer_obj) { +ev_timer *stop_timer(ev_timer *timer_obj) { if (timer_obj) { ev_timer_stop(main_loop, timer_obj); free(timer_obj); @@ -180,18 +222,40 @@ ev_timer* stop_timer(ev_timer *timer_obj) { } /* - * Resets pam_state to STATE_PAM_IDLE 2 seconds after an unsuccessful + * Neccessary calls after ending input via enter or others + * + */ +static void finish_input(void) { + password[input_position] = '\0'; + unlock_state = STATE_KEY_PRESSED; + redraw_screen(); + input_done(); +} + +/* + * Resets auth_state to STATE_AUTH_IDLE 2 seconds after an unsuccessful * authentication event. * */ -static void clear_pam_wrong(EV_P_ ev_timer *w, int revents) { - DEBUG("clearing pam wrong\n"); - pam_state = STATE_PAM_IDLE; - unlock_state = STATE_STARTED; +static void clear_auth_wrong(EV_P_ ev_timer *w, int revents) { + DEBUG("clearing auth wrong\n"); + auth_state = STATE_AUTH_IDLE; redraw_screen(); + /* Clear modifier string. */ + if (modifier_string != NULL) { + free(modifier_string); + modifier_string = NULL; + } + /* Now free this timeout. */ - STOP_TIMER(clear_pam_wrong_timeout); + STOP_TIMER(clear_auth_wrong_timeout); + + /* retry with input done during auth verification */ + if (retry_verification) { + retry_verification = false; + finish_input(); + } } static void clear_indicator_cb(EV_P_ ev_timer *w, int revents) { @@ -203,54 +267,97 @@ static void clear_input(void) { input_position = 0; clear_password_memory(); password[input_position] = '\0'; - - /* Hide the unlock indicator after a bit if the password buffer is - * empty. */ - START_TIMER(clear_indicator_timeout, 1.0, clear_indicator_cb); - unlock_state = STATE_BACKSPACE_ACTIVE; - redraw_screen(); - unlock_state = STATE_KEY_PRESSED; -} - -static void turn_off_monitors_cb(EV_P_ ev_timer *w, int revents) { - if (input_position == 0) - turn_monitors_off(); - - STOP_TIMER(dpms_timeout); } static void discard_passwd_cb(EV_P_ ev_timer *w, int revents) { clear_input(); - turn_monitors_off(); STOP_TIMER(discard_passwd_timeout); } static void input_done(void) { - STOP_TIMER(clear_pam_wrong_timeout); - pam_state = STATE_PAM_VERIFY; + STOP_TIMER(clear_auth_wrong_timeout); + auth_state = STATE_AUTH_VERIFY; + unlock_state = STATE_STARTED; redraw_screen(); +#ifdef __OpenBSD__ + struct passwd *pw; + + if (!(pw = getpwuid(getuid()))) + errx(1, "unknown uid %u.", getuid()); + + if (auth_userokay(pw->pw_name, NULL, NULL, password) != 0) { + DEBUG("successfully authenticated\n"); + clear_password_memory(); + + ev_break(EV_DEFAULT, EVBREAK_ALL); + return; + } +#else if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) { DEBUG("successfully authenticated\n"); clear_password_memory(); - /* Turn the screen on, as it may have been turned off - * on release of the 'enter' key. */ - turn_monitors_on(); - exit(0); + + /* PAM credentials should be refreshed, this will for example update any kerberos tickets. + * Related to credentials pam_end() needs to be called to cleanup any temporary + * credentials like kerberos /tmp/krb5cc_pam_* files which may of been left behind if the + * refresh of the credentials failed. */ + pam_setcred(pam_handle, PAM_REFRESH_CRED); + pam_end(pam_handle, PAM_SUCCESS); + + ev_break(EV_DEFAULT, EVBREAK_ALL); + return; } +#endif if (debug_mode) fprintf(stderr, "Authentication failure\n"); - pam_state = STATE_PAM_WRONG; + /* Get state of Caps and Num lock modifiers, to be displayed in + * STATE_AUTH_WRONG state */ + xkb_mod_index_t idx, num_mods; + const char *mod_name; + + num_mods = xkb_keymap_num_mods(xkb_keymap); + + for (idx = 0; idx < num_mods; idx++) { + if (!xkb_state_mod_index_is_active(xkb_state, idx, XKB_STATE_MODS_EFFECTIVE)) + continue; + + mod_name = xkb_keymap_mod_get_name(xkb_keymap, idx); + if (mod_name == NULL) + continue; + + /* Replace certain xkb names with nicer, human-readable ones. */ + if (strcmp(mod_name, XKB_MOD_NAME_CAPS) == 0) + mod_name = "Caps Lock"; + else if (strcmp(mod_name, XKB_MOD_NAME_ALT) == 0) + mod_name = "Alt"; + else if (strcmp(mod_name, XKB_MOD_NAME_NUM) == 0) + mod_name = "Num Lock"; + else if (strcmp(mod_name, XKB_MOD_NAME_LOGO) == 0) + mod_name = "Super"; + + char *tmp; + if (modifier_string == NULL) { + if (asprintf(&tmp, "%s", mod_name) != -1) + modifier_string = tmp; + } else if (asprintf(&tmp, "%s, %s", modifier_string, mod_name) != -1) { + free(modifier_string); + modifier_string = tmp; + } + } + + auth_state = STATE_AUTH_WRONG; failed_attempts += 1; clear_input(); - redraw_screen(); + if (unlock_indicator) + redraw_screen(); /* Clear this state after 2 seconds (unless the user enters another * password during that time). */ ev_now_update(main_loop); - START_TIMER(clear_pam_wrong_timeout, TSTAMP_N_SECS(2), clear_pam_wrong); + START_TIMER(clear_auth_wrong_timeout, TSTAMP_N_SECS(2), clear_auth_wrong); /* Cancel the clear_indicator_timeout, it would hide the unlock indicator * too early. */ @@ -289,66 +396,116 @@ static void handle_key_press(xcb_key_press_event_t *event) { char buffer[128]; int n; bool ctrl; + bool composed = false; ksym = xkb_state_key_get_one_sym(xkb_state, event->detail); - ctrl = xkb_state_mod_name_is_active(xkb_state, "Control", XKB_STATE_MODS_DEPRESSED); + ctrl = xkb_state_mod_name_is_active(xkb_state, XKB_MOD_NAME_CTRL, XKB_STATE_MODS_DEPRESSED); /* The buffer will be null-terminated, so n >= 2 for 1 actual character. */ memset(buffer, '\0', sizeof(buffer)); - n = xkb_keysym_to_utf8(ksym, buffer, sizeof(buffer)); + + if (xkb_compose_state && xkb_compose_state_feed(xkb_compose_state, ksym) == XKB_COMPOSE_FEED_ACCEPTED) { + switch (xkb_compose_state_get_status(xkb_compose_state)) { + case XKB_COMPOSE_NOTHING: + break; + case XKB_COMPOSE_COMPOSING: + return; + case XKB_COMPOSE_COMPOSED: + /* xkb_compose_state_get_utf8 doesn't include the terminating byte in the return value + * as xkb_keysym_to_utf8 does. Adding one makes the variable n consistent. */ + n = xkb_compose_state_get_utf8(xkb_compose_state, buffer, sizeof(buffer)) + 1; + ksym = xkb_compose_state_get_one_sym(xkb_compose_state); + composed = true; + break; + case XKB_COMPOSE_CANCELLED: + xkb_compose_state_reset(xkb_compose_state); + return; + } + } + + if (!composed) { + n = xkb_keysym_to_utf8(ksym, buffer, sizeof(buffer)); + } switch (ksym) { - case XKB_KEY_Return: - case XKB_KEY_KP_Enter: - case XKB_KEY_XF86ScreenSaver: - if (pam_state == STATE_PAM_WRONG) - return; + case XKB_KEY_j: + case XKB_KEY_m: + case XKB_KEY_Return: + case XKB_KEY_KP_Enter: + case XKB_KEY_XF86ScreenSaver: + if ((ksym == XKB_KEY_j || ksym == XKB_KEY_m) && !ctrl) + break; + + if (auth_state == STATE_AUTH_WRONG) { + retry_verification = true; + return; + } - if (skip_without_validation()) { - clear_input(); + if (skip_without_validation()) { + clear_input(); + return; + } + finish_input(); + skip_repeated_empty_password = true; return; - } - password[input_position] = '\0'; - unlock_state = STATE_KEY_PRESSED; - redraw_screen(); - input_done(); - skip_repeated_empty_password = true; - return; - default: - skip_repeated_empty_password = false; + default: + skip_repeated_empty_password = false; + // A new password is being entered, but a previous one is pending. + // Discard the old one and clear the retry_verification flag. + if (retry_verification) { + retry_verification = false; + clear_input(); + } } switch (ksym) { - case XKB_KEY_u: - if (ctrl) { - DEBUG("C-u pressed\n"); - clear_input(); + case XKB_KEY_u: + case XKB_KEY_Escape: + if ((ksym == XKB_KEY_u && ctrl) || + ksym == XKB_KEY_Escape) { + DEBUG("C-u pressed\n"); + clear_input(); + /* Also hide the unlock indicator */ + if (unlock_indicator) + clear_indicator(); + return; + } + break; + + case XKB_KEY_Delete: + case XKB_KEY_KP_Delete: + /* Deleting forward doesn’t make sense, as i3lock doesn’t allow you + * to move the cursor when entering a password. We need to eat this + * key press so that it won’t be treated as part of the password, + * see issue #50. */ return; - } - break; - case XKB_KEY_Escape: - clear_input(); - return; + case XKB_KEY_h: + case XKB_KEY_BackSpace: + if (ksym == XKB_KEY_h && !ctrl) + break; - case XKB_KEY_BackSpace: - if (input_position == 0) - return; + if (input_position == 0) { + START_TIMER(clear_indicator_timeout, 1.0, clear_indicator_cb); + unlock_state = STATE_NOTHING_TO_DELETE; + redraw_screen(); + return; + } - /* decrement input_position to point to the previous glyph */ - u8_dec(password, &input_position); - password[input_position] = '\0'; + /* decrement input_position to point to the previous glyph */ + u8_dec(password, &input_position); + password[input_position] = '\0'; - /* Hide the unlock indicator after a bit if the password buffer is - * empty. */ - START_TIMER(clear_indicator_timeout, 1.0, clear_indicator_cb); - unlock_state = STATE_BACKSPACE_ACTIVE; - redraw_screen(); - unlock_state = STATE_KEY_PRESSED; - return; + /* Hide the unlock indicator after a bit if the password buffer is + * empty. */ + START_TIMER(clear_indicator_timeout, 1.0, clear_indicator_cb); + unlock_state = STATE_BACKSPACE_ACTIVE; + redraw_screen(); + unlock_state = STATE_KEY_PRESSED; + return; } - if ((input_position + 8) >= sizeof(password)) + if ((input_position + 8) >= (int)sizeof(password)) return; #if 0 @@ -366,17 +523,20 @@ static void handle_key_press(xcb_key_press_event_t *event) { return; /* store it in the password array as UTF-8 */ - memcpy(password+input_position, buffer, n-1); - input_position += n-1; + memcpy(password + input_position, buffer, n - 1); + input_position += n - 1; DEBUG("current password = %.*s\n", input_position, password); - unlock_state = STATE_KEY_ACTIVE; - redraw_screen(); - unlock_state = STATE_KEY_PRESSED; + if (unlock_indicator) { + unlock_state = STATE_KEY_ACTIVE; + redraw_screen(); + unlock_state = STATE_KEY_PRESSED; + + struct ev_timer *timeout = NULL; + START_TIMER(timeout, TSTAMP_N_SECS(0.25), redraw_timeout); + STOP_TIMER(clear_indicator_timeout); + } - struct ev_timer *timeout = NULL; - START_TIMER(timeout, TSTAMP_N_SECS(0.25), redraw_timeout); - STOP_TIMER(clear_indicator_timeout); START_TIMER(discard_passwd_timeout, TSTAMP_N_MINS(3), discard_passwd_cb); } @@ -390,9 +550,9 @@ static void handle_key_press(xcb_key_press_event_t *event) { * */ static void handle_visibility_notify(xcb_connection_t *conn, - xcb_visibility_notify_event_t *event) { + xcb_visibility_notify_event_t *event) { if (event->state != XCB_VISIBILITY_UNOBSCURED) { - uint32_t values[] = { XCB_STACK_MODE_ABOVE }; + uint32_t values[] = {XCB_STACK_MODE_ABOVE}; xcb_configure_window(conn, event->window, XCB_CONFIG_WINDOW_STACK_MODE, values); xcb_flush(conn); } @@ -417,7 +577,7 @@ static void process_xkb_event(xcb_generic_event_t *gevent) { xcb_xkb_new_keyboard_notify_event_t new_keyboard_notify; xcb_xkb_map_notify_event_t map_notify; xcb_xkb_state_notify_event_t state_notify; - } *event = (union xkb_event*)gevent; + } *event = (union xkb_event *)gevent; DEBUG("process_xkb_event for device %d\n", event->any.deviceID); @@ -481,17 +641,47 @@ void handle_screen_resize(void) { xcb_configure_window(conn, win, mask, last_resolution); xcb_flush(conn); - xinerama_query_screens(); + randr_query(screen->root); redraw_screen(); } +static bool verify_png_image(const char *image_path) { + if (!image_path) { + return false; + } + + /* Check file exists and has correct PNG header */ + FILE *png_file = fopen(image_path, "r"); + if (png_file == NULL) { + fprintf(stderr, "Image file path \"%s\" cannot be opened: %s\n", image_path, strerror(errno)); + return false; + } + unsigned char png_header[8]; + memset(png_header, '\0', sizeof(png_header)); + int bytes_read = fread(png_header, 1, sizeof(png_header), png_file); + fclose(png_file); + if (bytes_read != sizeof(png_header)) { + fprintf(stderr, "Could not read PNG header from \"%s\"\n", image_path); + return false; + } + + // Check PNG header according to the specification, available at: + // https://www.w3.org/TR/2003/REC-PNG-20031110/#5PNG-file-signature + static unsigned char PNG_REFERENCE_HEADER[8] = {137, 80, 78, 71, 13, 10, 26, 10}; + if (memcmp(PNG_REFERENCE_HEADER, png_header, sizeof(png_header)) != 0) { + fprintf(stderr, "File \"%s\" does not start with a PNG header. i3lock currently only supports loading PNG files.\n", image_path); + return false; + } + return true; +} + +#ifndef __OpenBSD__ /* * Callback function for PAM. We only react on password request callbacks. * */ static int conv_callback(int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *appdata_ptr) -{ + struct pam_response **resp, void *appdata_ptr) { if (num_msg == 0) return 1; @@ -516,6 +706,7 @@ static int conv_callback(int num_msg, const struct pam_message **msg, return 0; } +#endif /* * This callback is only a dummy, see xcb_prepare_cb and xcb_check_cb. @@ -534,6 +725,22 @@ static void xcb_prepare_cb(EV_P_ ev_prepare *w, int revents) { xcb_flush(conn); } +/* + * Try closing logind sleep lock fd passed over from xss-lock, in case we're + * being run from there. + * + */ +static void maybe_close_sleep_lock_fd(void) { + const char *sleep_lock_fd = getenv("XSS_SLEEP_LOCK_FD"); + char *endptr; + if (sleep_lock_fd && *sleep_lock_fd != 0) { + long int fd = strtol(sleep_lock_fd, &endptr, 10); + if (*endptr == 0) { + close(fd); + } + } +} + /* * Instead of polling the X connection socket we leave this to * xcb_poll_for_event() which knows better than we can ever know. @@ -543,11 +750,11 @@ static void xcb_check_cb(EV_P_ ev_check *w, int revents) { xcb_generic_event_t *event; if (xcb_connection_has_error(conn)) - errx(EXIT_FAILURE, "X11 connection broke, did your server terminate?\n"); + errx(EXIT_FAILURE, "X11 connection broke, did your server terminate?"); while ((event = xcb_poll_for_event(conn)) != NULL) { if (event->response_type == 0) { - xcb_generic_error_t *error = (xcb_generic_error_t*)event; + xcb_generic_error_t *error = (xcb_generic_error_t *)event; if (debug_mode) fprintf(stderr, "X11 Error received! sequence 0x%x, error_code = %d\n", error->sequence, error->error_code); @@ -560,23 +767,15 @@ static void xcb_check_cb(EV_P_ ev_check *w, int revents) { switch (type) { case XCB_KEY_PRESS: - handle_key_press((xcb_key_press_event_t*)event); - break; - - case XCB_KEY_RELEASE: - /* If this was the backspace or escape key we are back at an - * empty input, so turn off the screen if DPMS is enabled, but - * only do that after some timeout: maybe user mistyped and - * will type again right away */ - START_TIMER(dpms_timeout, TSTAMP_N_SECS(inactivity_timeout), - turn_off_monitors_cb); + handle_key_press((xcb_key_press_event_t *)event); break; case XCB_VISIBILITY_NOTIFY: - handle_visibility_notify(conn, (xcb_visibility_notify_event_t*)event); + handle_visibility_notify(conn, (xcb_visibility_notify_event_t *)event); break; case XCB_MAP_NOTIFY: + maybe_close_sleep_lock_fd(); if (!dont_fork) { /* After the first MapNotify, we never fork again. We don’t * expect to get another MapNotify, but better be sure… */ @@ -595,8 +794,14 @@ static void xcb_check_cb(EV_P_ ev_check *w, int revents) { break; default: - if (type == xkb_base_event) + if (type == xkb_base_event) { process_xkb_event(event); + } + if (randr_base > -1 && + type == randr_base + XCB_RANDR_SCREEN_CHANGE_NOTIFY) { + randr_query(screen->root); + handle_screen_resize(); + } } free(event); @@ -606,7 +811,7 @@ static void xcb_check_cb(EV_P_ ev_check *w, int revents) { /* * This function is called from a fork()ed child and will raise the i3lock * window when the window is obscured, even when the main i3lock process is - * blocked due to PAM. + * blocked due to the authentication backend. * */ static void raise_loop(xcb_window_t window) { @@ -614,24 +819,22 @@ static void raise_loop(xcb_window_t window) { xcb_generic_event_t *event; int screens; - if ((conn = xcb_connect(NULL, &screens)) == NULL || - xcb_connection_has_error(conn)) - errx(EXIT_FAILURE, "Cannot open display\n"); + if (xcb_connection_has_error((conn = xcb_connect(NULL, &screens))) > 0) + errx(EXIT_FAILURE, "Cannot open display"); /* We need to know about the window being obscured or getting destroyed. */ xcb_change_window_attributes(conn, window, XCB_CW_EVENT_MASK, - (uint32_t[]){ - XCB_EVENT_MASK_VISIBILITY_CHANGE | - XCB_EVENT_MASK_STRUCTURE_NOTIFY - }); + (uint32_t[]){ + XCB_EVENT_MASK_VISIBILITY_CHANGE | + XCB_EVENT_MASK_STRUCTURE_NOTIFY}); xcb_flush(conn); DEBUG("Watching window 0x%08x\n", window); while ((event = xcb_wait_for_event(conn)) != NULL) { if (event->response_type == 0) { - xcb_generic_error_t *error = (xcb_generic_error_t*)event; + xcb_generic_error_t *error = (xcb_generic_error_t *)event; DEBUG("X11 Error received! sequence 0x%x, error_code = %d\n", - error->sequence, error->error_code); + error->sequence, error->error_code); free(event); continue; } @@ -640,16 +843,16 @@ static void raise_loop(xcb_window_t window) { DEBUG("Read event of type %d\n", type); switch (type) { case XCB_VISIBILITY_NOTIFY: - handle_visibility_notify(conn, (xcb_visibility_notify_event_t*)event); + handle_visibility_notify(conn, (xcb_visibility_notify_event_t *)event); break; case XCB_UNMAP_NOTIFY: - DEBUG("UnmapNotify for 0x%08x\n", (((xcb_unmap_notify_event_t*)event)->window)); - if (((xcb_unmap_notify_event_t*)event)->window == window) + DEBUG("UnmapNotify for 0x%08x\n", (((xcb_unmap_notify_event_t *)event)->window)); + if (((xcb_unmap_notify_event_t *)event)->window == window) exit(EXIT_SUCCESS); break; case XCB_DESTROY_NOTIFY: - DEBUG("DestroyNotify for 0x%08x\n", (((xcb_destroy_notify_event_t*)event)->window)); - if (((xcb_destroy_notify_event_t*)event)->window == window) + DEBUG("DestroyNotify for 0x%08x\n", (((xcb_destroy_notify_event_t *)event)->window)); + if (((xcb_destroy_notify_event_t *)event)->window == window) exit(EXIT_SUCCESS); break; default: @@ -661,20 +864,28 @@ static void raise_loop(xcb_window_t window) { } int main(int argc, char *argv[]) { - char *username = getpwuid(getuid())->pw_name; + struct passwd *pw; + char *username; char *image_path = NULL; +#ifndef __OpenBSD__ int ret; struct pam_conv conv = {conv_callback, NULL}; +#endif +#if defined(__linux__) + bool lock_tty_switching = false; + int term = -1; +#endif + int curs_choice = CURS_NONE; int o; - int optind = 0; + int longoptind = 0; struct option longopts[] = { {"version", no_argument, NULL, 'v'}, {"nofork", no_argument, NULL, 'n'}, {"beep", no_argument, NULL, 'b'}, {"dpms", no_argument, NULL, 'd'}, {"color", required_argument, NULL, 'c'}, - {"pointer", required_argument, NULL , 'p'}, + {"pointer", required_argument, NULL, 'p'}, {"debug", no_argument, NULL, 0}, {"help", no_argument, NULL, 'h'}, {"no-unlock-indicator", no_argument, NULL, 'u'}, @@ -683,77 +894,82 @@ int main(int argc, char *argv[]) { {"ignore-empty-password", no_argument, NULL, 'e'}, {"inactivity-timeout", required_argument, NULL, 'I'}, {"show-failed-attempts", no_argument, NULL, 'f'}, - {NULL, no_argument, NULL, 0} - }; + {"lock-console", no_argument, NULL, 'l'}, + {NULL, no_argument, NULL, 0}}; - if (username == NULL) + if ((pw = getpwuid(getuid())) == NULL) err(EXIT_FAILURE, "getpwuid() failed"); + if ((username = pw->pw_name) == NULL) + errx(EXIT_FAILURE, "pw->pw_name is NULL."); - char *optstring = "hvnbdc:p:ui:teI:f"; - while ((o = getopt_long(argc, argv, optstring, longopts, &optind)) != -1) { + char *optstring = "hvnbdc:p:ui:teI:fl"; + while ((o = getopt_long(argc, argv, optstring, longopts, &longoptind)) != -1) { switch (o) { - case 'v': - errx(EXIT_SUCCESS, "version " VERSION " © 2010-2012 Michael Stapelberg"); - case 'n': - dont_fork = true; - break; - case 'b': - beep = true; - break; - case 'd': - dpms = true; - break; - case 'I': { - int time = 0; - if (sscanf(optarg, "%d", &time) != 1 || time < 0) - errx(EXIT_FAILURE, "invalid timeout, it must be a positive integer\n"); - inactivity_timeout = time; - break; - } - case 'c': { - char *arg = optarg; + case 'v': + errx(EXIT_SUCCESS, "version " I3LOCK_VERSION " © 2010 Michael Stapelberg"); + case 'n': + dont_fork = true; + break; + case 'b': + beep = true; + break; + case 'd': + fprintf(stderr, "DPMS support has been removed from i3lock. Please see the manpage i3lock(1).\n"); + break; + case 'I': { + fprintf(stderr, "Inactivity timeout only makes sense with DPMS, which was removed. Please see the manpage i3lock(1).\n"); + break; + } + case 'c': { + char *arg = optarg; - /* Skip # if present */ - if (arg[0] == '#') - arg++; + /* Skip # if present */ + if (arg[0] == '#') + arg++; - if (strlen(arg) != 6 || sscanf(arg, "%06[0-9a-fA-F]", color) != 1) - errx(EXIT_FAILURE, "color is invalid, it must be given in 3-byte hexadecimal format: rrggbb\n"); + if (strlen(arg) != 6 || sscanf(arg, "%06[0-9a-fA-F]", color) != 1) + errx(EXIT_FAILURE, "color is invalid, it must be given in 3-byte hexadecimal format: rrggbb"); - break; - } - case 'u': - unlock_indicator = false; - break; - case 'i': - image_path = strdup(optarg); - break; - case 't': - tile = true; - break; - case 'p': - if (!strcmp(optarg, "win")) { - curs_choice = CURS_WIN; - } else if (!strcmp(optarg, "default")) { - curs_choice = CURS_DEFAULT; - } else { - errx(EXIT_FAILURE, "i3lock: Invalid pointer type given. Expected one of \"win\" or \"default\".\n"); + break; } - break; - case 'e': - ignore_empty_password = true; - break; - case 0: - if (strcmp(longopts[optind].name, "debug") == 0) - debug_mode = true; - break; - case 'f': - show_failed_attempts = true; - break; - default: - errx(EXIT_FAILURE, "Syntax: i3lock [-v] [-n] [-b] [-d] [-c color] [-u] [-p win|default]" - " [-i image.png] [-t] [-e] [-I] [-f]" - ); + case 'u': + unlock_indicator = false; + break; + case 'i': + image_path = strdup(optarg); + break; + case 't': + tile = true; + break; + case 'p': + if (!strcmp(optarg, "win")) { + curs_choice = CURS_WIN; + } else if (!strcmp(optarg, "default")) { + curs_choice = CURS_DEFAULT; + } else { + errx(EXIT_FAILURE, "i3lock: Invalid pointer type given. Expected one of \"win\" or \"default\"."); + } + break; + case 'e': + ignore_empty_password = true; + break; + case 0: + if (strcmp(longopts[longoptind].name, "debug") == 0) + debug_mode = true; + break; + case 'f': + show_failed_attempts = true; + break; + case 'l': +#if defined(__linux__) + lock_tty_switching = true; +#else + errx(EXIT_FAILURE, "TTY switch locking is only supported on Linux."); +#endif + break; + default: + errx(EXIT_FAILURE, "Syntax: i3lock [-v] [-n] [-b] [-d] [-c color] [-u] [-p win|default]" + " [-i image.png] [-t] [-e] [-I timeout] [-f] [-l]"); } } @@ -761,14 +977,20 @@ int main(int argc, char *argv[]) { * the unlock indicator upon keypresses. */ srand(time(NULL)); +#ifndef __OpenBSD__ /* Initialize PAM */ - ret = pam_start("i3lock", username, &conv, &pam_handle); - if (ret != PAM_SUCCESS) + if ((ret = pam_start("i3lock", username, &conv, &pam_handle)) != PAM_SUCCESS) + errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret)); + + if ((ret = pam_set_item(pam_handle, PAM_TTY, getenv("DISPLAY"))) != PAM_SUCCESS) errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret)); +#endif -/* Using mlock() as non-super-user seems only possible in Linux. Users of other - * operating systems should use encrypted swap/no swap (or remove the ifdef and - * run i3lock as super-user). */ +/* Using mlock() as non-super-user seems only possible in Linux. + * Users of other operating systems should use encrypted swap/no swap + * (or remove the ifdef and run i3lock as super-user). + * Alas, swap is encrypted by default on OpenBSD so swapping out + * is not necessarily an issue. */ #if defined(__linux__) /* Lock the area where we store the password in memory, we don’t want it to * be swapped to disk. Since Linux 2.6.9, this does not require any @@ -784,13 +1006,13 @@ int main(int argc, char *argv[]) { errx(EXIT_FAILURE, "Could not connect to X11, maybe you need to set DISPLAY?"); if (xkb_x11_setup_xkb_extension(conn, - XKB_X11_MIN_MAJOR_XKB_VERSION, - XKB_X11_MIN_MINOR_XKB_VERSION, - 0, - NULL, - NULL, - &xkb_base_event, - &xkb_base_error) != 1) + XKB_X11_MIN_MAJOR_XKB_VERSION, + XKB_X11_MIN_MINOR_XKB_VERSION, + 0, + NULL, + NULL, + &xkb_base_event, + &xkb_base_error) != 1) errx(EXIT_FAILURE, "Could not setup XKB extension."); static const xcb_xkb_map_part_t required_map_parts = @@ -821,32 +1043,33 @@ int main(int argc, char *argv[]) { if (!load_keymap()) errx(EXIT_FAILURE, "Could not load keymap"); - xinerama_init(); - xinerama_query_screens(); - - /* if DPMS is enabled, check if the X server really supports it */ - if (dpms) { - xcb_dpms_capable_cookie_t dpmsc = xcb_dpms_capable(conn); - xcb_dpms_capable_reply_t *dpmsr; - if ((dpmsr = xcb_dpms_capable_reply(conn, dpmsc, NULL))) { - if (!dpmsr->capable) { - if (debug_mode) - fprintf(stderr, "Disabling DPMS, X server not DPMS capable\n"); - dpms = false; - } - free(dpmsr); - } + const char *locale = getenv("LC_ALL"); + if (!locale || !*locale) + locale = getenv("LC_CTYPE"); + if (!locale || !*locale) + locale = getenv("LANG"); + if (!locale || !*locale) { + if (debug_mode) + fprintf(stderr, "Can't detect your locale, fallback to C\n"); + locale = "C"; } + load_compose_table(locale); + screen = xcb_setup_roots_iterator(xcb_get_setup(conn)).data; + init_dpi(); + + randr_init(&randr_base, screen->root); + randr_query(screen->root); + last_resolution[0] = screen->width_in_pixels; last_resolution[1] = screen->height_in_pixels; xcb_change_window_attributes(conn, screen->root, XCB_CW_EVENT_MASK, - (uint32_t[]){ XCB_EVENT_MASK_STRUCTURE_NOTIFY }); + (uint32_t[]){XCB_EVENT_MASK_STRUCTURE_NOTIFY}); - if (image_path) { + if (verify_png_image(image_path)) { /* Create a pixmap to render on, fill it with the background color */ img = cairo_image_surface_create_from_png(image_path); /* In case loading failed, we just pretend no -i was specified. */ @@ -856,14 +1079,39 @@ int main(int argc, char *argv[]) { img = NULL; } } + free(image_path); /* Pixmap on which the image is rendered to (if any) */ xcb_pixmap_t bg_pixmap = draw_image(last_resolution); - /* open the fullscreen window, already with the correct pixmap in place */ + xcb_window_t stolen_focus = find_focused_window(conn, screen->root); + + /* Open the fullscreen window, already with the correct pixmap in place */ win = open_fullscreen_window(conn, screen, color, bg_pixmap); xcb_free_pixmap(conn, bg_pixmap); + cursor = create_cursor(conn, screen, win, curs_choice); + + /* Display the "locking…" message while trying to grab the pointer/keyboard. */ + auth_state = STATE_AUTH_LOCK; + if (!grab_pointer_and_keyboard(conn, screen, cursor, 1000)) { + DEBUG("stole focus from X11 window 0x%08x\n", stolen_focus); + + /* Set the focus to i3lock, possibly closing context menus which would + * otherwise prevent us from grabbing keyboard/pointer. + * + * We cannot use set_focused_window because _NET_ACTIVE_WINDOW only + * works for managed windows, but i3lock uses an unmanaged window + * (override_redirect=1). */ + xcb_set_input_focus(conn, XCB_INPUT_FOCUS_PARENT /* revert_to */, win, XCB_CURRENT_TIME); + if (!grab_pointer_and_keyboard(conn, screen, cursor, 9000)) { + auth_state = STATE_I3LOCK_LOCK_FAILED; + redraw_screen(); + sleep(1); + errx(EXIT_FAILURE, "Cannot grab pointer/keyboard"); + } + } + pid_t pid = fork(); /* The pid == -1 case is intentionally ignored here: * While the child process is useful for preventing other windows from @@ -871,25 +1119,40 @@ int main(int argc, char *argv[]) { if (pid == 0) { /* Child */ close(xcb_get_file_descriptor(conn)); + maybe_close_sleep_lock_fd(); raise_loop(win); exit(EXIT_SUCCESS); } - cursor = create_cursor(conn, screen, win, curs_choice); - - grab_pointer_and_keyboard(conn, screen, cursor); /* Load the keymap again to sync the current modifier state. Since we first * loaded the keymap, there might have been changes, but starting from now, * we should get all key presses/releases due to having grabbed the * keyboard. */ (void)load_keymap(); - turn_monitors_off(); - /* Initialize the libev event loop. */ main_loop = EV_DEFAULT; if (main_loop == NULL) - errx(EXIT_FAILURE, "Could not initialize libev. Bad LIBEV_FLAGS?\n"); + errx(EXIT_FAILURE, "Could not initialize libev. Bad LIBEV_FLAGS?"); + +#if defined(__linux__) + + /* Lock tty switching */ + if (lock_tty_switching) { + if ((term = open("/dev/console", O_RDWR)) == -1) { + perror("error locking TTY switching: opening console failed"); + } + + if (term != -1 && (ioctl(term, VT_LOCKSWITCH)) == -1) { + perror("error locking TTY switching: locking console failed"); + } + } + +#endif + + /* Explicitly call the screen redraw in case "locking…" message was displayed */ + auth_state = STATE_AUTH_IDLE; + redraw_screen(); struct ev_io *xcb_watcher = calloc(sizeof(struct ev_io), 1); struct ev_check *xcb_check = calloc(sizeof(struct ev_check), 1); @@ -909,4 +1172,29 @@ int main(int argc, char *argv[]) { * file descriptor becomes readable). */ ev_invoke(main_loop, xcb_check, 0); ev_loop(main_loop, 0); + + if (stolen_focus == XCB_NONE) { + return 0; + } + +#if defined(__linux__) + /* Restore tty switching */ + if (lock_tty_switching) { + if (term != -1 && (ioctl(term, VT_UNLOCKSWITCH)) == -1) { + perror("error unlocking TTY switching: unlocking console failed"); + } + + close(term); + } + +#endif + + DEBUG("restoring focus to X11 window 0x%08x\n", stolen_focus); + xcb_ungrab_pointer(conn, XCB_CURRENT_TIME); + xcb_ungrab_keyboard(conn, XCB_CURRENT_TIME); + xcb_destroy_window(conn, win); + set_focused_window(conn, screen->root, stolen_focus); + xcb_aux_sync(conn); + + return 0; }