mirror of https://github.com/i3/i3lock.git
Implement PAM support (and retab! the file)
parent
ded5d6eed4
commit
715e46b45e
|
@ -13,7 +13,7 @@ MANDIR = $(DESTDIR)$(PREFIX)/share/man
|
||||||
|
|
||||||
# includes and libs
|
# includes and libs
|
||||||
INCS = -I. -I/usr/include -I${X11INC}
|
INCS = -I. -I/usr/include -I${X11INC}
|
||||||
LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11
|
LIBS = -L/usr/lib -L${X11LIB} -lX11 -lpam
|
||||||
|
|
||||||
# flags
|
# flags
|
||||||
CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H
|
CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H
|
||||||
|
|
304
i3lock.c
304
i3lock.c
|
@ -1,11 +1,22 @@
|
||||||
/* See LICENSE file for license details. */
|
/*
|
||||||
|
* vim:ts=8:expandtab
|
||||||
|
*
|
||||||
|
* i3lock - an improved version of slock
|
||||||
|
*
|
||||||
|
* i3lock © 2009 Michael Stapelberg and contributors
|
||||||
|
* slock © 2006-2008 Anselm R Garbe
|
||||||
|
*
|
||||||
|
* See file LICENSE for license information.
|
||||||
|
*
|
||||||
|
* Note that on any error (calloc is out of memory for example)
|
||||||
|
* we do not do anything so that the user can fix the error by
|
||||||
|
* himself (kill X to get more free memory or stop some other
|
||||||
|
* program using SSH/console).
|
||||||
|
*
|
||||||
|
*/
|
||||||
#define _XOPEN_SOURCE 500
|
#define _XOPEN_SOURCE 500
|
||||||
#if HAVE_SHADOW_H
|
|
||||||
#include <shadow.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
#include <pwd.h>
|
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
@ -15,161 +26,164 @@
|
||||||
#include <X11/keysym.h>
|
#include <X11/keysym.h>
|
||||||
#include <X11/Xlib.h>
|
#include <X11/Xlib.h>
|
||||||
#include <X11/Xutil.h>
|
#include <X11/Xutil.h>
|
||||||
|
#include <stdbool.h>
|
||||||
|
|
||||||
#if HAVE_BSD_AUTH
|
#include <security/pam_appl.h>
|
||||||
#include <login_cap.h>
|
|
||||||
#include <bsd_auth.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
static void
|
static char passwd[256];
|
||||||
die(const char *errstr, ...) {
|
|
||||||
va_list ap;
|
|
||||||
|
|
||||||
va_start(ap, errstr);
|
static void die(const char *errstr, ...) {
|
||||||
vfprintf(stderr, errstr, ap);
|
va_list ap;
|
||||||
va_end(ap);
|
|
||||||
exit(EXIT_FAILURE);
|
va_start(ap, errstr);
|
||||||
|
vfprintf(stderr, errstr, ap);
|
||||||
|
va_end(ap);
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifndef HAVE_BSD_AUTH
|
/*
|
||||||
static const char *
|
* Callback function for PAM. We only react on password request callbacks.
|
||||||
get_password() { /* only run as root */
|
*
|
||||||
const char *rval;
|
*/
|
||||||
struct passwd *pw;
|
static int conv_callback(int num_msg, const struct pam_message **msg,
|
||||||
|
struct pam_response **resp, void *appdata_ptr) {
|
||||||
|
if (num_msg == 0)
|
||||||
|
return 1;
|
||||||
|
|
||||||
if(geteuid() != 0)
|
/* PAM expects an arry of responses, one for each message */
|
||||||
die("slock: cannot retrieve password entry (make sure to suid slock)\n");
|
if ((*resp = calloc(num_msg, sizeof(struct pam_message))) == NULL) {
|
||||||
pw = getpwuid(getuid());
|
perror("calloc");
|
||||||
endpwent();
|
return 1;
|
||||||
rval = pw->pw_passwd;
|
}
|
||||||
|
|
||||||
#if HAVE_SHADOW_H
|
for (int c = 0; c < num_msg; c++) {
|
||||||
{
|
if (msg[c]->msg_style != PAM_PROMPT_ECHO_OFF &&
|
||||||
struct spwd *sp;
|
msg[c]->msg_style != PAM_PROMPT_ECHO_ON)
|
||||||
sp = getspnam(getenv("USER"));
|
continue;
|
||||||
endspent();
|
|
||||||
rval = sp->sp_pwdp;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* drop privileges */
|
/* return code is currently not used but should be set to zero */
|
||||||
if(setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0)
|
resp[c]->resp_retcode = 0;
|
||||||
die("slock: cannot drop privileges\n");
|
if ((resp[c]->resp = strdup(passwd)) == NULL) {
|
||||||
return rval;
|
perror("strdup");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
int
|
int main(int argc, char *argv[]) {
|
||||||
main(int argc, char **argv) {
|
char curs[] = {0, 0, 0, 0, 0, 0, 0, 0};
|
||||||
char curs[] = {0, 0, 0, 0, 0, 0, 0, 0};
|
char buf[32];
|
||||||
char buf[32], passwd[256];
|
int num, screen;
|
||||||
int num, screen;
|
|
||||||
|
|
||||||
#ifndef HAVE_BSD_AUTH
|
unsigned int len;
|
||||||
const char *pws;
|
bool running = true;
|
||||||
#endif
|
Cursor invisible;
|
||||||
unsigned int len;
|
Display *dpy;
|
||||||
Bool running = True;
|
KeySym ksym;
|
||||||
Cursor invisible;
|
Pixmap pmap;
|
||||||
Display *dpy;
|
Window root, w;
|
||||||
KeySym ksym;
|
XColor black, dummy;
|
||||||
Pixmap pmap;
|
XEvent ev;
|
||||||
Window root, w;
|
XSetWindowAttributes wa;
|
||||||
XColor black, dummy;
|
|
||||||
XEvent ev;
|
|
||||||
XSetWindowAttributes wa;
|
|
||||||
|
|
||||||
if((argc == 2) && !strcmp("-v", argv[1]))
|
/* TODO: use getopt */
|
||||||
die("i3lock-"VERSION", © 2009 Michael Stapelberg\n"
|
if((argc == 2) && !strcmp("-v", argv[1]))
|
||||||
"based on slock, which is © 2006-2008 Anselm R Garbe\n");
|
die("i3lock-"VERSION", © 2009 Michael Stapelberg\n"
|
||||||
else if(argc != 1)
|
"based on slock, which is © 2006-2008 Anselm R Garbe\n");
|
||||||
die("usage: slock [-v]\n");
|
else if(argc != 1)
|
||||||
|
die("usage: i3lock [-v]\n");
|
||||||
|
|
||||||
#ifndef HAVE_BSD_AUTH
|
pam_handle_t *handle;
|
||||||
pws = get_password();
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if(!(dpy = XOpenDisplay(0)))
|
struct pam_conv conv;
|
||||||
die("slock: cannot open display\n");
|
conv.conv = conv_callback;
|
||||||
screen = DefaultScreen(dpy);
|
|
||||||
root = RootWindow(dpy, screen);
|
|
||||||
|
|
||||||
if (fork() != 0)
|
int ret = pam_start("i3lock", getenv("USER"), &conv, &handle);
|
||||||
return 0;
|
printf("pam_start = %d\n", ret);
|
||||||
|
if (ret != PAM_SUCCESS)
|
||||||
|
die("error = %s\n", pam_strerror(handle, ret));
|
||||||
|
|
||||||
/* init */
|
if(!(dpy = XOpenDisplay(0)))
|
||||||
wa.override_redirect = 1;
|
die("slock: cannot open display\n");
|
||||||
wa.background_pixel = WhitePixel(dpy, screen);
|
screen = DefaultScreen(dpy);
|
||||||
w = XCreateWindow(dpy, root, 0, 0, DisplayWidth(dpy, screen), DisplayHeight(dpy, screen),
|
root = RootWindow(dpy, screen);
|
||||||
0, DefaultDepth(dpy, screen), CopyFromParent,
|
|
||||||
DefaultVisual(dpy, screen), CWOverrideRedirect | CWBackPixel, &wa);
|
|
||||||
XAllocNamedColor(dpy, DefaultColormap(dpy, screen), "black", &black, &dummy);
|
|
||||||
pmap = XCreateBitmapFromData(dpy, w, curs, 8, 8);
|
|
||||||
invisible = XCreatePixmapCursor(dpy, pmap, pmap, &black, &black, 0, 0);
|
|
||||||
XDefineCursor(dpy, w, invisible);
|
|
||||||
XMapRaised(dpy, w);
|
|
||||||
for(len = 1000; len; len--) {
|
|
||||||
if(XGrabPointer(dpy, root, False, ButtonPressMask | ButtonReleaseMask | PointerMotionMask,
|
|
||||||
GrabModeAsync, GrabModeAsync, None, invisible, CurrentTime) == GrabSuccess)
|
|
||||||
break;
|
|
||||||
usleep(1000);
|
|
||||||
}
|
|
||||||
if((running = running && (len > 0))) {
|
|
||||||
for(len = 1000; len; len--) {
|
|
||||||
if(XGrabKeyboard(dpy, root, True, GrabModeAsync, GrabModeAsync, CurrentTime)
|
|
||||||
== GrabSuccess)
|
|
||||||
break;
|
|
||||||
usleep(1000);
|
|
||||||
}
|
|
||||||
running = (len > 0);
|
|
||||||
}
|
|
||||||
len = 0;
|
|
||||||
XSync(dpy, False);
|
|
||||||
|
|
||||||
/* main event loop */
|
if (fork() != 0)
|
||||||
while(running && !XNextEvent(dpy, &ev)) {
|
return 0;
|
||||||
if(ev.type == KeyPress) {
|
|
||||||
buf[0] = 0;
|
/* init */
|
||||||
num = XLookupString(&ev.xkey, buf, sizeof buf, &ksym, 0);
|
wa.override_redirect = 1;
|
||||||
if(IsKeypadKey(ksym)) {
|
wa.background_pixel = WhitePixel(dpy, screen);
|
||||||
if(ksym == XK_KP_Enter)
|
w = XCreateWindow(dpy, root, 0, 0, DisplayWidth(dpy, screen), DisplayHeight(dpy, screen),
|
||||||
ksym = XK_Return;
|
0, DefaultDepth(dpy, screen), CopyFromParent,
|
||||||
else if(ksym >= XK_KP_0 && ksym <= XK_KP_9)
|
DefaultVisual(dpy, screen), CWOverrideRedirect | CWBackPixel, &wa);
|
||||||
ksym = (ksym - XK_KP_0) + XK_0;
|
XAllocNamedColor(dpy, DefaultColormap(dpy, screen), "black", &black, &dummy);
|
||||||
}
|
pmap = XCreateBitmapFromData(dpy, w, curs, 8, 8);
|
||||||
if(IsFunctionKey(ksym) || IsKeypadKey(ksym)
|
invisible = XCreatePixmapCursor(dpy, pmap, pmap, &black, &black, 0, 0);
|
||||||
|| IsMiscFunctionKey(ksym) || IsPFKey(ksym)
|
XDefineCursor(dpy, w, invisible);
|
||||||
|| IsPrivateKeypadKey(ksym))
|
XMapRaised(dpy, w);
|
||||||
continue;
|
for(len = 1000; len; len--) {
|
||||||
switch(ksym) {
|
if(XGrabPointer(dpy, root, False, ButtonPressMask | ButtonReleaseMask | PointerMotionMask,
|
||||||
case XK_Return:
|
GrabModeAsync, GrabModeAsync, None, invisible, CurrentTime) == GrabSuccess)
|
||||||
passwd[len] = 0;
|
break;
|
||||||
#ifdef HAVE_BSD_AUTH
|
usleep(1000);
|
||||||
running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd);
|
}
|
||||||
#else
|
if((running = running && (len > 0))) {
|
||||||
running = strcmp(crypt(passwd, pws), pws);
|
for(len = 1000; len; len--) {
|
||||||
#endif
|
if(XGrabKeyboard(dpy, root, True, GrabModeAsync, GrabModeAsync, CurrentTime)
|
||||||
len = 0;
|
== GrabSuccess)
|
||||||
break;
|
break;
|
||||||
case XK_Escape:
|
usleep(1000);
|
||||||
len = 0;
|
}
|
||||||
break;
|
running = (len > 0);
|
||||||
case XK_BackSpace:
|
}
|
||||||
if(len)
|
len = 0;
|
||||||
--len;
|
XSync(dpy, False);
|
||||||
break;
|
|
||||||
default:
|
/* main event loop */
|
||||||
if(num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) {
|
while(running && !XNextEvent(dpy, &ev)) {
|
||||||
memcpy(passwd + len, buf, num);
|
if(ev.type == KeyPress) {
|
||||||
len += num;
|
buf[0] = 0;
|
||||||
}
|
num = XLookupString(&ev.xkey, buf, sizeof buf, &ksym, 0);
|
||||||
break;
|
if(IsKeypadKey(ksym)) {
|
||||||
}
|
if(ksym == XK_KP_Enter)
|
||||||
}
|
ksym = XK_Return;
|
||||||
}
|
else if(ksym >= XK_KP_0 && ksym <= XK_KP_9)
|
||||||
XUngrabPointer(dpy, CurrentTime);
|
ksym = (ksym - XK_KP_0) + XK_0;
|
||||||
XFreePixmap(dpy, pmap);
|
}
|
||||||
XDestroyWindow(dpy, w);
|
if(IsFunctionKey(ksym) || IsKeypadKey(ksym)
|
||||||
XCloseDisplay(dpy);
|
|| IsMiscFunctionKey(ksym) || IsPFKey(ksym)
|
||||||
return 0;
|
|| IsPrivateKeypadKey(ksym))
|
||||||
|
continue;
|
||||||
|
switch(ksym) {
|
||||||
|
case XK_Return:
|
||||||
|
passwd[len] = 0;
|
||||||
|
if ((ret = pam_authenticate(handle, 0)) == PAM_SUCCESS)
|
||||||
|
running = false;
|
||||||
|
else fprintf(stderr, "PAM: %s\n", pam_strerror(handle, ret));
|
||||||
|
len = 0;
|
||||||
|
break;
|
||||||
|
case XK_Escape:
|
||||||
|
len = 0;
|
||||||
|
break;
|
||||||
|
case XK_BackSpace:
|
||||||
|
if (len > 0)
|
||||||
|
len--;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
if(num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) {
|
||||||
|
memcpy(passwd + len, buf, num);
|
||||||
|
len += num;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
XUngrabPointer(dpy, CurrentTime);
|
||||||
|
XFreePixmap(dpy, pmap);
|
||||||
|
XDestroyWindow(dpy, w);
|
||||||
|
XCloseDisplay(dpy);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue