mirrors
/
i3lock
mirror of https://github.com/i3/i3lock.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Implement PAM support (and retab! the file)

pull/1/head
Michael Stapelberg 2009-05-10 12:22:41 +02:00
parent ded5d6eed4
commit 715e46b45e
2 changed files with 160 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config.mk
View File

@ -13,7 +13,7 @@ MANDIR = $(DESTDIR)$(PREFIX)/share/man
# includes and libs # includes and libs
INCS = -I. -I/usr/include -I${X11INC} INCS = -I. -I/usr/include -I${X11INC}
LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 LIBS = -L/usr/lib -L${X11LIB} -lX11 -lpam
# flags # flags
CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H

304
i3lock.c
View File

@ -1,11 +1,22 @@
/* See LICENSE file for license details. */ /*
* vim:ts=8:expandtab
*
* i3lock - an improved version of slock
*
* i3lock © 2009 Michael Stapelberg and contributors
* slock © 2006-2008 Anselm R Garbe
*
* See file LICENSE for license information.
*
* Note that on any error (calloc is out of memory for example)
* we do not do anything so that the user can fix the error by
* himself (kill X to get more free memory or stop some other
* program using SSH/console).
*
*/
#define _XOPEN_SOURCE 500 #define _XOPEN_SOURCE 500
#if HAVE_SHADOW_H
#include <shadow.h>
#endif
#include <ctype.h> #include <ctype.h>
#include <pwd.h>
#include <stdarg.h> #include <stdarg.h>
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
@ -15,161 +26,164 @@
#include <X11/keysym.h> #include <X11/keysym.h>
#include <X11/Xlib.h> #include <X11/Xlib.h>
#include <X11/Xutil.h> #include <X11/Xutil.h>
#include <stdbool.h>
#if HAVE_BSD_AUTH #include <security/pam_appl.h>
#include <login_cap.h>
#include <bsd_auth.h>
#endif
static void static char passwd[256];
die(const char *errstr, ...) {
va_list ap;
va_start(ap, errstr); static void die(const char *errstr, ...) {
vfprintf(stderr, errstr, ap); va_list ap;
va_end(ap);
exit(EXIT_FAILURE); va_start(ap, errstr);
vfprintf(stderr, errstr, ap);
va_end(ap);
exit(EXIT_FAILURE);
} }
#ifndef HAVE_BSD_AUTH /*
static const char * * Callback function for PAM. We only react on password request callbacks.
get_password() { /* only run as root */ *
const char *rval; */
struct passwd *pw; static int conv_callback(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr) {
if (num_msg == 0)
return 1;
if(geteuid() != 0) /* PAM expects an arry of responses, one for each message */
die("slock: cannot retrieve password entry (make sure to suid slock)\n"); if ((*resp = calloc(num_msg, sizeof(struct pam_message))) == NULL) {
pw = getpwuid(getuid()); perror("calloc");
endpwent(); return 1;
rval = pw->pw_passwd; }
#if HAVE_SHADOW_H for (int c = 0; c < num_msg; c++) {
{ if (msg[c]->msg_style != PAM_PROMPT_ECHO_OFF &&
struct spwd *sp; msg[c]->msg_style != PAM_PROMPT_ECHO_ON)
sp = getspnam(getenv("USER")); continue;
endspent();
rval = sp->sp_pwdp;
}
#endif
/* drop privileges */ /* return code is currently not used but should be set to zero */
if(setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0) resp[c]->resp_retcode = 0;
die("slock: cannot drop privileges\n"); if ((resp[c]->resp = strdup(passwd)) == NULL) {
return rval; perror("strdup");
return 1;
}
}
return 0;
} }
#endif
int int main(int argc, char *argv[]) {
main(int argc, char **argv) { char curs[] = {0, 0, 0, 0, 0, 0, 0, 0};
char curs[] = {0, 0, 0, 0, 0, 0, 0, 0}; char buf[32];
char buf[32], passwd[256]; int num, screen;
int num, screen;
#ifndef HAVE_BSD_AUTH unsigned int len;
const char *pws; bool running = true;
#endif Cursor invisible;
unsigned int len; Display *dpy;
Bool running = True; KeySym ksym;
Cursor invisible; Pixmap pmap;
Display *dpy; Window root, w;
KeySym ksym; XColor black, dummy;
Pixmap pmap; XEvent ev;
Window root, w; XSetWindowAttributes wa;
XColor black, dummy;
XEvent ev;
XSetWindowAttributes wa;
if((argc == 2) && !strcmp("-v", argv[1])) /* TODO: use getopt */
die("i3lock-"VERSION", © 2009 Michael Stapelberg\n" if((argc == 2) && !strcmp("-v", argv[1]))
"based on slock, which is © 2006-2008 Anselm R Garbe\n"); die("i3lock-"VERSION", © 2009 Michael Stapelberg\n"
else if(argc != 1) "based on slock, which is © 2006-2008 Anselm R Garbe\n");
die("usage: slock [-v]\n"); else if(argc != 1)
die("usage: i3lock [-v]\n");
#ifndef HAVE_BSD_AUTH pam_handle_t *handle;
pws = get_password();
#endif
if(!(dpy = XOpenDisplay(0))) struct pam_conv conv;
die("slock: cannot open display\n"); conv.conv = conv_callback;
screen = DefaultScreen(dpy);
root = RootWindow(dpy, screen);
if (fork() != 0) int ret = pam_start("i3lock", getenv("USER"), &conv, &handle);
return 0; printf("pam_start = %d\n", ret);
if (ret != PAM_SUCCESS)
die("error = %s\n", pam_strerror(handle, ret));
/* init */ if(!(dpy = XOpenDisplay(0)))
wa.override_redirect = 1; die("slock: cannot open display\n");
wa.background_pixel = WhitePixel(dpy, screen); screen = DefaultScreen(dpy);
w = XCreateWindow(dpy, root, 0, 0, DisplayWidth(dpy, screen), DisplayHeight(dpy, screen), root = RootWindow(dpy, screen);
0, DefaultDepth(dpy, screen), CopyFromParent,
DefaultVisual(dpy, screen), CWOverrideRedirect | CWBackPixel, &wa);
XAllocNamedColor(dpy, DefaultColormap(dpy, screen), "black", &black, &dummy);
pmap = XCreateBitmapFromData(dpy, w, curs, 8, 8);
invisible = XCreatePixmapCursor(dpy, pmap, pmap, &black, &black, 0, 0);
XDefineCursor(dpy, w, invisible);
XMapRaised(dpy, w);
for(len = 1000; len; len--) {
if(XGrabPointer(dpy, root, False, ButtonPressMask | ButtonReleaseMask | PointerMotionMask,
GrabModeAsync, GrabModeAsync, None, invisible, CurrentTime) == GrabSuccess)
break;
usleep(1000);
}
if((running = running && (len > 0))) {
for(len = 1000; len; len--) {
if(XGrabKeyboard(dpy, root, True, GrabModeAsync, GrabModeAsync, CurrentTime)
== GrabSuccess)
break;
usleep(1000);
}
running = (len > 0);
}
len = 0;
XSync(dpy, False);
/* main event loop */ if (fork() != 0)
while(running && !XNextEvent(dpy, &ev)) { return 0;
if(ev.type == KeyPress) {
buf[0] = 0; /* init */
num = XLookupString(&ev.xkey, buf, sizeof buf, &ksym, 0); wa.override_redirect = 1;
if(IsKeypadKey(ksym)) { wa.background_pixel = WhitePixel(dpy, screen);
if(ksym == XK_KP_Enter) w = XCreateWindow(dpy, root, 0, 0, DisplayWidth(dpy, screen), DisplayHeight(dpy, screen),
ksym = XK_Return; 0, DefaultDepth(dpy, screen), CopyFromParent,
else if(ksym >= XK_KP_0 && ksym <= XK_KP_9) DefaultVisual(dpy, screen), CWOverrideRedirect | CWBackPixel, &wa);
ksym = (ksym - XK_KP_0) + XK_0; XAllocNamedColor(dpy, DefaultColormap(dpy, screen), "black", &black, &dummy);
} pmap = XCreateBitmapFromData(dpy, w, curs, 8, 8);
if(IsFunctionKey(ksym) || IsKeypadKey(ksym) invisible = XCreatePixmapCursor(dpy, pmap, pmap, &black, &black, 0, 0);
|| IsMiscFunctionKey(ksym) || IsPFKey(ksym) XDefineCursor(dpy, w, invisible);
|| IsPrivateKeypadKey(ksym)) XMapRaised(dpy, w);
continue; for(len = 1000; len; len--) {
switch(ksym) { if(XGrabPointer(dpy, root, False, ButtonPressMask | ButtonReleaseMask | PointerMotionMask,
case XK_Return: GrabModeAsync, GrabModeAsync, None, invisible, CurrentTime) == GrabSuccess)
passwd[len] = 0; break;
#ifdef HAVE_BSD_AUTH usleep(1000);
running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd); }
#else if((running = running && (len > 0))) {
running = strcmp(crypt(passwd, pws), pws); for(len = 1000; len; len--) {
#endif if(XGrabKeyboard(dpy, root, True, GrabModeAsync, GrabModeAsync, CurrentTime)
len = 0; == GrabSuccess)
break; break;
case XK_Escape: usleep(1000);
len = 0; }
break; running = (len > 0);
case XK_BackSpace: }
if(len) len = 0;
--len; XSync(dpy, False);
break;
default: /* main event loop */
if(num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) { while(running && !XNextEvent(dpy, &ev)) {
memcpy(passwd + len, buf, num); if(ev.type == KeyPress) {
len += num; buf[0] = 0;
} num = XLookupString(&ev.xkey, buf, sizeof buf, &ksym, 0);
break; if(IsKeypadKey(ksym)) {
} if(ksym == XK_KP_Enter)
} ksym = XK_Return;
} else if(ksym >= XK_KP_0 && ksym <= XK_KP_9)
XUngrabPointer(dpy, CurrentTime); ksym = (ksym - XK_KP_0) + XK_0;
XFreePixmap(dpy, pmap); }
XDestroyWindow(dpy, w); if(IsFunctionKey(ksym) || IsKeypadKey(ksym)
XCloseDisplay(dpy); || IsMiscFunctionKey(ksym) || IsPFKey(ksym)
return 0; || IsPrivateKeypadKey(ksym))
continue;
switch(ksym) {
case XK_Return:
passwd[len] = 0;
if ((ret = pam_authenticate(handle, 0)) == PAM_SUCCESS)
running = false;
else fprintf(stderr, "PAM: %s\n", pam_strerror(handle, ret));
len = 0;
break;
case XK_Escape:
len = 0;
break;
case XK_BackSpace:
if (len > 0)
len--;
break;
default:
if(num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) {
memcpy(passwd + len, buf, num);
len += num;
}
break;
}
}
}
XUngrabPointer(dpy, CurrentTime);
XFreePixmap(dpy, pmap);
XDestroyWindow(dpy, w);
XCloseDisplay(dpy);
return 0;
} }