X-Git-Url: https://git.armaanb.net/?p=slock.git;a=blobdiff_plain;f=slock.c;h=f79917468021ca414a174a50e71372b4f59deda9;hp=2dce109d531309c79a0687570f8cf0891db606e1;hb=9a617db716641da8489e2062e04098220954bffe;hpb=5a5c581285e86fe53c9602c7e0fb7e19ec742391 diff --git a/slock.c b/slock.c index 2dce109..f799174 100644 --- a/slock.c +++ b/slock.c @@ -6,6 +6,7 @@ #include #include +#include #include #include #include @@ -13,262 +14,363 @@ #include #include #include +#include #include #include #include -#if HAVE_BSD_AUTH -#include -#include -#endif +#include "arg.h" +#include "util.h" + +char *argv0; + +enum { + INIT, + INPUT, + FAILED, + NUMCOLS +}; + +#include "config.h" -struct st_lock { +struct lock { int screen; - Window root, w; + Window root, win; Pixmap pmap; + unsigned long colors[NUMCOLS]; }; -extern const char *__progname; +struct xrandr { + int active; + int evbase; + int errbase; +}; static void -die(const char *errstr, ...) { +die(const char *errstr, ...) +{ va_list ap; - fprintf(stderr, "%s: ", __progname); va_start(ap, errstr); vfprintf(stderr, errstr, ap); va_end(ap); - fprintf(stderr, "\n"); - fflush(stderr); + exit(1); +} - exit(EXIT_FAILURE); +#ifdef __linux__ +#include +#include + +static void +dontkillme(void) +{ + FILE *f; + const char oomfile[] = "/proc/self/oom_score_adj"; + + if (!(f = fopen(oomfile, "w"))) { + if (errno == ENOENT) + return; + die("slock: fopen %s: %s\n", oomfile, strerror(errno)); + } + fprintf(f, "%d", OOM_SCORE_ADJ_MIN); + if (fclose(f)) { + if (errno == EACCES) + die("slock: unable to disable OOM killer. " + "suid or sgid set?\n"); + else + die("slock: fclose %s: %s\n", oomfile, + strerror(errno)); + } } +#endif -#ifndef HAVE_BSD_AUTH static const char * -getpw(void) { /* only run as root */ - const char *rval; +gethash(void) +{ + const char *hash; struct passwd *pw; - if(geteuid() != 0) - die("cannot retrieve password entry (make sure to suid slock)"); - pw = getpwuid(getuid()); - endpwent(); - rval = pw->pw_passwd; + /* Check if the current user has a password entry */ + errno = 0; + if (!(pw = getpwuid(getuid()))) { + if (errno) + die("slock: getpwuid: %s\n", strerror(errno)); + else + die("slock: cannot retrieve password entry\n"); + } + hash = pw->pw_passwd; #if HAVE_SHADOW_H - { + if (hash[0] == 'x' && hash[1] == '\0') { struct spwd *sp; - sp = getspnam(getenv("USER")); - endspent(); - rval = sp->sp_pwdp; + if (!(sp = getspnam(getenv("USER")))) + die("slock: getspnam: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); + hash = sp->sp_pwdp; } -#endif +#else + if (hash[0] == '*' && hash[1] == '\0') { +#ifdef __OpenBSD__ + if (!(pw = getpwnam_shadow(getenv("USER")))) + die("slock: getpwnam_shadow: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); + hash = pw->pw_passwd; +#else + die("slock: getpwuid: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); +#endif /* __OpenBSD__ */ + } +#endif /* HAVE_SHADOW_H */ - /* drop privileges */ - if(setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0) - die("cannot drop privileges"); - return rval; + return hash; } -#endif static void -#ifdef HAVE_BSD_AUTH -readpw(Display *dpy) -#else -readpw(Display *dpy, const char *pws) -#endif +readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens, + const char *hash) { - char buf[32], passwd[256]; - int num; - - unsigned int len; - Bool running = True; + char buf[32], passwd[256], *inputhash; + int num, screen, running, failure; + unsigned int len, color; KeySym ksym; XEvent ev; + static int oldc = INIT; len = 0; - running = True; + running = 1; + failure = 0; /* As "slock" stands for "Simple X display locker", the DPMS settings * had been removed and you can set it with "xset" or some other * utility. This way the user can easily set a customized DPMS * timeout. */ - - while(running && !XNextEvent(dpy, &ev)) { - if(ev.type == KeyPress) { - buf[0] = 0; - num = XLookupString(&ev.xkey, buf, sizeof buf, &ksym, 0); - if(IsKeypadKey(ksym)) { - if(ksym == XK_KP_Enter) + while (running && !XNextEvent(dpy, &ev)) { + if (ev.type == KeyPress) { + explicit_bzero(&buf, sizeof(buf)); + num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0); + if (IsKeypadKey(ksym)) { + if (ksym == XK_KP_Enter) ksym = XK_Return; - else if(ksym >= XK_KP_0 && ksym <= XK_KP_9) + else if (ksym >= XK_KP_0 && ksym <= XK_KP_9) ksym = (ksym - XK_KP_0) + XK_0; } - if(IsFunctionKey(ksym) || IsKeypadKey(ksym) - || IsMiscFunctionKey(ksym) || IsPFKey(ksym) - || IsPrivateKeypadKey(ksym)) + if (IsFunctionKey(ksym) || + IsKeypadKey(ksym) || + IsMiscFunctionKey(ksym) || + IsPFKey(ksym) || + IsPrivateKeypadKey(ksym)) continue; - switch(ksym) { + switch (ksym) { case XK_Return: passwd[len] = 0; -#ifdef HAVE_BSD_AUTH - running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd); -#else - running = strcmp(crypt(passwd, pws), pws); -#endif - if (running != 0) + errno = 0; + if (!(inputhash = crypt(passwd, hash))) + fprintf(stderr, "slock: crypt: %s\n", strerror(errno)); + else + running = !!strcmp(inputhash, hash); + if (running) { XBell(dpy, 100); + failure = True; + } + explicit_bzero(&passwd, sizeof(passwd)); len = 0; break; case XK_Escape: + explicit_bzero(&passwd, sizeof(passwd)); len = 0; break; case XK_BackSpace: - if(len) - --len; + if (len) + passwd[len--] = 0; break; default: - if(num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) { + if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) { memcpy(passwd + len, buf, num); len += num; } break; } - } + color = len ? INPUT : (failure || failonclear ? FAILED : INIT); + if (running && oldc != color) { + for (screen = 0; screen < nscreens; screen++) { + XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[color]); + XClearWindow(dpy, locks[screen]->win); + } + oldc = color; + } + } else if (rr->active && ev.type == rr->evbase + RRScreenChangeNotify) { + XRRScreenChangeNotifyEvent *rre = (XRRScreenChangeNotifyEvent*)&ev; + for (screen = 0; screen < nscreens; screen++) { + if (locks[screen]->win == rre->window) { + XResizeWindow(dpy, locks[screen]->win, rre->width, rre->height); + XClearWindow(dpy, locks[screen]->win); + } + } + } else for (screen = 0; screen < nscreens; screen++) + XRaiseWindow(dpy, locks[screen]->win); } } -static void -unlockscreen(Display *dpy, struct st_lock *lock) { - if (dpy == NULL || lock == NULL) - return; - - XUngrabPointer(dpy, CurrentTime); - XFreePixmap(dpy, lock->pmap); - XDestroyWindow(dpy, lock->w); - - free(lock); -} - -static struct st_lock * -lockscreen(Display *dpy, int screen) { +static struct lock * +lockscreen(Display *dpy, struct xrandr *rr, int screen) +{ char curs[] = {0, 0, 0, 0, 0, 0, 0, 0}; - unsigned int len; - struct st_lock *lock; - Bool running = True; - XColor black, dummy; + int i, ptgrab, kbgrab; + struct lock *lock; + XColor color, dummy; XSetWindowAttributes wa; Cursor invisible; - if (dpy == NULL || screen < 0) - return NULL; - - lock = malloc(sizeof(struct st_lock)); - if (lock == NULL) + if (dpy == NULL || screen < 0 || !(lock = malloc(sizeof(struct lock)))) return NULL; lock->screen = screen; - lock->root = RootWindow(dpy, lock->screen); + for (i = 0; i < NUMCOLS; i++) { + XAllocNamedColor(dpy, DefaultColormap(dpy, lock->screen), colorname[i], &color, &dummy); + lock->colors[i] = color.pixel; + } + /* init */ wa.override_redirect = 1; - wa.background_pixel = BlackPixel(dpy, lock->screen); - lock->w = XCreateWindow(dpy, lock->root, 0, 0, DisplayWidth(dpy, lock->screen), DisplayHeight(dpy, lock->screen), - 0, DefaultDepth(dpy, lock->screen), CopyFromParent, - DefaultVisual(dpy, lock->screen), CWOverrideRedirect | CWBackPixel, &wa); - XAllocNamedColor(dpy, DefaultColormap(dpy, lock->screen), "black", &black, &dummy); - lock->pmap = XCreateBitmapFromData(dpy, lock->w, curs, 8, 8); - invisible = XCreatePixmapCursor(dpy, lock->pmap, lock->pmap, &black, &black, 0, 0); - XDefineCursor(dpy, lock->w, invisible); - XMapRaised(dpy, lock->w); - for(len = 1000; len; len--) { - if(XGrabPointer(dpy, lock->root, False, ButtonPressMask | ButtonReleaseMask | PointerMotionMask, - GrabModeAsync, GrabModeAsync, None, invisible, CurrentTime) == GrabSuccess) - break; - usleep(1000); - } - if((running = running && (len > 0))) { - for(len = 1000; len; len--) { - if(XGrabKeyboard(dpy, lock->root, True, GrabModeAsync, GrabModeAsync, CurrentTime) - == GrabSuccess) - break; - usleep(1000); + wa.background_pixel = lock->colors[INIT]; + lock->win = XCreateWindow(dpy, lock->root, 0, 0, DisplayWidth(dpy, lock->screen), DisplayHeight(dpy, lock->screen), + 0, DefaultDepth(dpy, lock->screen), CopyFromParent, + DefaultVisual(dpy, lock->screen), CWOverrideRedirect | CWBackPixel, &wa); + lock->pmap = XCreateBitmapFromData(dpy, lock->win, curs, 8, 8); + invisible = XCreatePixmapCursor(dpy, lock->pmap, lock->pmap, &color, &color, 0, 0); + XDefineCursor(dpy, lock->win, invisible); + + /* Try to grab mouse pointer *and* keyboard for 600ms, else fail the lock */ + for (i = 0, ptgrab = kbgrab = -1; i < 6; i++) { + if (ptgrab != GrabSuccess) { + ptgrab = XGrabPointer(dpy, lock->root, False, + ButtonPressMask | ButtonReleaseMask | + PointerMotionMask, GrabModeAsync, + GrabModeAsync, None, invisible, CurrentTime); } - running = (len > 0); - } + if (kbgrab != GrabSuccess) { + kbgrab = XGrabKeyboard(dpy, lock->root, True, + GrabModeAsync, GrabModeAsync, CurrentTime); + } + + /* input is grabbed: we can lock the screen */ + if (ptgrab == GrabSuccess && kbgrab == GrabSuccess) { + XMapRaised(dpy, lock->win); + if (rr->active) + XRRSelectInput(dpy, lock->win, RRScreenChangeNotifyMask); + + XSelectInput(dpy, lock->root, SubstructureNotifyMask); + return lock; + } + + /* retry on AlreadyGrabbed but fail on other errors */ + if ((ptgrab != AlreadyGrabbed && ptgrab != GrabSuccess) || + (kbgrab != AlreadyGrabbed && kbgrab != GrabSuccess)) + break; - if (!running) { - unlockscreen(dpy, lock); - lock = NULL; + usleep(100000); } - return lock; + /* we couldn't grab all input: fail out */ + if (ptgrab != GrabSuccess) + fprintf(stderr, "slock: unable to grab mouse pointer for screen %d\n", screen); + if (kbgrab != GrabSuccess) + fprintf(stderr, "slock: unable to grab keyboard for screen %d\n", screen); + return NULL; } static void -usage(void) { - fprintf(stderr, "usage: %s -v", __progname); - exit(EXIT_FAILURE); -} - -static int -xerrordummy(Display *dpy, XErrorEvent *ee) { - return 0; +usage(void) +{ + die("usage: slock [-v] [cmd [arg ...]]\n"); } int main(int argc, char **argv) { -#ifndef HAVE_BSD_AUTH - const char *pws; -#endif + struct xrandr rr; + struct lock **locks; + struct passwd *pwd; + struct group *grp; + uid_t duid; + gid_t dgid; + const char *hash; Display *dpy; - int nscreens, screen; + int s, nlocks, nscreens; - struct st_lock **locks; - - if((argc == 2) && !strcmp("-v", argv[1])) - die("slock-%s, © 2006-2012 Anselm R Garbe", VERSION); - else if(argc != 1) + ARGBEGIN { + case 'v': + fprintf(stderr, "slock-"VERSION"\n"); + return 0; + default: usage(); - - if(!getpwuid(getuid())) - die("no passwd entry for you"); - -#ifndef HAVE_BSD_AUTH - pws = getpw(); + } ARGEND + + /* validate drop-user and -group */ + errno = 0; + if (!(pwd = getpwnam(user))) + die("slock: getpwnam %s: %s\n", user, errno ? + strerror(errno) : "user entry not found"); + duid = pwd->pw_uid; + errno = 0; + if (!(grp = getgrnam(group))) + die("slock: getgrnam %s: %s\n", group, errno ? + strerror(errno) : "group entry not found"); + dgid = grp->gr_gid; + +#ifdef __linux__ + dontkillme(); #endif - if(!(dpy = XOpenDisplay(0))) - die("cannot open display"); - /* prevent default error handler to take over */ - XSetErrorHandler(xerrordummy); - /* Get the number of screens in display "dpy" and blank them all. */ - nscreens = ScreenCount(dpy); - locks = malloc(sizeof(struct st_lock *) * nscreens); - if (locks == NULL) - die("malloc: %s", strerror(errno)); - - for (screen = 0; screen < nscreens; screen++) - locks[screen] = lockscreen(dpy, screen); + hash = gethash(); + if (strlen(hash) < 2) + die("slock: failed to get user password hash.\n"); - XSync(dpy, False); + if (!(dpy = XOpenDisplay(NULL))) + die("slock: cannot open display\n"); - /* Everything is now blank. Now wait for the correct password. */ -#ifdef HAVE_BSD_AUTH - readpw(dpy); -#else - readpw(dpy, pws); -#endif + /* drop privileges */ + if (setgroups(0, NULL) < 0) + die("slock: setgroups: %s\n", strerror(errno)); + if (setgid(dgid) < 0) + die("slock: setgid: %s\n", strerror(errno)); + if (setuid(duid) < 0) + die("slock: setuid: %s\n", strerror(errno)); - /* Password ok, unlock everything and quit. */ - for (screen = 0; screen < nscreens; screen++) - unlockscreen(dpy, locks[screen]); + /* check for Xrandr support */ + rr.active = XRRQueryExtension(dpy, &rr.evbase, &rr.errbase); - free(locks); + /* get number of screens in display "dpy" and blank them */ + nscreens = ScreenCount(dpy); + if (!(locks = calloc(nscreens, sizeof(struct lock *)))) + die("slock: out of memory\n"); + for (nlocks = 0, s = 0; s < nscreens; s++) { + if ((locks[s] = lockscreen(dpy, &rr, s)) != NULL) + nlocks++; + else + break; + } + XSync(dpy, 0); + + /* did we manage to lock everything? */ + if (nlocks != nscreens) + return 1; + + /* run post-lock command */ + if (argc > 0) { + switch (fork()) { + case -1: + die("slock: fork failed: %s\n", strerror(errno)); + case 0: + if (close(ConnectionNumber(dpy)) < 0) + die("slock: close: %s\n", strerror(errno)); + execvp(argv[0], argv); + fprintf(stderr, "slock: execvp %s: %s\n", argv[0], + strerror(errno)); + _exit(1); + } + } - XCloseDisplay(dpy); + /* everything is now blank. Wait for the correct password */ + readpw(dpy, &rr, locks, nscreens, hash); return 0; }