slock/slock.c
Markus Teich b87bfa2343 Update bsd-auth string.
Thanks to Hiltjo for discovering this.
2016-08-31 00:56:13 +02:00

376 lines
8.4 KiB
C

/* See LICENSE file for license details. */
#define _XOPEN_SOURCE 500
#if HAVE_SHADOW_H
#include <shadow.h>
#endif
#include <ctype.h>
#include <errno.h>
#include <pwd.h>
#include <stdarg.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <X11/extensions/Xrandr.h>
#include <X11/keysym.h>
#include <X11/Xlib.h>
#include <X11/Xutil.h>
#if HAVE_BSD_AUTH
#include <login_cap.h>
#include <bsd_auth.h>
#endif
#include "arg.h"
#include "util.h"
char *argv0;
enum {
INIT,
INPUT,
FAILED,
NUMCOLS
};
#include "config.h"
typedef struct {
int screen;
Window root, win;
Pixmap pmap;
unsigned long colors[NUMCOLS];
} Lock;
static Lock **locks;
static int nscreens;
static Bool running = True;
static Bool failure = False;
static Bool rr;
static int rrevbase;
static int rrerrbase;
static void
die(const char *errstr, ...)
{
va_list ap;
va_start(ap, errstr);
vfprintf(stderr, errstr, ap);
va_end(ap);
exit(1);
}
#ifdef __linux__
#include <fcntl.h>
static void
dontkillme(void)
{
int fd;
fd = open("/proc/self/oom_score_adj", O_WRONLY);
if (fd < 0 && errno == ENOENT) {
return;
}
if (fd < 0 || write(fd, "-1000\n", (sizeof("-1000\n") - 1)) !=
(sizeof("-1000\n") - 1) || close(fd) != 0) {
die("can't tame the oom-killer. is suid or sgid set?\n");
}
}
#endif
#ifndef HAVE_BSD_AUTH
/* only run as root */
static const char *
getpw(void)
{
const char *rval;
struct passwd *pw;
errno = 0;
if (!(pw = getpwuid(getuid()))) {
if (errno)
die("getpwuid: %s\n", strerror(errno));
else
die("cannot retrieve password entry\n");
}
rval = pw->pw_passwd;
#if HAVE_SHADOW_H
if (rval[0] == 'x' && rval[1] == '\0') {
struct spwd *sp;
if (!(sp = getspnam(getenv("USER"))))
die("cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
rval = sp->sp_pwdp;
}
#endif
/* drop privileges */
if (geteuid() == 0 &&
((getegid() != pw->pw_gid && setgid(pw->pw_gid) < 0) || setuid(pw->pw_uid) < 0))
die("cannot drop privileges\n");
return rval;
}
#endif
static void
#ifdef HAVE_BSD_AUTH
readpw(Display *dpy)
#else
readpw(Display *dpy, const char *pws)
#endif
{
char buf[32], passwd[256];
int num, screen;
unsigned int len, color;
KeySym ksym;
XEvent ev;
static int oldc = INIT;
len = 0;
running = True;
/* As "slock" stands for "Simple X display locker", the DPMS settings
* had been removed and you can set it with "xset" or some other
* utility. This way the user can easily set a customized DPMS
* timeout. */
while (running && !XNextEvent(dpy, &ev)) {
if (ev.type == KeyPress) {
explicit_bzero(&buf, sizeof(buf));
num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
if (IsKeypadKey(ksym)) {
if (ksym == XK_KP_Enter)
ksym = XK_Return;
else if (ksym >= XK_KP_0 && ksym <= XK_KP_9)
ksym = (ksym - XK_KP_0) + XK_0;
}
if (IsFunctionKey(ksym) ||
IsKeypadKey(ksym) ||
IsMiscFunctionKey(ksym) ||
IsPFKey(ksym) ||
IsPrivateKeypadKey(ksym))
continue;
switch (ksym) {
case XK_Return:
passwd[len] = 0;
#ifdef HAVE_BSD_AUTH
running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
#else
running = !!strcmp(crypt(passwd, pws), pws);
#endif
if (running) {
XBell(dpy, 100);
failure = True;
}
explicit_bzero(&passwd, sizeof(passwd));
len = 0;
break;
case XK_Escape:
explicit_bzero(&passwd, sizeof(passwd));
len = 0;
break;
case XK_BackSpace:
if (len)
passwd[len--] = 0;
break;
default:
if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) {
memcpy(passwd + len, buf, num);
len += num;
}
break;
}
color = len ? INPUT : (failure || failonclear ? FAILED : INIT);
if (running && oldc != color) {
for (screen = 0; screen < nscreens; screen++) {
XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[color]);
XClearWindow(dpy, locks[screen]->win);
}
oldc = color;
}
} else if (rr && ev.type == rrevbase + RRScreenChangeNotify) {
XRRScreenChangeNotifyEvent *rre = (XRRScreenChangeNotifyEvent*)&ev;
for (screen = 0; screen < nscreens; screen++) {
if (locks[screen]->win == rre->window) {
XResizeWindow(dpy, locks[screen]->win, rre->width, rre->height);
XClearWindow(dpy, locks[screen]->win);
}
}
} else for (screen = 0; screen < nscreens; screen++)
XRaiseWindow(dpy, locks[screen]->win);
}
}
static void
unlockscreen(Display *dpy, Lock *lock)
{
if(dpy == NULL || lock == NULL)
return;
XUngrabPointer(dpy, CurrentTime);
XFreeColors(dpy, DefaultColormap(dpy, lock->screen), lock->colors, NUMCOLS, 0);
XFreePixmap(dpy, lock->pmap);
XDestroyWindow(dpy, lock->win);
free(lock);
}
static Lock *
lockscreen(Display *dpy, int screen)
{
char curs[] = {0, 0, 0, 0, 0, 0, 0, 0};
int i;
Lock *lock;
XColor color, dummy;
XSetWindowAttributes wa;
Cursor invisible;
if (!running || dpy == NULL || screen < 0 || !(lock = malloc(sizeof(Lock))))
return NULL;
lock->screen = screen;
lock->root = RootWindow(dpy, lock->screen);
for (i = 0; i < NUMCOLS; i++) {
XAllocNamedColor(dpy, DefaultColormap(dpy, lock->screen), colorname[i], &color, &dummy);
lock->colors[i] = color.pixel;
}
/* init */
wa.override_redirect = 1;
wa.background_pixel = lock->colors[INIT];
lock->win = XCreateWindow(dpy, lock->root, 0, 0, DisplayWidth(dpy, lock->screen), DisplayHeight(dpy, lock->screen),
0, DefaultDepth(dpy, lock->screen), CopyFromParent,
DefaultVisual(dpy, lock->screen), CWOverrideRedirect | CWBackPixel, &wa);
lock->pmap = XCreateBitmapFromData(dpy, lock->win, curs, 8, 8);
invisible = XCreatePixmapCursor(dpy, lock->pmap, lock->pmap, &color, &color, 0, 0);
XDefineCursor(dpy, lock->win, invisible);
/* Try to grab mouse pointer *and* keyboard, else fail the lock */
if (XGrabPointer(dpy, lock->root, False, ButtonPressMask |
ButtonReleaseMask | PointerMotionMask, GrabModeAsync, GrabModeAsync,
None, invisible, CurrentTime) != GrabSuccess) {
fprintf(stderr, "slock: unable to grab mouse pointer for screen %d\n", screen);
running = 0;
unlockscreen(dpy, lock);
return NULL;
}
if (XGrabKeyboard(dpy, lock->root, True, GrabModeAsync, GrabModeAsync,
CurrentTime) != GrabSuccess) {
fprintf(stderr, "slock: unable to grab keyboard for screen %d\n", screen);
running = 0;
unlockscreen(dpy, lock);
return NULL;
}
XMapRaised(dpy, lock->win);
if (rr)
XRRSelectInput(dpy, lock->win, RRScreenChangeNotifyMask);
XSelectInput(dpy, lock->root, SubstructureNotifyMask);
return lock;
}
static void
usage(void)
{
die("usage: slock [-v | cmd [arg ...]]\n");
}
int
main(int argc, char **argv) {
#ifndef HAVE_BSD_AUTH
const char *pws;
#endif
Display *dpy;
int s, nlocks;
ARGBEGIN {
case 'v':
fprintf(stderr, "slock-"VERSION"\n");
return 0;
default:
usage();
} ARGEND
#ifdef __linux__
dontkillme();
#endif
/* Check if the current user has a password entry */
errno = 0;
if (!getpwuid(getuid())) {
if (errno == 0)
die("slock: no password entry for current user\n");
else
die("slock: getpwuid: %s\n", strerror(errno));
}
#ifndef HAVE_BSD_AUTH
pws = getpw();
#endif
if (!(dpy = XOpenDisplay(NULL)))
die("slock: cannot open display\n");
/* check for Xrandr support */
rr = XRRQueryExtension(dpy, &rrevbase, &rrerrbase);
/* get number of screens in display "dpy" and blank them */
nscreens = ScreenCount(dpy);
if (!(locks = malloc(sizeof(Lock *) * nscreens))) {
XCloseDisplay(dpy);
die("slock: out of memory\n");
}
for (nlocks = 0, s = 0; s < nscreens; s++) {
if ((locks[s] = lockscreen(dpy, s)) != NULL)
nlocks++;
}
XSync(dpy, 0);
/* did we actually manage to lock anything? */
if (nlocks == 0) {
/* nothing to protect */
free(locks);
XCloseDisplay(dpy);
return 1;
}
/* run post-lock command */
if (argc > 0) {
switch (fork()) {
case -1:
free(locks);
XCloseDisplay(dpy);
die("slock: fork failed: %s\n", strerror(errno));
case 0:
if (close(ConnectionNumber(dpy)) < 0)
die("slock: close: %s\n", strerror(errno));
execvp(argv[0], argv);
fprintf(stderr, "slock: execvp %s: %s\n", argv[0],
strerror(errno));
_exit(1);
}
}
/* everything is now blank. Wait for the correct password */
#ifdef HAVE_BSD_AUTH
readpw(dpy);
#else
readpw(dpy, pws);
#endif
/* password ok, unlock everything and quit */
for (s = 0; s < nscreens; s++)
unlockscreen(dpy, locks[s]);
free(locks);
XCloseDisplay(dpy);
return 0;
}