Xinqi Bao's Git

projects / slock.git / blob
summary | log | commit | diff | tree
history | raw | HEAD
clear passwords with explicit_bzero
[slock.git] / slock.c
1 /* See LICENSE file for license details. */
2 #define _XOPEN_SOURCE 500
3 #if HAVE_SHADOW_H
4 #include <shadow.h>
5 #endif
6
7 #include <ctype.h>
8 #include <errno.h>
9 #include <pwd.h>
10 #include <stdarg.h>
11 #include <stdlib.h>
12 #include <stdio.h>
13 #include <string.h>
14 #include <unistd.h>
15 #include <sys/types.h>
16 #include <X11/extensions/Xrandr.h>
17 #include <X11/keysym.h>
18 #include <X11/Xlib.h>
19 #include <X11/Xutil.h>
20
21 #if HAVE_BSD_AUTH
22 #include <login_cap.h>
23 #include <bsd_auth.h>
24 #endif
25
26 #include "util.h"
27
28 enum {
29 INIT,
30 INPUT,
31 FAILED,
32 NUMCOLS
33 };
34
35 #include "config.h"
36
37 typedef struct {
38 int screen;
39 Window root, win;
40 Pixmap pmap;
41 unsigned long colors[NUMCOLS];
42 } Lock;
43
44 static Lock **locks;
45 static int nscreens;
46 static Bool running = True;
47 static Bool failure = False;
48 static Bool rr;
49 static int rrevbase;
50 static int rrerrbase;
51
52 static void
53 die(const char *errstr, ...)
54 {
55 va_list ap;
56
57 fputs("slock: ", stderr);
58 va_start(ap, errstr);
59 vfprintf(stderr, errstr, ap);
60 va_end(ap);
61 exit(1);
62 }
63
64 #ifdef __linux__
65 #include <fcntl.h>
66
67 static void
68 dontkillme(void)
69 {
70 int fd;
71
72 fd = open("/proc/self/oom_score_adj", O_WRONLY);
73 if (fd < 0 && errno == ENOENT) {
74 return;
75 }
76 if (fd < 0 || write(fd, "-1000\n", (sizeof("-1000\n") - 1)) !=
77 (sizeof("-1000\n") - 1) || close(fd) != 0) {
78 die("can't tame the oom-killer. is suid or sgid set?\n");
79 }
80 }
81 #endif
82
83 #ifndef HAVE_BSD_AUTH
84 /* only run as root */
85 static const char *
86 getpw(void)
87 {
88 const char *rval;
89 struct passwd *pw;
90
91 errno = 0;
92 if (!(pw = getpwuid(getuid()))) {
93 if (errno)
94 die("getpwuid: %s\n", strerror(errno));
95 else
96 die("cannot retrieve password entry\n");
97 }
98 rval = pw->pw_passwd;
99
100 #if HAVE_SHADOW_H
101 if (rval[0] == 'x' && rval[1] == '\0') {
102 struct spwd *sp;
103 if (!(sp = getspnam(getenv("USER"))))
104 die("cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
105 rval = sp->sp_pwdp;
106 }
107 #endif
108
109 /* drop privileges */
110 if (geteuid() == 0 &&
111 ((getegid() != pw->pw_gid && setgid(pw->pw_gid) < 0) || setuid(pw->pw_uid) < 0))
112 die("cannot drop privileges\n");
113 return rval;
114 }
115 #endif
116
117 static void
118 #ifdef HAVE_BSD_AUTH
119 readpw(Display *dpy)
120 #else
121 readpw(Display *dpy, const char *pws)
122 #endif
123 {
124 char buf[32], passwd[256];
125 int num, screen;
126 unsigned int len, color;
127 KeySym ksym;
128 XEvent ev;
129 static int oldc = INIT;
130
131 len = 0;
132 running = True;
133
134 /* As "slock" stands for "Simple X display locker", the DPMS settings
135 * had been removed and you can set it with "xset" or some other
136 * utility. This way the user can easily set a customized DPMS
137 * timeout. */
138 while (running && !XNextEvent(dpy, &ev)) {
139 if (ev.type == KeyPress) {
140 explicit_bzero(&buf, sizeof(buf));
141 num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
142 if (IsKeypadKey(ksym)) {
143 if (ksym == XK_KP_Enter)
144 ksym = XK_Return;
145 else if (ksym >= XK_KP_0 && ksym <= XK_KP_9)
146 ksym = (ksym - XK_KP_0) + XK_0;
147 }
148 if (IsFunctionKey(ksym) ||
149 IsKeypadKey(ksym) ||
150 IsMiscFunctionKey(ksym) ||
151 IsPFKey(ksym) ||
152 IsPrivateKeypadKey(ksym))
153 continue;
154 switch (ksym) {
155 case XK_Return:
156 passwd[len] = 0;
157 #ifdef HAVE_BSD_AUTH
158 running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd);
159 #else
160 running = !!strcmp(crypt(passwd, pws), pws);
161 #endif
162 if (running) {
163 XBell(dpy, 100);
164 failure = True;
165 }
166 explicit_bzero(&passwd, sizeof(passwd));
167 len = 0;
168 break;
169 case XK_Escape:
170 explicit_bzero(&passwd, sizeof(passwd));
171 len = 0;
172 break;
173 case XK_BackSpace:
174 if (len)
175 passwd[len--] = 0;
176 break;
177 default:
178 if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) {
179 memcpy(passwd + len, buf, num);
180 len += num;
181 }
182 break;
183 }
184 color = len ? INPUT : (failure || failonclear ? FAILED : INIT);
185 if (running && oldc != color) {
186 for (screen = 0; screen < nscreens; screen++) {
187 XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[color]);
188 XClearWindow(dpy, locks[screen]->win);
189 }
190 oldc = color;
191 }
192 } else if (rr && ev.type == rrevbase + RRScreenChangeNotify) {
193 XRRScreenChangeNotifyEvent *rre = (XRRScreenChangeNotifyEvent*)&ev;
194 for (screen = 0; screen < nscreens; screen++) {
195 if (locks[screen]->win == rre->window) {
196 XResizeWindow(dpy, locks[screen]->win, rre->width, rre->height);
197 XClearWindow(dpy, locks[screen]->win);
198 }
199 }
200 } else for (screen = 0; screen < nscreens; screen++)
201 XRaiseWindow(dpy, locks[screen]->win);
202 }
203 }
204
205 static void
206 unlockscreen(Display *dpy, Lock *lock)
207 {
208 if(dpy == NULL || lock == NULL)
209 return;
210
211 XUngrabPointer(dpy, CurrentTime);
212 XFreeColors(dpy, DefaultColormap(dpy, lock->screen), lock->colors, NUMCOLS, 0);
213 XFreePixmap(dpy, lock->pmap);
214 XDestroyWindow(dpy, lock->win);
215
216 free(lock);
217 }
218
219 static Lock *
220 lockscreen(Display *dpy, int screen)
221 {
222 char curs[] = {0, 0, 0, 0, 0, 0, 0, 0};
223 unsigned int len;
224 int i;
225 Lock *lock;
226 XColor color, dummy;
227 XSetWindowAttributes wa;
228 Cursor invisible;
229
230 if (!running || dpy == NULL || screen < 0 || !(lock = malloc(sizeof(Lock))))
231 return NULL;
232
233 lock->screen = screen;
234 lock->root = RootWindow(dpy, lock->screen);
235
236 for (i = 0; i < NUMCOLS; i++) {
237 XAllocNamedColor(dpy, DefaultColormap(dpy, lock->screen), colorname[i], &color, &dummy);
238 lock->colors[i] = color.pixel;
239 }
240
241 /* init */
242 wa.override_redirect = 1;
243 wa.background_pixel = lock->colors[INIT];
244 lock->win = XCreateWindow(dpy, lock->root, 0, 0, DisplayWidth(dpy, lock->screen), DisplayHeight(dpy, lock->screen),
245 0, DefaultDepth(dpy, lock->screen), CopyFromParent,
246 DefaultVisual(dpy, lock->screen), CWOverrideRedirect | CWBackPixel, &wa);
247 lock->pmap = XCreateBitmapFromData(dpy, lock->win, curs, 8, 8);
248 invisible = XCreatePixmapCursor(dpy, lock->pmap, lock->pmap, &color, &color, 0, 0);
249 XDefineCursor(dpy, lock->win, invisible);
250 XMapRaised(dpy, lock->win);
251 if (rr)
252 XRRSelectInput(dpy, lock->win, RRScreenChangeNotifyMask);
253
254 /* Try to grab mouse pointer *and* keyboard, else fail the lock */
255 for (len = 1000; len; len--) {
256 if (XGrabPointer(dpy, lock->root, False, ButtonPressMask | ButtonReleaseMask | PointerMotionMask,
257 GrabModeAsync, GrabModeAsync, None, invisible, CurrentTime) == GrabSuccess)
258 break;
259 usleep(1000);
260 }
261 if (!len) {
262 fprintf(stderr, "slock: unable to grab mouse pointer for screen %d\n", screen);
263 } else {
264 for (len = 1000; len; len--) {
265 if (XGrabKeyboard(dpy, lock->root, True, GrabModeAsync, GrabModeAsync, CurrentTime) == GrabSuccess) {
266 /* everything fine, we grabbed both inputs */
267 XSelectInput(dpy, lock->root, SubstructureNotifyMask);
268 return lock;
269 }
270 usleep(1000);
271 }
272 fprintf(stderr, "slock: unable to grab keyboard for screen %d\n", screen);
273 }
274 /* grabbing one of the inputs failed */
275 running = 0;
276 unlockscreen(dpy, lock);
277 return NULL;
278 }
279
280 static void
281 usage(void)
282 {
283 fprintf(stderr, "usage: slock [-v|POST_LOCK_CMD]\n");
284 exit(1);
285 }
286
287 int
288 main(int argc, char **argv) {
289 #ifndef HAVE_BSD_AUTH
290 const char *pws;
291 #endif
292 Display *dpy;
293 int screen;
294
295 if ((argc >= 2) && !strcmp("-v", argv[1]))
296 die("version %s, © 2006-2016 slock engineers\n", VERSION);
297
298 /* treat first argument starting with a '-' as option */
299 if ((argc >= 2) && argv[1][0] == '-')
300 usage();
301
302 #ifdef __linux__
303 dontkillme();
304 #endif
305
306 if (!getpwuid(getuid()))
307 die("no passwd entry for you\n");
308
309 #ifndef HAVE_BSD_AUTH
310 pws = getpw();
311 #endif
312
313 if (!(dpy = XOpenDisplay(0)))
314 die("cannot open display\n");
315 rr = XRRQueryExtension(dpy, &rrevbase, &rrerrbase);
316 /* Get the number of screens in display "dpy" and blank them all. */
317 nscreens = ScreenCount(dpy);
318 if (!(locks = malloc(sizeof(Lock*) * nscreens)))
319 die("Out of memory.\n");
320 int nlocks = 0;
321 for (screen = 0; screen < nscreens; screen++) {
322 if ((locks[screen] = lockscreen(dpy, screen)) != NULL)
323 nlocks++;
324 }
325 XSync(dpy, False);
326
327 /* Did we actually manage to lock something? */
328 if (nlocks == 0) { /* nothing to protect */
329 free(locks);
330 XCloseDisplay(dpy);
331 return 1;
332 }
333
334 if (argc >= 2 && fork() == 0) {
335 if (dpy)
336 close(ConnectionNumber(dpy));
337 execvp(argv[1], argv+1);
338 die("execvp %s failed: %s\n", argv[1], strerror(errno));
339 }
340
341 /* Everything is now blank. Now wait for the correct password. */
342 #ifdef HAVE_BSD_AUTH
343 readpw(dpy);
344 #else
345 readpw(dpy, pws);
346 #endif
347
348 /* Password ok, unlock everything and quit. */
349 for (screen = 0; screen < nscreens; screen++)
350 unlockscreen(dpy, locks[screen]);
351
352 free(locks);
353 XCloseDisplay(dpy);
354
355 return 0;
356 }