Xinqi Bao's Git
projects
/
slock.git
/ blobdiff
summary
|
log
|
commit
|
diff
|
tree
raw
|
inline
| side by side
clear passwords with explicit_bzero
[slock.git]
/
slock.c
diff --git
a/slock.c
b/slock.c
index
4531f95
..
a00fbb9
100644
(file)
--- a/
slock.c
+++ b/
slock.c
@@
-23,6
+23,8
@@
#include <bsd_auth.h>
#endif
#include <bsd_auth.h>
#endif
+#include "util.h"
+
enum {
INIT,
INPUT,
enum {
INIT,
INPUT,
@@
-52,6
+54,7
@@
die(const char *errstr, ...)
{
va_list ap;
{
va_list ap;
+ fputs("slock: ", stderr);
va_start(ap, errstr);
vfprintf(stderr, errstr, ap);
va_end(ap);
va_start(ap, errstr);
vfprintf(stderr, errstr, ap);
va_end(ap);
@@
-88,9
+91,9
@@
getpw(void)
errno = 0;
if (!(pw = getpwuid(getuid()))) {
if (errno)
errno = 0;
if (!(pw = getpwuid(getuid()))) {
if (errno)
- die("
slock:
getpwuid: %s\n", strerror(errno));
+ die("getpwuid: %s\n", strerror(errno));
else
else
- die("
slock:
cannot retrieve password entry\n");
+ die("cannot retrieve password entry\n");
}
rval = pw->pw_passwd;
}
rval = pw->pw_passwd;
@@
-98,7
+101,7
@@
getpw(void)
if (rval[0] == 'x' && rval[1] == '\0') {
struct spwd *sp;
if (!(sp = getspnam(getenv("USER"))))
if (rval[0] == 'x' && rval[1] == '\0') {
struct spwd *sp;
if (!(sp = getspnam(getenv("USER"))))
- die("
slock:
cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
+ die("cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
rval = sp->sp_pwdp;
}
#endif
rval = sp->sp_pwdp;
}
#endif
@@
-106,7
+109,7
@@
getpw(void)
/* drop privileges */
if (geteuid() == 0 &&
((getegid() != pw->pw_gid && setgid(pw->pw_gid) < 0) || setuid(pw->pw_uid) < 0))
/* drop privileges */
if (geteuid() == 0 &&
((getegid() != pw->pw_gid && setgid(pw->pw_gid) < 0) || setuid(pw->pw_uid) < 0))
- die("
slock:
cannot drop privileges\n");
+ die("cannot drop privileges\n");
return rval;
}
#endif
return rval;
}
#endif
@@
-134,7
+137,7
@@
readpw(Display *dpy, const char *pws)
* timeout. */
while (running && !XNextEvent(dpy, &ev)) {
if (ev.type == KeyPress) {
* timeout. */
while (running && !XNextEvent(dpy, &ev)) {
if (ev.type == KeyPress) {
-
buf[0] = 0
;
+
explicit_bzero(&buf, sizeof(buf))
;
num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
if (IsKeypadKey(ksym)) {
if (ksym == XK_KP_Enter)
num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
if (IsKeypadKey(ksym)) {
if (ksym == XK_KP_Enter)
@@
-160,14
+163,16
@@
readpw(Display *dpy, const char *pws)
XBell(dpy, 100);
failure = True;
}
XBell(dpy, 100);
failure = True;
}
+ explicit_bzero(&passwd, sizeof(passwd));
len = 0;
break;
case XK_Escape:
len = 0;
break;
case XK_Escape:
+ explicit_bzero(&passwd, sizeof(passwd));
len = 0;
break;
case XK_BackSpace:
if (len)
len = 0;
break;
case XK_BackSpace:
if (len)
-
--len
;
+
passwd[len--] = 0
;
break;
default:
if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) {
break;
default:
if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) {
@@
-272,33
+277,46
@@
lockscreen(Display *dpy, int screen)
return NULL;
}
return NULL;
}
-int
-
main(int argc, char **argv
)
+static void
+
usage(void
)
{
{
+ fprintf(stderr, "usage: slock [-v|POST_LOCK_CMD]\n");
+ exit(1);
+}
+
+int
+main(int argc, char **argv) {
#ifndef HAVE_BSD_AUTH
const char *pws;
#endif
Display *dpy;
int screen;
#ifndef HAVE_BSD_AUTH
const char *pws;
#endif
Display *dpy;
int screen;
+ if ((argc >= 2) && !strcmp("-v", argv[1]))
+ die("version %s, © 2006-2016 slock engineers\n", VERSION);
+
+ /* treat first argument starting with a '-' as option */
+ if ((argc >= 2) && argv[1][0] == '-')
+ usage();
+
#ifdef __linux__
dontkillme();
#endif
if (!getpwuid(getuid()))
#ifdef __linux__
dontkillme();
#endif
if (!getpwuid(getuid()))
- die("
slock:
no passwd entry for you\n");
+ die("no passwd entry for you\n");
#ifndef HAVE_BSD_AUTH
pws = getpw();
#endif
if (!(dpy = XOpenDisplay(0)))
#ifndef HAVE_BSD_AUTH
pws = getpw();
#endif
if (!(dpy = XOpenDisplay(0)))
- die("
slock:
cannot open display\n");
+ die("cannot open display\n");
rr = XRRQueryExtension(dpy, &rrevbase, &rrerrbase);
/* Get the number of screens in display "dpy" and blank them all. */
nscreens = ScreenCount(dpy);
if (!(locks = malloc(sizeof(Lock*) * nscreens)))
rr = XRRQueryExtension(dpy, &rrevbase, &rrerrbase);
/* Get the number of screens in display "dpy" and blank them all. */
nscreens = ScreenCount(dpy);
if (!(locks = malloc(sizeof(Lock*) * nscreens)))
- die("
slock: malloc: %s\n", strerror(errno)
);
+ die("
Out of memory.\n"
);
int nlocks = 0;
for (screen = 0; screen < nscreens; screen++) {
if ((locks[screen] = lockscreen(dpy, screen)) != NULL)
int nlocks = 0;
for (screen = 0; screen < nscreens; screen++) {
if ((locks[screen] = lockscreen(dpy, screen)) != NULL)
@@
-317,7
+335,7
@@
main(int argc, char **argv)
if (dpy)
close(ConnectionNumber(dpy));
execvp(argv[1], argv+1);
if (dpy)
close(ConnectionNumber(dpy));
execvp(argv[1], argv+1);
- die("
slock:
execvp %s failed: %s\n", argv[1], strerror(errno));
+ die("execvp %s failed: %s\n", argv[1], strerror(errno));
}
/* Everything is now blank. Now wait for the correct password. */
}
/* Everything is now blank. Now wait for the correct password. */