Xinqi Bao's Git

projects / slock.git / blobdiff
summary | log | commit | diff | tree
raw | inline | side by side
clear passwords with explicit_bzero
[slock.git] / slock.c
diff --git a/slock.c b/slock.c
index 6be8f22..a00fbb9 100644 (file)
--- a/slock.c
+++ b/slock.c
@@ -23,6 +23,8 @@
 #include <bsd_auth.h>
 #endif
 
+#include "util.h"
+
 enum {
        INIT,
        INPUT,
@@ -52,6 +54,7 @@ die(const char *errstr, ...)
 {
        va_list ap;
 
+       fputs("slock: ", stderr);
        va_start(ap, errstr);
        vfprintf(stderr, errstr, ap);
        va_end(ap);
@@ -60,28 +63,20 @@ die(const char *errstr, ...)
 
 #ifdef __linux__
 #include <fcntl.h>
-#include <linux/oom.h>
 
 static void
 dontkillme(void)
 {
        int fd;
-       int length;
-       char value[64];
 
        fd = open("/proc/self/oom_score_adj", O_WRONLY);
-       if (fd < 0 && errno == ENOENT)
+       if (fd < 0 && errno == ENOENT) {
                return;
-
-       /* convert OOM_SCORE_ADJ_MIN to string for writing */
-       length = snprintf(value, sizeof(value), "%d\n", OOM_SCORE_ADJ_MIN);
-
-       /* bail on truncation */
-       if (length >= sizeof(value))
-               die("buffer too small\n");
-
-       if (fd < 0 || write(fd, value, length) != length || close(fd) != 0)
-               die("cannot disable the out-of-memory killer for this process\n");
+       }
+       if (fd < 0 || write(fd, "-1000\n", (sizeof("-1000\n") - 1)) !=
+           (sizeof("-1000\n") - 1) || close(fd) != 0) {
+               die("can't tame the oom-killer. is suid or sgid set?\n");
+       }
 }
 #endif
 
@@ -94,21 +89,19 @@ getpw(void)
        struct passwd *pw;
 
        errno = 0;
-       pw = getpwuid(getuid());
-       if (!pw) {
+       if (!(pw = getpwuid(getuid()))) {
                if (errno)
-                       die("slock: getpwuid: %s\n", strerror(errno));
+                       die("getpwuid: %s\n", strerror(errno));
                else
-                       die("slock: cannot retrieve password entry\n");
+                       die("cannot retrieve password entry\n");
        }
-       rval =  pw->pw_passwd;
+       rval = pw->pw_passwd;
 
 #if HAVE_SHADOW_H
        if (rval[0] == 'x' && rval[1] == '\0') {
                struct spwd *sp;
-               sp = getspnam(getenv("USER"));
-               if (!sp)
-                       die("slock: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
+               if (!(sp = getspnam(getenv("USER"))))
+                       die("cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
                rval = sp->sp_pwdp;
        }
 #endif
@@ -116,7 +109,7 @@ getpw(void)
        /* drop privileges */
        if (geteuid() == 0 &&
            ((getegid() != pw->pw_gid && setgid(pw->pw_gid) < 0) || setuid(pw->pw_uid) < 0))
-               die("slock: cannot drop privileges\n");
+               die("cannot drop privileges\n");
        return rval;
 }
 #endif
@@ -144,7 +137,7 @@ readpw(Display *dpy, const char *pws)
         * timeout. */
        while (running && !XNextEvent(dpy, &ev)) {
                if (ev.type == KeyPress) {
-                       buf[0] = 0;
+                       explicit_bzero(&buf, sizeof(buf));
                        num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
                        if (IsKeypadKey(ksym)) {
                                if (ksym == XK_KP_Enter)
@@ -170,17 +163,19 @@ readpw(Display *dpy, const char *pws)
                                        XBell(dpy, 100);
                                        failure = True;
                                }
+                               explicit_bzero(&passwd, sizeof(passwd));
                                len = 0;
                                break;
                        case XK_Escape:
+                               explicit_bzero(&passwd, sizeof(passwd));
                                len = 0;
                                break;
                        case XK_BackSpace:
                                if (len)
-                                       --len;
+                                       passwd[len--] = 0;
                                break;
                        default:
-                               if (num && !iscntrl((int) buf[0]) && (len + num < sizeof(passwd))) {
+                               if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) {
                                        memcpy(passwd + len, buf, num);
                                        len += num;
                                }
@@ -232,15 +227,10 @@ lockscreen(Display *dpy, int screen)
        XSetWindowAttributes wa;
        Cursor invisible;
 
-       if (dpy == NULL || screen < 0)
-               return NULL;
-
-       lock = malloc(sizeof(Lock));
-       if (lock == NULL)
+       if (!running || dpy == NULL || screen < 0 || !(lock = malloc(sizeof(Lock))))
                return NULL;
 
        lock->screen = screen;
-
        lock->root = RootWindow(dpy, lock->screen);
 
        for (i = 0; i < NUMCOLS; i++) {
@@ -260,36 +250,37 @@ lockscreen(Display *dpy, int screen)
        XMapRaised(dpy, lock->win);
        if (rr)
                XRRSelectInput(dpy, lock->win, RRScreenChangeNotifyMask);
+
+       /* Try to grab mouse pointer *and* keyboard, else fail the lock */
        for (len = 1000; len; len--) {
                if (XGrabPointer(dpy, lock->root, False, ButtonPressMask | ButtonReleaseMask | PointerMotionMask,
                    GrabModeAsync, GrabModeAsync, None, invisible, CurrentTime) == GrabSuccess)
                        break;
                usleep(1000);
        }
-       if (running && (len > 0)) {
+       if (!len) {
+               fprintf(stderr, "slock: unable to grab mouse pointer for screen %d\n", screen);
+       } else {
                for (len = 1000; len; len--) {
-                       if (XGrabKeyboard(dpy, lock->root, True, GrabModeAsync, GrabModeAsync, CurrentTime) == GrabSuccess)
-                               break;
+                       if (XGrabKeyboard(dpy, lock->root, True, GrabModeAsync, GrabModeAsync, CurrentTime) == GrabSuccess) {
+                               /* everything fine, we grabbed both inputs */
+                               XSelectInput(dpy, lock->root, SubstructureNotifyMask);
+                               return lock;
+                       }
                        usleep(1000);
                }
+               fprintf(stderr, "slock: unable to grab keyboard for screen %d\n", screen);
        }
-
-       running &= (len > 0);
-       if (!running) {
-               unlockscreen(dpy, lock);
-               lock = NULL;
-       }
-       else {
-               XSelectInput(dpy, lock->root, SubstructureNotifyMask);
-       }
-
-       return lock;
+       /* grabbing one of the inputs failed */
+       running = 0;
+       unlockscreen(dpy, lock);
+       return NULL;
 }
 
 static void
 usage(void)
 {
-       fprintf(stderr, "usage: slock [-v]\n");
+       fprintf(stderr, "usage: slock [-v|POST_LOCK_CMD]\n");
        exit(1);
 }
 
@@ -301,9 +292,11 @@ main(int argc, char **argv) {
        Display *dpy;
        int screen;
 
-       if ((argc == 2) && !strcmp("-v", argv[1]))
-               die("slock-%s, © 2006-2015 slock engineers\n", VERSION);
-       else if (argc != 1)
+       if ((argc >= 2) && !strcmp("-v", argv[1]))
+               die("version %s, © 2006-2016 slock engineers\n", VERSION);
+
+       /* treat first argument starting with a '-' as option */
+       if ((argc >= 2) && argv[1][0] == '-')
                usage();
 
 #ifdef __linux__
@@ -311,23 +304,22 @@ main(int argc, char **argv) {
 #endif
 
        if (!getpwuid(getuid()))
-               die("slock: no passwd entry for you\n");
+               die("no passwd entry for you\n");
 
 #ifndef HAVE_BSD_AUTH
        pws = getpw();
 #endif
 
        if (!(dpy = XOpenDisplay(0)))
-               die("slock: cannot open display\n");
+               die("cannot open display\n");
        rr = XRRQueryExtension(dpy, &rrevbase, &rrerrbase);
        /* Get the number of screens in display "dpy" and blank them all. */
        nscreens = ScreenCount(dpy);
-       locks = malloc(sizeof(Lock *) * nscreens);
-       if (locks == NULL)
-               die("slock: malloc: %s\n", strerror(errno));
+       if (!(locks = malloc(sizeof(Lock*) * nscreens)))
+               die("Out of memory.\n");
        int nlocks = 0;
        for (screen = 0; screen < nscreens; screen++) {
-               if ( (locks[screen] = lockscreen(dpy, screen)) != NULL)
+               if ((locks[screen] = lockscreen(dpy, screen)) != NULL)
                        nlocks++;
        }
        XSync(dpy, False);
@@ -339,6 +331,13 @@ main(int argc, char **argv) {
                return 1;
        }
 
+       if (argc >= 2 && fork() == 0) {
+               if (dpy)
+                       close(ConnectionNumber(dpy));
+               execvp(argv[1], argv+1);
+               die("execvp %s failed: %s\n", argv[1], strerror(errno));
+       }
+
        /* Everything is now blank. Now wait for the correct password. */
 #ifdef HAVE_BSD_AUTH
        readpw(dpy);