#endif
#include <ctype.h>
+#include <errno.h>
+#include <grp.h>
#include <pwd.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
+#include <X11/extensions/Xrandr.h>
#include <X11/keysym.h>
#include <X11/Xlib.h>
#include <X11/Xutil.h>
-#include <X11/extensions/dpms.h>
-#if HAVE_BSD_AUTH
-#include <login_cap.h>
-#include <bsd_auth.h>
-#endif
+#include "arg.h"
+#include "util.h"
+
+char *argv0;
+
+enum {
+ INIT,
+ INPUT,
+ FAILED,
+ NUMCOLS
+};
+
+struct lock {
+ int screen;
+ Window root, win;
+ Pixmap pmap;
+ unsigned long colors[NUMCOLS];
+};
+
+struct xrandr {
+ int active;
+ int evbase;
+ int errbase;
+};
+
+#include "config.h"
-void
-eprint(const char *errstr, ...) {
+static void
+die(const char *errstr, ...)
+{
va_list ap;
va_start(ap, errstr);
vfprintf(stderr, errstr, ap);
va_end(ap);
- exit(EXIT_FAILURE);
+ exit(1);
}
-#ifndef HAVE_BSD_AUTH
-const char *
-get_password() { /* only run as root */
- const char *rval;
+#ifdef __linux__
+#include <fcntl.h>
+#include <linux/oom.h>
+
+static void
+dontkillme(void)
+{
+ FILE *f;
+ const char oomfile[] = "/proc/self/oom_score_adj";
+
+ if (!(f = fopen(oomfile, "w"))) {
+ if (errno == ENOENT)
+ return;
+ die("slock: fopen %s: %s\n", oomfile, strerror(errno));
+ }
+ fprintf(f, "%d", OOM_SCORE_ADJ_MIN);
+ if (fclose(f)) {
+ if (errno == EACCES)
+ die("slock: unable to disable OOM killer. "
+ "Make sure to suid or sgid slock.\n");
+ else
+ die("slock: fclose %s: %s\n", oomfile, strerror(errno));
+ }
+}
+#endif
+
+static const char *
+gethash(void)
+{
+ const char *hash;
struct passwd *pw;
- if(geteuid() != 0)
- eprint("slock: cannot retrieve password entry (make sure to suid slock)\n");
- pw = getpwuid(getuid());
- endpwent();
- rval = pw->pw_passwd;
+ /* Check if the current user has a password entry */
+ errno = 0;
+ if (!(pw = getpwuid(getuid()))) {
+ if (errno)
+ die("slock: getpwuid: %s\n", strerror(errno));
+ else
+ die("slock: cannot retrieve password entry\n");
+ }
+ hash = pw->pw_passwd;
#if HAVE_SHADOW_H
- {
+ if (!strcmp(hash, "x")) {
struct spwd *sp;
- sp = getspnam(getenv("USER"));
- endspent();
- rval = sp->sp_pwdp;
+ if (!(sp = getspnam(pw->pw_name)))
+ die("slock: getspnam: cannot retrieve shadow entry. "
+ "Make sure to suid or sgid slock.\n");
+ hash = sp->sp_pwdp;
}
-#endif
+#else
+ if (!strcmp(hash, "*")) {
+#ifdef __OpenBSD__
+ if (!(pw = getpwuid_shadow(getuid())))
+ die("slock: getpwnam_shadow: cannot retrieve shadow entry. "
+ "Make sure to suid or sgid slock.\n");
+ hash = pw->pw_passwd;
+#else
+ die("slock: getpwuid: cannot retrieve shadow entry. "
+ "Make sure to suid or sgid slock.\n");
+#endif /* __OpenBSD__ */
+ }
+#endif /* HAVE_SHADOW_H */
- /* drop privileges */
- if(setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0)
- eprint("slock: cannot drop privileges\n");
- return rval;
+ return hash;
}
-#endif
-
-int
-main(int argc, char **argv) {
- char curs[] = {0, 0, 0, 0, 0, 0, 0, 0};
- char buf[32], passwd[256];
- int num, screen;
-#ifndef HAVE_BSD_AUTH
- const char *pws;
-#endif
- unsigned int len;
- Bool running = True;
- Cursor invisible;
- Display *dpy;
+static void
+readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens,
+ const char *hash)
+{
+ XRRScreenChangeNotifyEvent *rre;
+ char buf[32], passwd[256], *inputhash;
+ int num, screen, running, failure, oldc;
+ unsigned int len, color;
KeySym ksym;
- Pixmap pmap;
- Window root, w;
- XColor black, dummy;
XEvent ev;
- XSetWindowAttributes wa;
-
- if((argc == 2) && !strcmp("-v", argv[1]))
- eprint("slock-"VERSION", © 2006-2008 Anselm R Garbe\n");
- else if(argc != 1)
- eprint("usage: slock [-v]\n");
-#ifndef HAVE_BSD_AUTH
- pws = get_password();
-#endif
-
- if(!(dpy = XOpenDisplay(0)))
- eprint("slock: cannot open display\n");
- screen = DefaultScreen(dpy);
- root = RootWindow(dpy, screen);
-
- /* init */
- wa.override_redirect = 1;
- wa.background_pixel = BlackPixel(dpy, screen);
- w = XCreateWindow(dpy, root, 0, 0, DisplayWidth(dpy, screen), DisplayHeight(dpy, screen),
- 0, DefaultDepth(dpy, screen), CopyFromParent,
- DefaultVisual(dpy, screen), CWOverrideRedirect | CWBackPixel, &wa);
- XAllocNamedColor(dpy, DefaultColormap(dpy, screen), "black", &black, &dummy);
- pmap = XCreateBitmapFromData(dpy, w, curs, 8, 8);
- invisible = XCreatePixmapCursor(dpy, pmap, pmap, &black, &black, 0, 0);
- XDefineCursor(dpy, w, invisible);
- XMapRaised(dpy, w);
- for(len = 1000; len; len--) {
- if(XGrabPointer(dpy, root, False, ButtonPressMask | ButtonReleaseMask | PointerMotionMask,
- GrabModeAsync, GrabModeAsync, None, invisible, CurrentTime) == GrabSuccess)
- break;
- usleep(1000);
- }
- if((running = running && (len > 0))) {
- for(len = 1000; len; len--) {
- if(XGrabKeyboard(dpy, root, True, GrabModeAsync, GrabModeAsync, CurrentTime)
- == GrabSuccess)
- break;
- usleep(1000);
- }
- running = (len > 0);
- }
len = 0;
- XSync(dpy, False);
+ running = 1;
+ failure = 0;
+ oldc = INIT;
- /* main event loop */
- while(running && !XNextEvent(dpy, &ev)) {
- if(len == 0 && DPMSCapable(dpy)) {
- DPMSEnable(dpy);
- DPMSForceLevel(dpy, DPMSModeOff);
- }
- if(ev.type == KeyPress) {
- buf[0] = 0;
- num = XLookupString(&ev.xkey, buf, sizeof buf, &ksym, 0);
- if(IsKeypadKey(ksym))
- if(ksym == XK_KP_Enter)
+ while (running && !XNextEvent(dpy, &ev)) {
+ if (ev.type == KeyPress) {
+ explicit_bzero(&buf, sizeof(buf));
+ num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
+ if (IsKeypadKey(ksym)) {
+ if (ksym == XK_KP_Enter)
ksym = XK_Return;
- else if(ksym >= XK_KP_0 && ksym <= XK_KP_9)
+ else if (ksym >= XK_KP_0 && ksym <= XK_KP_9)
ksym = (ksym - XK_KP_0) + XK_0;
- if(IsFunctionKey(ksym) || IsKeypadKey(ksym)
- || IsMiscFunctionKey(ksym) || IsPFKey(ksym)
- || IsPrivateKeypadKey(ksym))
+ }
+ if (IsFunctionKey(ksym) ||
+ IsKeypadKey(ksym) ||
+ IsMiscFunctionKey(ksym) ||
+ IsPFKey(ksym) ||
+ IsPrivateKeypadKey(ksym))
continue;
- switch(ksym) {
+ switch (ksym) {
case XK_Return:
- passwd[len] = 0;
-
-#ifdef HAVE_BSD_AUTH
- running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd);
-#else
- running = strcmp(crypt(passwd, pws), pws);
-#endif
-
- if (running != 0)
+ passwd[len] = '\0';
+ errno = 0;
+ if (!(inputhash = crypt(passwd, hash)))
+ fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
+ else
+ running = !!strcmp(inputhash, hash);
+ if (running) {
XBell(dpy, 100);
+ failure = 1;
+ }
+ explicit_bzero(&passwd, sizeof(passwd));
len = 0;
break;
case XK_Escape:
+ explicit_bzero(&passwd, sizeof(passwd));
len = 0;
break;
case XK_BackSpace:
- if(len)
- --len;
+ if (len)
+ passwd[len--] = '\0';
break;
default:
- if(num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) {
+ if (num && !iscntrl((int)buf[0]) &&
+ (len + num < sizeof(passwd))) {
memcpy(passwd + len, buf, num);
len += num;
}
break;
}
+ color = len ? INPUT : ((failure || failonclear) ? FAILED : INIT);
+ if (running && oldc != color) {
+ for (screen = 0; screen < nscreens; screen++) {
+ XSetWindowBackground(dpy,
+ locks[screen]->win,
+ locks[screen]->colors[color]);
+ XClearWindow(dpy, locks[screen]->win);
+ }
+ oldc = color;
+ }
+ } else if (rr->active && ev.type == rr->evbase + RRScreenChangeNotify) {
+ rre = (XRRScreenChangeNotifyEvent*)&ev;
+ for (screen = 0; screen < nscreens; screen++) {
+ if (locks[screen]->win == rre->window) {
+ if (rre->rotation == RR_Rotate_90 ||
+ rre->rotation == RR_Rotate_270)
+ XResizeWindow(dpy, locks[screen]->win,
+ rre->height, rre->width);
+ else
+ XResizeWindow(dpy, locks[screen]->win,
+ rre->width, rre->height);
+ XClearWindow(dpy, locks[screen]->win);
+ break;
+ }
+ }
+ } else for (screen = 0; screen < nscreens; screen++)
+ XRaiseWindow(dpy, locks[screen]->win);
+ }
+}
+
+static struct lock *
+lockscreen(Display *dpy, struct xrandr *rr, int screen)
+{
+ char curs[] = {0, 0, 0, 0, 0, 0, 0, 0};
+ int i, ptgrab, kbgrab;
+ struct lock *lock;
+ XColor color, dummy;
+ XSetWindowAttributes wa;
+ Cursor invisible;
+
+ if (dpy == NULL || screen < 0 || !(lock = malloc(sizeof(struct lock))))
+ return NULL;
+
+ lock->screen = screen;
+ lock->root = RootWindow(dpy, lock->screen);
+
+ for (i = 0; i < NUMCOLS; i++) {
+ XAllocNamedColor(dpy, DefaultColormap(dpy, lock->screen),
+ colorname[i], &color, &dummy);
+ lock->colors[i] = color.pixel;
+ }
+
+ /* init */
+ wa.override_redirect = 1;
+ wa.background_pixel = lock->colors[INIT];
+ lock->win = XCreateWindow(dpy, lock->root, 0, 0,
+ DisplayWidth(dpy, lock->screen),
+ DisplayHeight(dpy, lock->screen),
+ 0, DefaultDepth(dpy, lock->screen),
+ CopyFromParent,
+ DefaultVisual(dpy, lock->screen),
+ CWOverrideRedirect | CWBackPixel, &wa);
+ lock->pmap = XCreateBitmapFromData(dpy, lock->win, curs, 8, 8);
+ invisible = XCreatePixmapCursor(dpy, lock->pmap, lock->pmap,
+ &color, &color, 0, 0);
+ XDefineCursor(dpy, lock->win, invisible);
+
+ /* Try to grab mouse pointer *and* keyboard for 600ms, else fail the lock */
+ for (i = 0, ptgrab = kbgrab = -1; i < 6; i++) {
+ if (ptgrab != GrabSuccess) {
+ ptgrab = XGrabPointer(dpy, lock->root, False,
+ ButtonPressMask | ButtonReleaseMask |
+ PointerMotionMask, GrabModeAsync,
+ GrabModeAsync, None, invisible, CurrentTime);
+ }
+ if (kbgrab != GrabSuccess) {
+ kbgrab = XGrabKeyboard(dpy, lock->root, True,
+ GrabModeAsync, GrabModeAsync, CurrentTime);
+ }
+
+ /* input is grabbed: we can lock the screen */
+ if (ptgrab == GrabSuccess && kbgrab == GrabSuccess) {
+ XMapRaised(dpy, lock->win);
+ if (rr->active)
+ XRRSelectInput(dpy, lock->win, RRScreenChangeNotifyMask);
+
+ XSelectInput(dpy, lock->root, SubstructureNotifyMask);
+ return lock;
}
+
+ /* retry on AlreadyGrabbed but fail on other errors */
+ if ((ptgrab != AlreadyGrabbed && ptgrab != GrabSuccess) ||
+ (kbgrab != AlreadyGrabbed && kbgrab != GrabSuccess))
+ break;
+
+ usleep(100000);
}
- XUngrabPointer(dpy, CurrentTime);
- XFreePixmap(dpy, pmap);
- XDestroyWindow(dpy, w);
- XCloseDisplay(dpy);
+
+ /* we couldn't grab all input: fail out */
+ if (ptgrab != GrabSuccess)
+ fprintf(stderr, "slock: unable to grab mouse pointer for screen %d\n",
+ screen);
+ if (kbgrab != GrabSuccess)
+ fprintf(stderr, "slock: unable to grab keyboard for screen %d\n",
+ screen);
+ return NULL;
+}
+
+static void
+usage(void)
+{
+ die("usage: slock [-v] [cmd [arg ...]]\n");
+}
+
+int
+main(int argc, char **argv) {
+ struct xrandr rr;
+ struct lock **locks;
+ struct passwd *pwd;
+ struct group *grp;
+ uid_t duid;
+ gid_t dgid;
+ const char *hash;
+ Display *dpy;
+ int s, nlocks, nscreens;
+
+ ARGBEGIN {
+ case 'v':
+ fprintf(stderr, "slock-"VERSION"\n");
+ return 0;
+ default:
+ usage();
+ } ARGEND
+
+ /* validate drop-user and -group */
+ errno = 0;
+ if (!(pwd = getpwnam(user)))
+ die("slock: getpwnam %s: %s\n", user,
+ errno ? strerror(errno) : "user entry not found");
+ duid = pwd->pw_uid;
+ errno = 0;
+ if (!(grp = getgrnam(group)))
+ die("slock: getgrnam %s: %s\n", group,
+ errno ? strerror(errno) : "group entry not found");
+ dgid = grp->gr_gid;
+
+#ifdef __linux__
+ dontkillme();
+#endif
+
+ hash = gethash();
+ errno = 0;
+ if (!crypt("", hash))
+ die("slock: crypt: %s\n", strerror(errno));
+
+ if (!(dpy = XOpenDisplay(NULL)))
+ die("slock: cannot open display\n");
+
+ /* drop privileges */
+ if (setgroups(0, NULL) < 0)
+ die("slock: setgroups: %s\n", strerror(errno));
+ if (setgid(dgid) < 0)
+ die("slock: setgid: %s\n", strerror(errno));
+ if (setuid(duid) < 0)
+ die("slock: setuid: %s\n", strerror(errno));
+
+ /* check for Xrandr support */
+ rr.active = XRRQueryExtension(dpy, &rr.evbase, &rr.errbase);
+
+ /* get number of screens in display "dpy" and blank them */
+ nscreens = ScreenCount(dpy);
+ if (!(locks = calloc(nscreens, sizeof(struct lock *))))
+ die("slock: out of memory\n");
+ for (nlocks = 0, s = 0; s < nscreens; s++) {
+ if ((locks[s] = lockscreen(dpy, &rr, s)) != NULL)
+ nlocks++;
+ else
+ break;
+ }
+ XSync(dpy, 0);
+
+ /* did we manage to lock everything? */
+ if (nlocks != nscreens)
+ return 1;
+
+ /* run post-lock command */
+ if (argc > 0) {
+ switch (fork()) {
+ case -1:
+ die("slock: fork failed: %s\n", strerror(errno));
+ case 0:
+ if (close(ConnectionNumber(dpy)) < 0)
+ die("slock: close: %s\n", strerror(errno));
+ execvp(argv[0], argv);
+ fprintf(stderr, "slock: execvp %s: %s\n", argv[0], strerror(errno));
+ _exit(1);
+ }
+ }
+
+ /* everything is now blank. Wait for the correct password */
+ readpw(dpy, &rr, locks, nscreens, hash);
+
return 0;
}