PolytreeDE
/
i3lock-color
mirror of https://github.com/Raymo111/i3lock-color.git
1
0
Fork 0
Code Releases Activity

merge commit etc

This commit is contained in:
Chris Guillott 2017-04-17 16:55:50 -04:00
parent 919f65888c 0bed914e8e
commit 3a1790ecc2
7 changed files with 98 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Makefile
View File

@ -19,12 +19,17 @@ SIMD_CFLAGS += -funroll-loops
SIMD_CFLAGS += -msse2
CPPFLAGS += -D_GNU_SOURCE
CPPFLAGS += -DXKBCOMPOSE=$(shell if test -e /usr/include/xkbcommon/xkbcommon-compose.h ; then echo 1 ; else echo 0 ; fi )
CFLAGS += $(shell $(PKG_CONFIG) --cflags cairo xcb-composite xcb-dpms xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11)
LIBS += $(shell $(PKG_CONFIG) --libs cairo xcb-composite xcb-dpms xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11)
CFLAGS += $(shell $(PKG_CONFIG) --cflags cairo xcb-composite xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11)
LIBS += $(shell $(PKG_CONFIG) --libs cairo xcb-composite xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11)
LIBS += -lpam
LIBS += -lev
LIBS += -lm
# OpenBSD lacks PAM, use bsd_auth(3) instead.
ifneq ($(UNAME),OpenBSD)
LIBS += -lpam
endif
FILES:=$(wildcard *.c)
FILES:=$(FILES:.c=.o)

10
README.md
View File

@ -1,4 +1,4 @@
i3lock-color - improved screen locker
i3lock - improved screen locker
===============================
_This is just a re-patched version of i3lock with the commits from [i3lock-color](https://github.com/eBrnd/i3lock-color); all the credit for the color functionality goes to [eBrnd](https://github.com/eBrnd/) !_
@ -40,6 +40,7 @@ Many little improvements have been made to i3lock over time:
- You can specify whether i3lock should bell upon a wrong password.
- i3lock uses PAM and therefore is compatible with LDAP etc.
On OpenBSD i3lock uses the bsd_auth(3) framework.
Requirements
------------
@ -64,10 +65,13 @@ Requirements
https://aur.archlinux.org/packages/i3lock-color-git
Running i3lock
--------------
Simply invoke the 'i3lock-color' command. To get out of it, enter your password and
-------------
Simply invoke the 'i3lock' command. To get out of it, enter your password and
press enter.
On OpenBSD the `i3lock` binary needs to be setgid `auth` to call the
authentication helpers, e.g. `/usr/libexec/auth/login_passwd`.
Example usage for colors:
i3lock-color --insidevercolor=0000a0bf --insidewrongcolor=ff8000bf --insidecolor=ffffffbf --ringvercolor=0020ffff --ringwrongcolor=4040ffff --ringcolor=404090ff --textcolor=ffffffff --separatorcolor=aaaaaaff --keyhlcolor=30ccccff --bshlcolor=ff8000ff -r

79
i3lock.c
View File

@ -18,7 +18,11 @@
#include <xcb/xkb.h>
#include <err.h>
#include <assert.h>
#ifdef __OpenBSD__
#include <bsd_auth.h>
#else
#include <security/pam_appl.h>
#endif
#include <getopt.h>
#include <string.h>
#include <ev.h>
@ -30,6 +34,9 @@
#include <xkbcommon/xkbcommon-x11.h>
#include <cairo.h>
#include <cairo/cairo-xcb.h>
#ifdef __OpenBSD__
#include <strings.h> /* explicit_bzero(3) */
#endif
#include "i3lock.h"
#include "xcb.h"
@ -84,7 +91,9 @@ int blur_sigma = 5;
uint32_t last_resolution[2];
xcb_window_t win;
static xcb_cursor_t cursor;
#ifndef __OpenBSD__
static pam_handle_t *pam_handle;
#endif
int input_position = 0;
/* Holds the password you enter (in UTF-8). */
static char password[512];
@ -94,11 +103,11 @@ bool unlock_indicator = true;
char *modifier_string = NULL;
static bool dont_fork = false;
struct ev_loop *main_loop;
static struct ev_timer *clear_pam_wrong_timeout;
static struct ev_timer *clear_auth_wrong_timeout;
static struct ev_timer *clear_indicator_timeout;
static struct ev_timer *discard_passwd_timeout;
extern unlock_state_t unlock_state;
extern pam_state_t pam_state;
extern auth_state_t auth_state;
int failed_attempts = 0;
bool show_failed_attempts = false;
bool retry_verification = false;
@ -197,6 +206,11 @@ static bool load_compose_table(const char *locale) {
*
*/
static void clear_password_memory(void) {
#ifdef __OpenBSD__
/* Use explicit_bzero(3) which was explicitly designed not to be
* optimized out by the compiler. */
explicit_bzero(password, strlen(password));
#else
/* A volatile pointer to the password buffer to prevent the compiler from
* optimizing this out. */
volatile char *vpassword = password;
@ -206,6 +220,7 @@ static void clear_password_memory(void) {
* compiler from optimizing the calls away, since the value of 'beep'
* is not known at compile-time. */
vpassword[c] = c + (int)beep;
#endif
}
ev_timer *start_timer(ev_timer *timer_obj, ev_tstamp timeout, ev_callback_t callback) {
@ -245,13 +260,13 @@ static void finish_input(void) {
}
/*
* Resets pam_state to STATE_PAM_IDLE 2 seconds after an unsuccessful
* Resets auth_state to STATE_AUTH_IDLE 2 seconds after an unsuccessful
* authentication event.
*
*/
static void clear_pam_wrong(EV_P_ ev_timer *w, int revents) {
DEBUG("clearing pam wrong\n");
pam_state = STATE_PAM_IDLE;
static void clear_auth_wrong(EV_P_ ev_timer *w, int revents) {
DEBUG("clearing auth wrong\n");
auth_state = STATE_AUTH_IDLE;
redraw_screen();
/* Clear modifier string. */
@ -261,9 +276,9 @@ static void clear_pam_wrong(EV_P_ ev_timer *w, int revents) {
}
/* Now free this timeout. */
STOP_TIMER(clear_pam_wrong_timeout);
STOP_TIMER(clear_auth_wrong_timeout);
/* retry with input done during pam verification */
/* retry with input done during auth verification */
if (retry_verification) {
retry_verification = false;
finish_input();
@ -287,11 +302,24 @@ static void discard_passwd_cb(EV_P_ ev_timer *w, int revents) {
}
static void input_done(void) {
STOP_TIMER(clear_pam_wrong_timeout);
pam_state = STATE_PAM_VERIFY;
STOP_TIMER(clear_auth_wrong_timeout);
auth_state = STATE_AUTH_VERIFY;
unlock_state = STATE_STARTED;
redraw_screen();
#ifdef __OpenBSD__
struct passwd *pw;
if (!(pw = getpwuid(getuid())))
errx(1, "unknown uid %u.", getuid());
if (auth_userokay(pw->pw_name, NULL, NULL, password) != 0) {
DEBUG("successfully authenticated\n");
clear_password_memory();
exit(0);
}
#else
if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) {
DEBUG("successfully authenticated\n");
clear_password_memory();
@ -305,12 +333,13 @@ static void input_done(void) {
exit(0);
}
#endif
if (debug_mode)
fprintf(stderr, "Authentication failure\n");
/* Get state of Caps and Num lock modifiers, to be displayed in
* STATE_PAM_WRONG state */
* STATE_AUTH_WRONG state */
xkb_mod_index_t idx, num_mods;
const char *mod_name;
@ -344,7 +373,7 @@ static void input_done(void) {
}
}
pam_state = STATE_PAM_WRONG;
auth_state = STATE_AUTH_WRONG;
failed_attempts += 1;
clear_input();
if (unlock_indicator)
@ -353,7 +382,7 @@ static void input_done(void) {
/* Clear this state after 2 seconds (unless the user enters another
* password during that time). */
ev_now_update(main_loop);
START_TIMER(clear_pam_wrong_timeout, TSTAMP_N_SECS(2), clear_pam_wrong);
START_TIMER(clear_auth_wrong_timeout, TSTAMP_N_SECS(2), clear_auth_wrong);
/* Cancel the clear_indicator_timeout, it would hide the unlock indicator
* too early. */
@ -438,7 +467,7 @@ static void handle_key_press(xcb_key_press_event_t *event) {
if ((ksym == XKB_KEY_j || ksym == XKB_KEY_m) && !ctrl)
break;
if (pam_state == STATE_PAM_WRONG) {
if (auth_state == STATE_AUTH_WRONG) {
retry_verification = true;
return;
}
@ -642,6 +671,7 @@ void handle_screen_resize(void) {
redraw_screen();
}
#ifndef __OpenBSD__
/*
* Callback function for PAM. We only react on password request callbacks.
*
@ -672,6 +702,7 @@ static int conv_callback(int num_msg, const struct pam_message **msg,
return 0;
}
#endif
/*
* This callback is only a dummy, see xcb_prepare_cb and xcb_check_cb.
@ -770,7 +801,7 @@ static void xcb_check_cb(EV_P_ ev_check *w, int revents) {
/*
* This function is called from a fork()ed child and will raise the i3lock
* window when the window is obscured, even when the main i3lock process is
* blocked due to PAM.
* blocked due to the authentication backend.
*
*/
static void raise_loop(xcb_window_t window) {
@ -827,8 +858,10 @@ int main(int argc, char *argv[]) {
struct passwd *pw;
char *username;
char *image_path = NULL;
#ifndef __OpenBSD__
int ret;
struct pam_conv conv = {conv_callback, NULL};
#endif
int curs_choice = CURS_NONE;
int o;
int optind = 0;
@ -1095,17 +1128,21 @@ int main(int argc, char *argv[]) {
* the unlock indicator upon keypresses. */
srand(time(NULL));
#ifndef __OpenBSD__
/* Initialize PAM */
if ((ret = pam_start("i3lock", username, &conv, &pam_handle)) != PAM_SUCCESS)
errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret));
if ((ret = pam_set_item(pam_handle, PAM_TTY, getenv("DISPLAY"))) != PAM_SUCCESS)
errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret));
#endif
/* Using mlock() as non-super-user seems only possible in Linux. Users of other
* operating systems should use encrypted swap/no swap (or remove the ifdef and
* run i3lock as super-user). */
#if defined(__linux__)
/* Using mlock() as non-super-user seems only possible in Linux and OpenBSD.
* Users of other operating systems should use encrypted swap/no swap
* (or remove the ifdef and run i3lock as super-user).
* NB: Alas, swap is encrypted by default on OpenBSD so swapping out
* is not necessarily an issue. */
#if defined(__linux__) || defined(__OpenBSD__)
/* Lock the area where we store the password in memory, we dont want it to
* be swapped to disk. Since Linux 2.6.9, this does not require any
* privileges, just enough bytes in the RLIMIT_MEMLOCK limit. */
@ -1227,7 +1264,7 @@ int main(int argc, char *argv[]) {
cursor = create_cursor(conn, screen, win, curs_choice);
/* Display the "locking…" message while trying to grab the pointer/keyboard. */
pam_state = STATE_PAM_LOCK;
auth_state = STATE_AUTH_LOCK;
grab_pointer_and_keyboard(conn, screen, cursor);
pid_t pid = fork();
@ -1254,7 +1291,7 @@ int main(int argc, char *argv[]) {
errx(EXIT_FAILURE, "Could not initialize libev. Bad LIBEV_FLAGS?\n");
/* Explicitly call the screen redraw in case "locking…" message was displayed */
pam_state = STATE_PAM_IDLE;
auth_state = STATE_AUTH_IDLE;
redraw_screen();
struct ev_io *xcb_watcher = calloc(sizeof(struct ev_io), 1);

56
unlock_indicator.c
View File

@ -102,7 +102,7 @@ static xcb_visualtype_t *vistype;
/* Maintain the current unlock/PAM state to draw the appropriate unlock
* indicator. */
unlock_state_t unlock_state;
pam_state_t pam_state;
auth_state_t auth_state;
/*
* Returns the scaling factor of the current screen. E.g., on a 227 DPI MacBook
@ -261,7 +261,7 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
timeinfo = localtime(&rawtime);
if (unlock_indicator &&
(unlock_state >= STATE_KEY_PRESSED || pam_state > STATE_PAM_IDLE || show_clock)) {
(unlock_state >= STATE_KEY_PRESSED || auth_state > STATE_AUTH_IDLE)) {
cairo_scale(ctx, scaling_factor(), scaling_factor());
/* Draw a (centered) circle with transparent background. */
cairo_set_line_width(ctx, 7.0);
@ -274,12 +274,12 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
/* Use the appropriate color for the different PAM states
* (currently verifying, wrong password, or default) */
switch (pam_state) {
case STATE_PAM_VERIFY:
case STATE_PAM_LOCK:
cairo_set_source_rgba(ctx, (double)insidever16[0]/255, (double)insidever16[1]/255, (double)insidever16[2]/255, (double)insidever16[3]/255);
switch (auth_state) {
case STATE_AUTH_VERIFY:
case STATE_AUTH_LOCK:
cairo_set_source_rgba(ctx, 0, 114.0 / 255, 255.0 / 255, 0.75);
break;
case STATE_PAM_WRONG:
case STATE_AUTH_WRONG:
case STATE_I3LOCK_LOCK_FAILED:
cairo_set_source_rgba(ctx, (double)insidewrong16[0]/255, (double)insidewrong16[1]/255, (double)insidewrong16[2]/255, (double)insidewrong16[3]/255);
break;
@ -289,9 +289,9 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
}
cairo_fill_preserve(ctx);
switch (pam_state) {
case STATE_PAM_VERIFY:
case STATE_PAM_LOCK:
switch (auth_state) {
case STATE_AUTH_VERIFY:
case STATE_AUTH_LOCK:
cairo_set_source_rgba(ctx, (double)ringver16[0]/255, (double)ringver16[1]/255, (double)ringver16[2]/255, (double)ringver16[3]/255);
if (internal_line_source == 1) {
line16[0] = ringver16[0];
@ -300,7 +300,7 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
line16[3] = ringver16[3];
}
break;
case STATE_PAM_WRONG:
case STATE_AUTH_WRONG:
case STATE_I3LOCK_LOCK_FAILED:
cairo_set_source_rgba(ctx, (double)ringwrong16[0]/255, (double)ringwrong16[1]/255, (double)ringwrong16[2]/255, (double)ringwrong16[3]/255);
if (internal_line_source == 1) {
@ -310,7 +310,7 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
line16[3] = ringwrong16[3];
}
break;
case STATE_PAM_IDLE:
case STATE_AUTH_IDLE:
cairo_set_source_rgba(ctx, (double)ring16[0]/255, (double)ring16[1]/255, (double)ring16[2]/255, (double)ring16[3]/255);
if (internal_line_source == 1) {
line16[0] = ring16[0];
@ -347,17 +347,17 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
/* We don't want to show more than a 3-digit number. */
char buf[4];
cairo_set_source_rgba(ctx, (double)text16[0]/255, (double)text16[1]/255, (double)text16[2]/255, (double)text16[3]/255); //this was moved up to here
cairo_set_source_rgb(ctx, 0, 0, 0);
cairo_select_font_face(ctx, "sans-serif", CAIRO_FONT_SLANT_NORMAL, CAIRO_FONT_WEIGHT_NORMAL);
cairo_set_font_size(ctx, 28.0);
switch (pam_state) {
case STATE_PAM_VERIFY:
switch (auth_state) {
case STATE_AUTH_VERIFY:
text = "verifying…";
break;
case STATE_PAM_LOCK:
case STATE_AUTH_LOCK:
text = "locking…";
break;
case STATE_PAM_WRONG:
case STATE_AUTH_WRONG:
text = "wrong!";
break;
case STATE_I3LOCK_LOCK_FAILED:
@ -417,7 +417,7 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
}
if (pam_state == STATE_PAM_WRONG && (modifier_string != NULL)) {
if (auth_state == STATE_AUTH_WRONG && (modifier_string != NULL)) {
cairo_text_extents_t extents;
double x, y;
@ -517,7 +517,7 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
*
*/
void redraw_screen(void) {
DEBUG("redraw_screen(unlock_state = %d, pam_state = %d)\n", unlock_state, pam_state);
DEBUG("redraw_screen(unlock_state = %d, auth_state = %d)\n", unlock_state, auth_state);
xcb_pixmap_t bg_pixmap = draw_image(last_resolution);
xcb_change_window_attributes(conn, win, XCB_CW_BACK_PIXMAP, (uint32_t[1]){bg_pixmap});
/* XXX: Possible optimization: Only update the area in the middle of the
@ -539,21 +539,3 @@ void clear_indicator(void) {
unlock_state = STATE_KEY_PRESSED;
redraw_screen();
}
static void time_redraw_cb(struct ev_loop *loop, ev_periodic *w, int revents) {
redraw_screen();
}
void start_time_redraw_tick(struct ev_loop* main_loop) {
if (time_redraw_tick) {
ev_periodic_set(time_redraw_tick, 0., 1.0, 0);
ev_periodic_again(main_loop, time_redraw_tick);
} else {
if (!(time_redraw_tick = calloc(sizeof(struct ev_periodic), 1))) {
return;
}
ev_periodic_init(time_redraw_tick, time_redraw_cb, 0., 1., 0);
ev_periodic_start(main_loop, time_redraw_tick);
}
}

10
unlock_indicator.h
View File

@ -11,12 +11,12 @@ typedef enum {
} unlock_state_t;
typedef enum {
STATE_PAM_IDLE = 0, /* no PAM interaction at the moment */
STATE_PAM_VERIFY = 1, /* currently verifying the password via PAM */
STATE_PAM_LOCK = 2, /* currently locking the screen */
STATE_PAM_WRONG = 3, /* the password was wrong */
STATE_AUTH_IDLE = 0, /* no authenticator interaction at the moment */
STATE_AUTH_VERIFY = 1, /* currently verifying the password via authenticator */
STATE_AUTH_LOCK = 2, /* currently locking the screen */
STATE_AUTH_WRONG = 3, /* the password was wrong */
STATE_I3LOCK_LOCK_FAILED = 4 /* i3lock failed to load */
} pam_state_t;
} auth_state_t;
xcb_pixmap_t draw_image(uint32_t* resolution);
void redraw_screen(void);

4
xcb.c
View File

@ -24,7 +24,7 @@
#include "cursors.h"
#include "unlock_indicator.h"
extern pam_state_t pam_state;
extern auth_state_t auth_state;
xcb_connection_t *conn;
xcb_screen_t *screen;
@ -262,7 +262,7 @@ void grab_pointer_and_keyboard(xcb_connection_t *conn, xcb_screen_t *screen, xcb
/* After trying for 10000 times, i3lock will display an error message
* for 2 sec prior to terminate. */
if (tries <= 0) {
pam_state = STATE_I3LOCK_LOCK_FAILED;
auth_state = STATE_I3LOCK_LOCK_FAILED;
redraw_screen();
sleep(1);
errx(EXIT_FAILURE, "Cannot grab pointer/keyboard");

2
xcb.h
View File

@ -2,7 +2,6 @@
#define _XCB_H
#include <xcb/xcb.h>
#include <xcb/dpms.h>
extern xcb_connection_t *conn;
extern xcb_screen_t *screen;
@ -11,7 +10,6 @@ xcb_visualtype_t *get_root_visual_type(xcb_screen_t *s);
xcb_pixmap_t create_bg_pixmap(xcb_connection_t *conn, xcb_screen_t *scr, u_int32_t *resolution, char *color);
xcb_window_t open_fullscreen_window(xcb_connection_t *conn, xcb_screen_t *scr, char *color, xcb_pixmap_t pixmap);
void grab_pointer_and_keyboard(xcb_connection_t *conn, xcb_screen_t *screen, xcb_cursor_t cursor);
void dpms_set_mode(xcb_connection_t *conn, xcb_dpms_dpms_mode_t mode);
xcb_cursor_t create_cursor(xcb_connection_t *conn, xcb_screen_t *screen, xcb_window_t win, int choice);
xcb_pixmap_t capture_bg_pixmap(xcb_connection_t *conn, xcb_screen_t *scr, u_int32_t* resolution);