X-Git-Url: https://git.danieliu.xyz/?a=blobdiff_plain;f=slock.c;h=f423f8cd1d884438ad39fd79bc306b88c17c6dff;hb=b00f444a4ea0d9ffa5cd7dcda71c97cdf05d322e;hp=62a9841b4b49516b89a7ca0be75c50088d818d49;hpb=9698224090ff2989659717815bfa076d5d436a70;p=slock.git diff --git a/slock.c b/slock.c index 62a9841..f423f8c 100644 --- a/slock.c +++ b/slock.c @@ -6,6 +6,7 @@ #include #include +#include #include #include #include @@ -18,11 +19,6 @@ #include #include -#if HAVE_BSD_AUTH -#include -#include -#endif - #include "arg.h" #include "util.h" @@ -37,18 +33,18 @@ enum { #include "config.h" -typedef struct { +struct lock { int screen; Window root, win; Pixmap pmap; unsigned long colors[NUMCOLS]; -} Lock; +}; -static Lock **locks; -static int nscreens; -static Bool rr; -static int rrevbase; -static int rrerrbase; +struct xrandr { + int active; + int evbase; + int errbase; +}; static void die(const char *errstr, ...) @@ -88,14 +84,13 @@ dontkillme(void) } #endif -#ifndef HAVE_BSD_AUTH -/* only run as root */ static const char * getpw(void) { const char *rval; struct passwd *pw; + /* Check if the current user has a password entry */ errno = 0; if (!(pw = getpwuid(getuid()))) { if (errno) @@ -109,25 +104,27 @@ getpw(void) if (rval[0] == 'x' && rval[1] == '\0') { struct spwd *sp; if (!(sp = getspnam(getenv("USER")))) - die("slock: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); + die("slock: getspnam: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); rval = sp->sp_pwdp; } -#endif +#else + if (rval[0] == '*' && rval[1] == '\0') { +#ifdef __OpenBSD__ + if (!(pw = getpwnam_shadow(getenv("USER")))) + die("slock: getpwnam_shadow: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); + rval = pw->pw_passwd; +#else + die("slock: getpwuid: cannot retrieve shadow entry (make sure to suid or sgid slock)\n"); +#endif /* __OpenBSD__ */ + } +#endif /* HAVE_SHADOW_H */ - /* drop privileges */ - if (geteuid() == 0 && - ((getegid() != pw->pw_gid && setgid(pw->pw_gid) < 0) || setuid(pw->pw_uid) < 0)) - die("slock: cannot drop privileges\n"); return rval; } -#endif static void -#ifdef HAVE_BSD_AUTH -readpw(Display *dpy) -#else -readpw(Display *dpy, const char *pws) -#endif +readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens, + const char *pws) { char buf[32], passwd[256], *encrypted; int num, screen, running, failure; @@ -163,15 +160,11 @@ readpw(Display *dpy, const char *pws) switch (ksym) { case XK_Return: passwd[len] = 0; -#ifdef HAVE_BSD_AUTH - running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd); -#else errno = 0; if (!(encrypted = crypt(passwd, pws))) fprintf(stderr, "slock: crypt: %s\n", strerror(errno)); else running = !!strcmp(encrypted, pws); -#endif if (running) { XBell(dpy, 100); failure = True; @@ -202,7 +195,7 @@ readpw(Display *dpy, const char *pws) } oldc = color; } - } else if (rr && ev.type == rrevbase + RRScreenChangeNotify) { + } else if (rr->active && ev.type == rr->evbase + RRScreenChangeNotify) { XRRScreenChangeNotifyEvent *rre = (XRRScreenChangeNotifyEvent*)&ev; for (screen = 0; screen < nscreens; screen++) { if (locks[screen]->win == rre->window) { @@ -215,44 +208,17 @@ readpw(Display *dpy, const char *pws) } } -static void -unlockscreen(Display *dpy, Lock *lock) -{ - if(dpy == NULL || lock == NULL) - return; - - XUngrabPointer(dpy, CurrentTime); - XUngrabKeyboard(dpy, CurrentTime); - XFreeColors(dpy, DefaultColormap(dpy, lock->screen), lock->colors, NUMCOLS, 0); - XFreePixmap(dpy, lock->pmap); - XDestroyWindow(dpy, lock->win); - - free(lock); -} - -static void -cleanup(Display *dpy) -{ - int s; - - for (s = 0; s < nscreens; ++s) - unlockscreen(dpy, locks[s]); - - free(locks); - XCloseDisplay(dpy); -} - -static Lock * -lockscreen(Display *dpy, int screen) +static struct lock * +lockscreen(Display *dpy, struct xrandr *rr, int screen) { char curs[] = {0, 0, 0, 0, 0, 0, 0, 0}; int i, ptgrab, kbgrab; - Lock *lock; + struct lock *lock; XColor color, dummy; XSetWindowAttributes wa; Cursor invisible; - if (dpy == NULL || screen < 0 || !(lock = malloc(sizeof(Lock)))) + if (dpy == NULL || screen < 0 || !(lock = malloc(sizeof(struct lock)))) return NULL; lock->screen = screen; @@ -289,7 +255,7 @@ lockscreen(Display *dpy, int screen) /* input is grabbed: we can lock the screen */ if (ptgrab == GrabSuccess && kbgrab == GrabSuccess) { XMapRaised(dpy, lock->win); - if (rr) + if (rr->active) XRRSelectInput(dpy, lock->win, RRScreenChangeNotifyMask); XSelectInput(dpy, lock->root, SubstructureNotifyMask); @@ -320,11 +286,15 @@ usage(void) int main(int argc, char **argv) { -#ifndef HAVE_BSD_AUTH + struct xrandr rr; + struct lock **locks; + struct passwd *pwd; + struct group *grp; + uid_t duid; + gid_t dgid; const char *pws; -#endif Display *dpy; - int s, nlocks; + int s, nlocks, nscreens; ARGBEGIN { case 'v': @@ -334,39 +304,46 @@ main(int argc, char **argv) { usage(); } ARGEND + /* validate drop-user and -group */ + errno = 0; + if (!(pwd = getpwnam(user))) + die("slock: getpwnam %s: %s\n", user, errno ? + strerror(errno) : "user entry not found"); + duid = pwd->pw_uid; + errno = 0; + if (!(grp = getgrnam(group))) + die("slock: getgrnam %s: %s\n", group, errno ? + strerror(errno) : "group entry not found"); + dgid = grp->gr_gid; + #ifdef __linux__ dontkillme(); #endif - /* Check if the current user has a password entry */ - errno = 0; - if (!getpwuid(getuid())) { - if (errno == 0) - die("slock: no password entry for current user\n"); - else - die("slock: getpwuid: %s\n", strerror(errno)); - } - -#ifndef HAVE_BSD_AUTH pws = getpw(); if (strlen(pws) < 2) die("slock: failed to get user password hash.\n"); -#endif if (!(dpy = XOpenDisplay(NULL))) die("slock: cannot open display\n"); + /* drop privileges */ + if (setgroups(0, NULL) < 0) + die("slock: setgroups: %s\n", strerror(errno)); + if (setgid(dgid) < 0) + die("slock: setgid: %s\n", strerror(errno)); + if (setuid(duid) < 0) + die("slock: setuid: %s\n", strerror(errno)); + /* check for Xrandr support */ - rr = XRRQueryExtension(dpy, &rrevbase, &rrerrbase); + rr.active = XRRQueryExtension(dpy, &rr.evbase, &rr.errbase); /* get number of screens in display "dpy" and blank them */ nscreens = ScreenCount(dpy); - if (!(locks = calloc(nscreens, sizeof(Lock *)))) { - XCloseDisplay(dpy); + if (!(locks = calloc(nscreens, sizeof(struct lock *)))) die("slock: out of memory\n"); - } for (nlocks = 0, s = 0; s < nscreens; s++) { - if ((locks[s] = lockscreen(dpy, s)) != NULL) + if ((locks[s] = lockscreen(dpy, &rr, s)) != NULL) nlocks++; else break; @@ -374,16 +351,13 @@ main(int argc, char **argv) { XSync(dpy, 0); /* did we manage to lock everything? */ - if (nlocks != nscreens) { - cleanup(dpy); + if (nlocks != nscreens) return 1; - } /* run post-lock command */ if (argc > 0) { switch (fork()) { case -1: - cleanup(dpy); die("slock: fork failed: %s\n", strerror(errno)); case 0: if (close(ConnectionNumber(dpy)) < 0) @@ -396,14 +370,7 @@ main(int argc, char **argv) { } /* everything is now blank. Wait for the correct password */ -#ifdef HAVE_BSD_AUTH - readpw(dpy); -#else - readpw(dpy, pws); -#endif - - /* password ok, unlock everything and quit */ - cleanup(dpy); + readpw(dpy, &rr, locks, nscreens, pws); return 0; }