Markus Teich [Sun, 20 Nov 2016 00:07:11 +0000 (01:07 +0100)]
bump version
Markus Teich [Sat, 19 Nov 2016 23:59:19 +0000 (00:59 +0100)]
add arg.h and util.h to Makefile
Markus Teich [Sat, 19 Nov 2016 23:29:41 +0000 (00:29 +0100)]
clarify colors in config.def.h
Markus Teich [Sat, 19 Nov 2016 23:29:01 +0000 (00:29 +0100)]
move config.h inclusion after type declarations
Laslo Hunhold [Mon, 17 Oct 2016 18:28:09 +0000 (20:28 +0200)]
Unboolify slock.c
FRIGN [Sat, 1 Oct 2016 22:10:45 +0000 (00:10 +0200)]
Use explicit strcmp() instead of inlining it
Makes it a tad more readable; the previous "optimization" will be done
by the compiler anyway.
FRIGN [Sat, 1 Oct 2016 22:03:18 +0000 (00:03 +0200)]
No need for oldc to be static
FRIGN [Sat, 1 Oct 2016 21:56:33 +0000 (23:56 +0200)]
Use NUL character constant explicitly
FRIGN [Sat, 1 Oct 2016 21:50:49 +0000 (23:50 +0200)]
Keep the line-lengths at bay
This makes the code more readable and prevents wraparounds in the
editor.
FRIGN [Wed, 28 Sep 2016 18:20:51 +0000 (20:20 +0200)]
Add a section on security considerations
The section on security considerations sheds some light on the problems that we
can't solve within slock but which the user has to solve in his X configuration.
Markus Teich [Mon, 26 Sep 2016 11:28:09 +0000 (13:28 +0200)]
remove confusing DPMS comment
FRIGN on hackers@suckless.org:
What has been bugging me for quite a while is this DPMS comment that was added
there for no reason. Every sane mind would agree that fiddling with DPMS makes
no sense whatsoever. When I slock, my screen turns off after 10 minutes. So, if
I don't like that, I disable DPMS. If I do, I just fiddle around with my mouse a
bit and get the slock promt.
Markus Teich [Fri, 23 Sep 2016 17:08:39 +0000 (19:08 +0200)]
error out early on crypt() fail
FRIGN [Sun, 11 Sep 2016 21:17:53 +0000 (23:17 +0200)]
Stop using $USER for shadow entries
This was extremely bad practice, effectively making the program behave
different depending on which architecture you are running it on.
OpenBSD offers getpwuid_shadow, but there is no getspuid for getspnam,
so we resort to using the pw_name entry in the struct passwd we filled
earlier.
This prevents slock from crashing when $USER is empty (easy to do). If
you want to run slock as a different user, don't use
$ USER="tom" slock
but doas or sudo which were designed for this purpose.
FRIGN [Sun, 11 Sep 2016 21:10:57 +0000 (23:10 +0200)]
Rename getpw() and pws to gethash() and hash
FRIGN [Sun, 11 Sep 2016 21:08:19 +0000 (23:08 +0200)]
Remove cleanup and deglobalize and rework data structures
The cleanup removal is a joint-venture with Markus. We assume the X server does
the cleanup, so we don't need it. The idea is that the fds are closed at exit
and thus already indicate to the X server that the client has quit. Analogously
the same applies to freeing memory sections previously allocated for the X
server.
We love XXXXXL burgers and therefore removed
XUngrabPointer
XUngrabKeyboard
XFreeColors
XFreePixmap
XDestroyWindow
Lines of Code.
For a project like slock there is no need to carry around global state. By
moving the three structures to main() it is now clear which functions modify
which state, greatly improving the readability of the code, especially given
slock is a suid program.
Quentin Rameau [Thu, 8 Sep 2016 17:03:12 +0000 (19:03 +0200)]
config.mk: be more explicative about FLAGS
Group each *FLAG with its description and add a NetBSD specific.
FRIGN [Wed, 7 Sep 2016 11:32:29 +0000 (13:32 +0200)]
Ensure Polyphemus-Mitigation and properly drop privileges
Don't hide privilege drops inside readpw() and actually make it
configurable what you are dropping to in config.h.
The privilege drop comes after opening the Display because the
user "nobody" with "nogroup" can't do that.
So why do I call this strategy the Polyphemus-Mitigation?
"""
After the giant returns in the evening and eats two more of the men,
Odysseus offers Polyphemus some strong and undiluted wine given to him
earlier on his journey. Drunk and unwary, the giant asks Odysseus his
name, promising him a guest-gift if he answers. Odysseus tells him
"Οὖτις", which means "nobody" and Polyphemus promises to eat this
"Nobody" last of all. With that, he falls into a drunken sleep. Odysseus
had meanwhile hardened a wooden stake in the fire and now drives it into
Polyphemus' eye. When Polyphemus shouts for help from his fellow giants,
saying that "Nobody" has hurt him, they think Polyphemus is being
afflicted by divine power and recommend prayer as the answer.
"""
(source: https://en.wikipedia.org/wiki/Polyphemus)
Quentin Rameau [Wed, 7 Sep 2016 11:02:42 +0000 (13:02 +0200)]
Unify how we check passwords between different OSes
Markus Teich [Wed, 7 Sep 2016 08:04:06 +0000 (10:04 +0200)]
make error message prefix consistent
Markus Teich [Fri, 2 Sep 2016 09:49:02 +0000 (11:49 +0200)]
increasing for loops are idiomatic
Quentin Rameau [Thu, 1 Sep 2016 11:47:19 +0000 (13:47 +0200)]
Localize running and failure inside readpw()
They are only needed there, so don't make them global.
Quentin Rameau [Thu, 1 Sep 2016 11:47:05 +0000 (13:47 +0200)]
Move screen unlocking inside cleanup()
Quentin Rameau [Thu, 1 Sep 2016 11:46:51 +0000 (13:46 +0200)]
Re-introduce the waiting loop for input grabbing
We actually “need” to wait a little for input to be released before
locking for cases where slock is spawned from other graphical
applications using keybindings.
This undoes the misbehaviour I introduced in
c2f9757, sorry for the mess.
Quentin Rameau [Thu, 1 Sep 2016 11:46:19 +0000 (13:46 +0200)]
Add cleanup() to do free(locks) + XCloseDisplay()
FRIGN [Mon, 22 Aug 2016 23:45:46 +0000 (01:45 +0200)]
Refactor dontkillme()
- Use file pointers instead of raw I/O, inspired by Kernel code.
- Use OOM_SCORE_ADJ_MIN from linux/oom.h instead of working with
magic values.
- Stricter error checking and descriptive error messages.
The reasoning for using the constant rather than magic values lies
in the fact that this ensures people get the message.
With "-1000", a code reviewer would question if that is really the
lowest possible number or just an arbitrary value.
The kernel ABI probably won't change, but even in the case, we wouldn't
have to modify the code. The OOM killer only is guaranteed to not
kill you if you have OOM_SCORE_ADJ_MIN.
FRIGN [Tue, 23 Aug 2016 08:55:34 +0000 (10:55 +0200)]
Convert manpage to mandoc and fix usage
In all honor, the previous usage was formally more correct, but for the
sake of consistency across all the tools having the v-flag, I separated
it from the command-string.
Also, make use of the mandoc macros for the manpage. This makes it
easier to maintain, extend and change in the future.
Markus Teich [Tue, 30 Aug 2016 22:59:06 +0000 (00:59 +0200)]
fix CVE-2016-6866
Markus Teich [Tue, 30 Aug 2016 22:56:13 +0000 (00:56 +0200)]
Update bsd-auth string.
Thanks to Hiltjo for discovering this.
Quentin Rameau [Tue, 30 Aug 2016 15:33:09 +0000 (17:33 +0200)]
Exit as soon as possible on input grabbing error
We want to know at once if slock failed or not to lock the screen, not
seing a black screen for a whole second (or two) and then die.
Thanks to ^7heo for reporting this.
FRIGN [Sun, 21 Aug 2016 22:25:21 +0000 (00:25 +0200)]
Refactor main()
- Add arg.h and fix usage
Given slock is suid we don't want to have half-measures in place to
parse the arguments in case the code is changed in the future with
somebody not paying enough attention.
Also, fix the usage string output to be more consistent across the
suckless toolbase and make it reflect the manpage entry.
- Comments
Use proper block comments and add/change them where necessary
to help in studying the code.
- Error messages
Consistently prepend them with "slock:" and fix wording and
do a proper cleanup before quitting (XCloseDisplay and free
the locks), making the die() semantics consistent with st's.
- getpwuid() error reporting
Properly present an error message if getpwuid() fails.
- fork() error reporting
Properly present an error message if fork() fails. If we cannot
close the connection within the fork context we abort the
operation and report an error.
- execvp() error handling
If execvp fails, we cannot call die() afterwards as this implies
calling exit(). We must use _exit() to prevent the libc from
doing now "illegal" cleanup-work.
Hiltjo Posthuma [Sun, 31 Jul 2016 11:43:00 +0000 (13:43 +0200)]
clear passwords with explicit_bzero
Make sure to explicitly clear memory that is used for password input. memset
is often optimized out by the compiler.
Brought to attention by the OpenBSD community, see:
https://marc.info/?t=
146989502600003&r=1&w=2
Thread subject: x11/slock: clear passwords with explicit_bzero
Changes:
- explicit_bzero.c import from libressl-portable.
- Makefile: add COMPATSRC for compatibility src.
- config.mk: add separate *BSD section in config.mk to simply uncomment it on
these platforms.
Markus Teich [Mon, 15 Feb 2016 13:15:45 +0000 (14:15 +0100)]
Revert "No need for usage()"
This reverts most of commit
a6dc051e3744ce5b14c54d2d246d3e8258207e76 and fixes
some related stuff:
- keep spelling fixes from original commit
- make -h and -v also work when followed by more arguments
- any unknown flag prints usage
- fix output of -v to display "slock: version 1.3" instead of "slock: slock-1.3"
Markus Teich [Mon, 15 Feb 2016 13:00:56 +0000 (14:00 +0100)]
revert using argv0 and minor fixup
- use hardcoded "slock" instead of argv[0]
- add "slock: " to fprintf calls, where it was missing
- revert `argc--, argv++` shifting
FRIGN [Sun, 14 Feb 2016 01:13:54 +0000 (02:13 +0100)]
Use argv0 instead of passing "slock:" to die every time
FRIGN [Sun, 14 Feb 2016 00:48:48 +0000 (01:48 +0100)]
No need for usage()
There are 2 arguments why -v and -h are broken:
1) if you are running off git, -v will show the last stable
release, effectively making this option useless.
people running stable versions leave open an attack surface
this way in case there are vulnerabilities found.
99% of the people are also using package managers to keep
their software up to date, instead of running $TOOL -v to
check how old it is.
2) -h is a sad excuse for not just looking at the manual page
(man 1 slock). Given we accept a post_lock_command, we can't
be as liberal and just intercept certain flags.
I changed the manpage to reflect this change.
FRIGN [Sun, 14 Feb 2016 00:32:02 +0000 (01:32 +0100)]
Clarify config.def.h
Clear up the wording a bit and explain what failonclear means.
FRIGN [Sun, 14 Feb 2016 00:28:37 +0000 (01:28 +0100)]
Simplify the oom-taming-function
There really is no need to source a defined variable from a linux
header. The OOM-rank ranges from -1000 to 1000, so we can safely
hardcode -1000, which is a sane thing to do given slock is suid and
we don't want to play around too much here anyway.
On another notice, let's not forget that this still is a shitty
heuristic. The OOM-killer still can kill us (thus I also changed
the wording in the error-message. We do not disable the OOM-killer,
we're just hiding.
Markus Teich [Thu, 11 Feb 2016 15:49:59 +0000 (16:49 +0100)]
add slock.1 man page
FRIGN [Thu, 11 Feb 2016 15:30:52 +0000 (16:30 +0100)]
Update license year
It actually was 2014 and not 2015.
FRIGN [Thu, 11 Feb 2016 15:29:26 +0000 (16:29 +0100)]
Don't forget the E-Mail
FRIGN [Thu, 11 Feb 2016 15:28:41 +0000 (16:28 +0100)]
Add myself to License
forgot that a while ago
Markus Teich [Thu, 11 Feb 2016 15:26:12 +0000 (16:26 +0100)]
update copyright year in -v output
Markus Teich [Thu, 11 Feb 2016 15:23:48 +0000 (16:23 +0100)]
prepare 1.3 release
Markus Teich [Thu, 11 Feb 2016 15:22:34 +0000 (16:22 +0100)]
remove .hgtags
Markus Teich [Fri, 29 Jan 2016 21:11:18 +0000 (22:11 +0100)]
add hint for suid to oom error message
Markus Teich [Mon, 18 Jan 2016 15:49:15 +0000 (16:49 +0100)]
error messages on grab failure
Markus Teich [Sat, 16 Jan 2016 11:38:36 +0000 (12:38 +0100)]
code style fix
Markus Teich [Sat, 26 Dec 2015 12:13:25 +0000 (13:13 +0100)]
add option to run command after screen is locked
David Phillips [Thu, 27 Aug 2015 04:16:25 +0000 (06:16 +0200)]
Don't change to failure colour on success
David Phillips [Fri, 19 Jun 2015 11:42:15 +0000 (23:42 +1200)]
Slightly safer OOM killer disablement in linux
Markus Teich [Fri, 8 May 2015 15:10:15 +0000 (17:10 +0200)]
rework setting window color
Markus Teich [Fri, 8 May 2015 14:43:13 +0000 (16:43 +0200)]
consistently use () with sizeof
Nick Currier [Wed, 6 May 2015 16:18:50 +0000 (10:18 -0600)]
Option to not show failure color on clear
Markus Teich [Wed, 25 Feb 2015 22:06:45 +0000 (23:06 +0100)]
resize lockscreen window after Xrandr resize
David Phillips [Wed, 11 Feb 2015 22:56:35 +0000 (11:56 +1300)]
Blank the screen with color 0, add third color for failed logins
- Adds another color in config.def.h, COLOR_INIT
- Renames the colours from numerical ones to ones with meaningful names;
COLOR_INPUT for when there is content in the input buffer and COLOR_EMPTY
for when the input buffer has been cleared (backspaced or a failed attempt).
- Ensures XFreeColors frees the right number of colours. This is now derived
from the size of `Lock->colors` rather than being an integer literal.
- Makes slock exhibit the behaviour described by Markus
The default colours are the same as the ones slock currently uses, with the
exception of the new color, which I have set to red, as it indicates someone
has either failed an attempt to unlock, or that they have entered input and
erased it all.
Anselm R Garbe [Tue, 27 Jan 2015 21:16:52 +0000 (22:16 +0100)]
applied Dimitris' style patch from Dec'14, with some minor modifications
Anselm R Garbe [Mon, 22 Dec 2014 10:17:45 +0000 (11:17 +0100)]
fixed usage string
Anselm R Garbe [Mon, 22 Dec 2014 10:16:26 +0000 (11:16 +0100)]
applied sin's patch and prepared new release
sin [Fri, 7 Nov 2014 13:20:13 +0000 (13:20 +0000)]
end{pw,sp}ent() can only be called after get{pw,sp}ent()
Calling them unconditionally can result in memory corruption.
sin [Wed, 9 Jul 2014 13:40:49 +0000 (14:40 +0100)]
Only check errno if getpwuid() fails
Checking errno otherwise is unspecified.
FRIGN [Tue, 3 Jun 2014 17:19:10 +0000 (19:19 +0200)]
Add /etc/passwd support
Fix slock to work with /etc/passwd without /etc/shadow.
while we're at it, remove an occurence of trailing whitespace.
sin [Thu, 14 Nov 2013 11:24:08 +0000 (11:24 +0000)]
Set errno to 0 before getpwuid() and check it afterwards
Anselm R Garbe [Fri, 2 Aug 2013 20:11:18 +0000 (22:11 +0200)]
applied Robert Schneider's Linux suggestions, also bumped version and updated LICENSE file's copyright notice
anselm@garbe.us [Thu, 25 Oct 2012 18:59:50 +0000 (20:59 +0200)]
prepared 1.1
garbeam@gmail.com [Thu, 2 Aug 2012 19:54:18 +0000 (21:54 +0200)]
applied andres' multi-slock fix, thanks for spotting this issue
anselm@garbe.us [Sun, 15 Apr 2012 09:58:16 +0000 (11:58 +0200)]
added Ben's password placeholder entry kludge
anselm@garbe.us [Sat, 17 Mar 2012 17:03:25 +0000 (18:03 +0100)]
applied Eckehard Bern's dualcolor patch to slock
anselm@garbe.us [Sat, 11 Feb 2012 09:51:31 +0000 (10:51 +0100)]
Added tag 1.0 for changeset
05b949016e85
anselm@garbe.us [Sat, 11 Feb 2012 09:51:26 +0000 (10:51 +0100)]
preparing 1.0
anselm@garbe.us [Thu, 9 Feb 2012 19:56:34 +0000 (20:56 +0100)]
select for SubstructureRedirectMask as well
anselm@garbe.us [Thu, 9 Feb 2012 19:18:49 +0000 (20:18 +0100)]
fixed missing new lines
anselm@garbe.us [Sun, 5 Feb 2012 15:41:31 +0000 (16:41 +0100)]
typo fix
anselm@garbe.us [Sun, 5 Feb 2012 15:38:58 +0000 (16:38 +0100)]
added XRaiseWindow workaround when new clients are launched
garbeam@gmail.com [Tue, 24 Jan 2012 21:10:02 +0000 (22:10 +0100)]
applied Michaels patch
anselm@garbe.us [Sun, 22 Jan 2012 17:58:10 +0000 (18:58 +0100)]
added dummy error handler to prevent X from terminating slock just in case
Anselm R Garbe [Thu, 21 Apr 2011 08:22:47 +0000 (08:22 +0000)]
applied Markus' patch to die in case /etc/passwd is unavailable
Anselm R Garbe [Thu, 26 Nov 2009 12:53:26 +0000 (12:53 +0000)]
applied Fernando Silveira's multiscreen patch for old style multihead setups
a@null [Fri, 12 Dec 2008 19:34:43 +0000 (19:34 +0000)]
applied Ali Gholami Rudi's patch regarding DPMS timeout customization and persistence
Anselm R Garbe [Tue, 29 Jul 2008 18:23:21 +0000 (19:23 +0100)]
Added tag 0.9 for changeset
1e8a77601cb9
Anselm R Garbe [Tue, 29 Jul 2008 18:17:24 +0000 (19:17 +0100)]
fix
Anselm R Garbe [Tue, 29 Jul 2008 18:14:53 +0000 (19:14 +0100)]
prepared release
Anselm R Garbe [Tue, 29 Jul 2008 18:08:18 +0000 (19:08 +0100)]
removed useless chars, prepared release
Anselm R Garbe [Wed, 9 Apr 2008 22:42:50 +0000 (23:42 +0100)]
s/d//
Anselm R Garbe [Wed, 9 Apr 2008 22:42:19 +0000 (23:42 +0100)]
yet another DPMS fix, still trying to prevent the error handler
Anselm R Garbe [Tue, 8 Apr 2008 08:55:46 +0000 (09:55 +0100)]
fixed DPMS crashing issue
Anselm R Garbe [Thu, 13 Mar 2008 16:59:24 +0000 (16:59 +0000)]
Added tag 0.8 for changeset
c0eb8221ba49
Anselm R Garbe [Fri, 22 Feb 2008 10:13:12 +0000 (10:13 +0000)]
applied two patches, BSD_AUTH patch and Gottox' DPMS support patch
Anselm R. Garbe [Sun, 25 Nov 2007 11:17:33 +0000 (12:17 +0100)]
removed Sander from -v by request
Anselm R. Garbe [Sat, 24 Nov 2007 20:27:44 +0000 (21:27 +0100)]
next version will be 0.8
Anselm R. Garbe [Sat, 24 Nov 2007 20:18:06 +0000 (21:18 +0100)]
Added tag 0.7 for changeset
c4635bb35a45
Anselm R. Garbe [Sat, 24 Nov 2007 20:17:32 +0000 (21:17 +0100)]
final fixes and cleanups
arg@suckless.org [Tue, 13 Nov 2007 17:16:18 +0000 (18:16 +0100)]
applied Ryan Sorensen bugfix which allows slock to acquire the keyboard grab asynchroneously
Anselm R. Garbe [Fri, 13 Apr 2007 09:48:17 +0000 (11:48 +0200)]
updating copyright stuff in slock as well
Anselm R. Garbe [Wed, 7 Mar 2007 12:31:49 +0000 (13:31 +0100)]
Added tag 0.6 for changeset
dd226a81c09a
Anselm R. Garbe [Wed, 7 Mar 2007 09:57:23 +0000 (10:57 +0100)]
grab on the root window, it is correct, all lockers do that
Anselm R. Garbe [Mon, 5 Mar 2007 10:28:53 +0000 (11:28 +0100)]
Added tag 0.5 for changeset
bd24ea7fcca2
Anselm R. Garbe [Fri, 2 Mar 2007 20:50:05 +0000 (21:50 +0100)]
grab on the slock window instead on the root window
Anselm R. Garbe [Wed, 21 Feb 2007 21:16:23 +0000 (22:16 +0100)]
made slock more readable, added root variable because we intend to call RootWindow(...) quite a lot
Anselm R. Garbe [Wed, 21 Feb 2007 20:25:53 +0000 (21:25 +0100)]
made slock more aggressive, DenisG please recheck
Anselm R. Garbe [Thu, 1 Feb 2007 12:52:36 +0000 (13:52 +0100)]
foobar