commit - 8917670ecee53ffd46e89f1ac22ffe9ecf5090e1
commit + 3134e1a13aa7691b449e2af7d166d23172b435db
blob - bededa2e85204ddaa587830d57929b26e88f6a40
blob + 007d665ba2f67ef2edf30766d5e8d609fe0a3855
--- Makefile
+++ Makefile
SRC_STEST = dmenu/stest.c
HDR_STEST = ${HDR_DMENU}
-MAN = dwm/dwm.1 st/st.1 dmenu/dmenu.1 dmenu/stest.1
+SRC_SLOCK = slock/slock.c
+HDR_SLOCK = slock/arg.h slock/config.h slock/util.h
-all: bin/dwm bin/st bin/bedstatus bin/dmenu bin/stest bin/xbgcd
+MAN = dwm/dwm.1 st/st.1 dmenu/dmenu.1 dmenu/stest.1 slock/slock.1
+all: bin/dwm bin/st bin/bedstatus bin/dmenu bin/stest bin/xbgcd bin/slock
+
clean:
rm -rf bin
for f in ${MAN}; do \
sed 's/VERSION/${VERSION}/g' < $$f > ${DESTDIR}${MANPREFIX}/man1/$$(basename "$$f"); \
done
+ chmod u+s ${DESTDIR}${PREFIX}/bin/slock
install-user:
- cp -rf dotfiles/{,.}* ${HOME}/
+ cp -rf dotfiles/.* ${HOME}/
bin/dwm: ${SRC_DWM} ${HDR_DWM}
@mkdir -p bin
@mkdir -p bin
${CC} -o $@ ${SRC_STEST} ${CFLAGS}
-bin/xbgcd: xbgcd/xbgcd.c
+bin/xbgcd: xbgcd/xbgcd.c xbgcd/config.h
@mkdir -p bin
${CC} -o $@ xbgcd/xbgcd.c ${CFLAGS} `pkg-config --cflags --libs x11`
+bin/slock: ${SRC_SLOCK} ${HDR_SLOCK}
+ @mkdir -p bin
+ ${CC} -o $@ ${SRC_SLOCK} ${CFLAGS} `pkg-config --cflags --libs x11 xext xrandr` -lpthread
+
.PHONY: all clean install
blob - df8503d23c3ff34a53059648be656e27561a4253
blob + 9038175570baa1ab6ff4ee67a8dd5c2cee996104
--- dotfiles/.xsession
+++ dotfiles/.xsession
sndioctl output.level=1
bedstatus &
-#xbgcd &
-#xidle -delay 900 -timeout 900 -program /usr/local/bin/slock &
+xbgcd &
+xidle -delay 900 -timeout 900 -program /usr/local/bin/slock &
exec dwm
blob - /dev/null
blob + 2e4419b7d16dfb198c03c6ce8579f904f05177a4 (mode 644)
--- /dev/null
+++ slock/LICENSE
+MIT/X Consortium License
+
+© 2015-2016 Markus Teich <markus.teich@stusta.mhn.de>
+© 2014 Dimitris Papastamos <sin@2f30.org>
+© 2006-2014 Anselm R Garbe <anselm@garbe.us>
+© 2014-2016 Laslo Hunhold <dev@frign.de>
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
blob - /dev/null
blob + 0b23c53a9d2bcffc92e0e6db208ec65d7f13438d (mode 644)
--- /dev/null
+++ slock/arg.h
+/*
+ * Copy me if you can.
+ * by 20h
+ */
+
+#ifndef ARG_H__
+#define ARG_H__
+
+extern char *argv0;
+
+/* use main(int argc, char *argv[]) */
+#define ARGBEGIN for (argv0 = *argv, argv++, argc--;\
+ argv[0] && argv[0][0] == '-'\
+ && argv[0][1];\
+ argc--, argv++) {\
+ char argc_;\
+ char **argv_;\
+ int brk_;\
+ if (argv[0][1] == '-' && argv[0][2] == '\0') {\
+ argv++;\
+ argc--;\
+ break;\
+ }\
+ for (brk_ = 0, argv[0]++, argv_ = argv;\
+ argv[0][0] && !brk_;\
+ argv[0]++) {\
+ if (argv_ != argv)\
+ break;\
+ argc_ = argv[0][0];\
+ switch (argc_)
+
+/* Handles obsolete -NUM syntax */
+#define ARGNUM case '0':\
+ case '1':\
+ case '2':\
+ case '3':\
+ case '4':\
+ case '5':\
+ case '6':\
+ case '7':\
+ case '8':\
+ case '9'
+
+#define ARGEND }\
+ }
+
+#define ARGC() argc_
+
+#define ARGNUMF() (brk_ = 1, estrtonum(argv[0], 0, INT_MAX))
+
+#define EARGF(x) ((argv[0][1] == '\0' && argv[1] == NULL)?\
+ ((x), abort(), (char *)0) :\
+ (brk_ = 1, (argv[0][1] != '\0')?\
+ (&argv[0][1]) :\
+ (argc--, argv++, argv[0])))
+
+#define ARGF() ((argv[0][1] == '\0' && argv[1] == NULL)?\
+ (char *)0 :\
+ (brk_ = 1, (argv[0][1] != '\0')?\
+ (&argv[0][1]) :\
+ (argc--, argv++, argv[0])))
+
+#define LNGARG() &argv[0][0]
+
+#endif
blob - /dev/null
blob + b1704fa7b09d192d8c43f58d074b11e6112b3be3 (mode 644)
--- /dev/null
+++ slock/config.h
+/* user and group to drop privileges to */
+static const char *user = "nobody";
+static const char *group = "nogroup";
+
+static const char *colorname[NUMCOLS] = {
+ [INIT] = "black", /* after initialization */
+ [INPUT] = "#005577", /* during input */
+ [FAILED] = "#CC3333", /* wrong password */
+};
+
+/* treat a cleared input like a wrong password (color) */
+static const int failonclear = 1;
+
+/* allow control key to trigger fail on clear */
+static const int controlkeyclear = 0;
+
+/* Patch: auto-timeout */
+/* should [command] be run only once? */
+static const int runonce = 0;
+/* length of time (seconds) until [command] is executed */
+static const int timeoffset = 10 * 60;
+/* command to be run after [timeoffset] seconds has passed */
+static const char *command = "/usr/bin/zzz";
blob - /dev/null
blob + 3e33ca85b83b2bb5059da992e900d680730acf47 (mode 644)
--- /dev/null
+++ slock/explicit_bzero.c
+/* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
+/*
+ * Public domain.
+ * Written by Matthew Dempsky.
+ */
+
+#include <string.h>
+
+__attribute__((weak)) void
+__explicit_bzero_hook(void *buf, size_t len)
+{
+}
+
+void
+explicit_bzero(void *buf, size_t len)
+{
+ memset(buf, 0, len);
+ __explicit_bzero_hook(buf, len);
+}
blob - /dev/null
blob + 82cdcd62064166a75975997e7901f1df7e5bea97 (mode 644)
--- /dev/null
+++ slock/slock.1
+.Dd 2016-08-23
+.Dt SLOCK 1
+.Sh NAME
+.Nm slock
+.Nd simple X screen locker
+.Sh SYNOPSIS
+.Nm
+.Op Fl v
+.Op Ar cmd Op Ar arg ...
+.Sh DESCRIPTION
+.Nm
+is a simple X screen locker. If provided,
+.Ar cmd Op Ar arg ...
+is executed after the screen has been locked.
+.Sh OPTIONS
+.Bl -tag -width Ds
+.It Fl v
+Print version information to stdout and exit.
+.El
+.Sh SECURITY CONSIDERATIONS
+To make sure a locked screen can not be bypassed by switching VTs
+or killing the X server with Ctrl+Alt+Backspace, it is recommended
+to disable both in
+.Xr xorg.conf 5
+for maximum security:
+.Bd -literal -offset left
+Section "ServerFlags"
+ Option "DontVTSwitch" "True"
+ Option "DontZap" "True"
+EndSection
+.Ed
+.Sh EXAMPLES
+$
+.Nm
+/usr/sbin/s2ram
+.Sh CUSTOMIZATION
+.Nm
+can be customized by creating a custom config.h from config.def.h and
+(re)compiling the source code. This keeps it fast, secure and simple.
blob - /dev/null
blob + 6f285abb0082a1e10b79990cecc07fd42b7472cc (mode 644)
--- /dev/null
+++ slock/slock.c
+/* See LICENSE file for license details. */
+#define _XOPEN_SOURCE 500
+#if HAVE_SHADOW_H
+#include <shadow.h>
+#endif
+
+#include <ctype.h>
+#include <errno.h>
+#include <grp.h>
+#include <pwd.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <X11/extensions/Xrandr.h>
+#include <X11/keysym.h>
+#include <X11/Xlib.h>
+#include <X11/Xutil.h>
+
+#if HAVE_BSD_AUTH
+#include <login_cap.h>
+#include <bsd_auth.h>
+#endif
+
+/*POSIX threading for auto-timeout*/
+#include <pthread.h>
+#include <time.h>
+
+#include "arg.h"
+#include "util.h"
+
+char *argv0;
+
+enum {
+ INIT,
+ INPUT,
+ FAILED,
+ NUMCOLS
+};
+
+struct lock {
+ int screen;
+ Window root, win;
+ Pixmap pmap;
+ unsigned long colors[NUMCOLS];
+};
+
+struct xrandr {
+ int active;
+ int evbase;
+ int errbase;
+};
+
+#include "config.h"
+
+static void
+die(const char *errstr, ...)
+{
+ va_list ap;
+
+ va_start(ap, errstr);
+ vfprintf(stderr, errstr, ap);
+ va_end(ap);
+ exit(1);
+}
+
+#ifdef __linux__
+#include <fcntl.h>
+#include <linux/oom.h>
+
+static void
+dontkillme(void)
+{
+ FILE *f;
+ const char oomfile[] = "/proc/self/oom_score_adj";
+
+ if (!(f = fopen(oomfile, "w"))) {
+ if (errno == ENOENT)
+ return;
+ die("slock: fopen %s: %s\n", oomfile, strerror(errno));
+ }
+ fprintf(f, "%d", OOM_SCORE_ADJ_MIN);
+ if (fclose(f)) {
+ if (errno == EACCES)
+ die("slock: unable to disable OOM killer. "
+ "Make sure to suid or sgid slock.\n");
+ else
+ die("slock: fclose %s: %s\n", oomfile, strerror(errno));
+ }
+}
+#endif
+
+#ifndef HAVE_BSD_AUTH
+static const char *
+gethash(void)
+{
+ const char *hash;
+ struct passwd *pw;
+
+ /* Check if the current user has a password entry */
+ errno = 0;
+ if (!(pw = getpwuid(getuid()))) {
+ if (errno)
+ die("slock: getpwuid: %s\n", strerror(errno));
+ else
+ die("slock: cannot retrieve password entry\n");
+ }
+ hash = pw->pw_passwd;
+
+#if HAVE_SHADOW_H
+ if (!strcmp(hash, "x")) {
+ struct spwd *sp;
+ if (!(sp = getspnam(pw->pw_name)))
+ die("slock: getspnam: cannot retrieve shadow entry. "
+ "Make sure to suid or sgid slock.\n");
+ hash = sp->sp_pwdp;
+ }
+#else
+ if (!strcmp(hash, "*")) {
+#ifdef __OpenBSD__
+ if (!(pw = getpwuid_shadow(getuid())))
+ die("slock: getpwnam_shadow: cannot retrieve shadow entry. "
+ "Make sure to suid or sgid slock.\n");
+ hash = pw->pw_passwd;
+#else
+ die("slock: getpwuid: cannot retrieve shadow entry. "
+ "Make sure to suid or sgid slock.\n");
+#endif /* __OpenBSD__ */
+ }
+#endif /* HAVE_SHADOW_H */
+
+ return hash;
+}
+#endif /* HAVE_BSD_AUTH */
+
+static void
+#ifdef HAVE_BSD_AUTH
+readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens)
+#else
+readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens,
+ const char *hash)
+#endif
+{
+ XRRScreenChangeNotifyEvent *rre;
+ char buf[32], passwd[256];
+#ifndef HAVE_BSD_AUTH
+ char *inputhash;
+#endif
+ int num, screen, running, failure, oldc;
+ unsigned int len, color;
+ KeySym ksym;
+ XEvent ev;
+
+ len = 0;
+ running = 1;
+ failure = 0;
+ oldc = INIT;
+
+ while (running && !XNextEvent(dpy, &ev)) {
+ if (ev.type == KeyPress) {
+ explicit_bzero(&buf, sizeof(buf));
+ num = XLookupString(&ev.xkey, buf, sizeof(buf), &ksym, 0);
+ if (IsKeypadKey(ksym)) {
+ if (ksym == XK_KP_Enter)
+ ksym = XK_Return;
+ else if (ksym >= XK_KP_0 && ksym <= XK_KP_9)
+ ksym = (ksym - XK_KP_0) + XK_0;
+ }
+ if (IsFunctionKey(ksym) ||
+ IsKeypadKey(ksym) ||
+ IsMiscFunctionKey(ksym) ||
+ IsPFKey(ksym) ||
+ IsPrivateKeypadKey(ksym))
+ continue;
+ switch (ksym) {
+ case XK_Return:
+ passwd[len] = '\0';
+ errno = 0;
+#ifdef HAVE_BSD_AUTH
+ running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
+#else
+ if (!(inputhash = crypt(passwd, hash)))
+ fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
+ else
+ running = !!strcmp(inputhash, hash);
+#endif
+ if (running) {
+ XBell(dpy, 100);
+ failure = 1;
+ }
+ explicit_bzero(&passwd, sizeof(passwd));
+ len = 0;
+ break;
+ case XK_Escape:
+ explicit_bzero(&passwd, sizeof(passwd));
+ len = 0;
+ break;
+ case XK_BackSpace:
+ if (len)
+ passwd[--len] = '\0';
+ break;
+ default:
+ if (controlkeyclear && iscntrl((int)buf[0]))
+ continue;
+ if (num && (len + num < sizeof(passwd))) {
+ memcpy(passwd + len, buf, num);
+ len += num;
+ }
+ break;
+ }
+ color = len ? INPUT : ((failure || failonclear) ? FAILED : INIT);
+ if (running && oldc != color) {
+ for (screen = 0; screen < nscreens; screen++) {
+ XSetWindowBackground(dpy,
+ locks[screen]->win,
+ locks[screen]->colors[color]);
+ XClearWindow(dpy, locks[screen]->win);
+ }
+ oldc = color;
+ }
+ } else if (rr->active && ev.type == rr->evbase + RRScreenChangeNotify) {
+ rre = (XRRScreenChangeNotifyEvent*)&ev;
+ for (screen = 0; screen < nscreens; screen++) {
+ if (locks[screen]->win == rre->window) {
+ if (rre->rotation == RR_Rotate_90 ||
+ rre->rotation == RR_Rotate_270)
+ XResizeWindow(dpy, locks[screen]->win,
+ rre->height, rre->width);
+ else
+ XResizeWindow(dpy, locks[screen]->win,
+ rre->width, rre->height);
+ XClearWindow(dpy, locks[screen]->win);
+ break;
+ }
+ }
+ } else {
+ for (screen = 0; screen < nscreens; screen++)
+ XRaiseWindow(dpy, locks[screen]->win);
+ }
+ }
+}
+
+void *timeoutCommand(void *args)
+{
+ int runflag=0;
+ while (!runonce || !runflag)
+ {
+ sleep(timeoffset);
+ runflag = 1;
+ system(command);
+ }
+ return args;
+}
+
+static struct lock *
+lockscreen(Display *dpy, struct xrandr *rr, int screen)
+{
+ char curs[] = {0, 0, 0, 0, 0, 0, 0, 0};
+ int i, ptgrab, kbgrab;
+ struct lock *lock;
+ XColor color, dummy;
+ XSetWindowAttributes wa;
+ Cursor invisible;
+
+ if (dpy == NULL || screen < 0 || !(lock = malloc(sizeof(struct lock))))
+ return NULL;
+
+ lock->screen = screen;
+ lock->root = RootWindow(dpy, lock->screen);
+
+ for (i = 0; i < NUMCOLS; i++) {
+ XAllocNamedColor(dpy, DefaultColormap(dpy, lock->screen),
+ colorname[i], &color, &dummy);
+ lock->colors[i] = color.pixel;
+ }
+
+ /* init */
+ wa.override_redirect = 1;
+ wa.background_pixel = lock->colors[INIT];
+ lock->win = XCreateWindow(dpy, lock->root, 0, 0,
+ DisplayWidth(dpy, lock->screen),
+ DisplayHeight(dpy, lock->screen),
+ 0, DefaultDepth(dpy, lock->screen),
+ CopyFromParent,
+ DefaultVisual(dpy, lock->screen),
+ CWOverrideRedirect | CWBackPixel, &wa);
+ lock->pmap = XCreateBitmapFromData(dpy, lock->win, curs, 8, 8);
+ invisible = XCreatePixmapCursor(dpy, lock->pmap, lock->pmap,
+ &color, &color, 0, 0);
+ XDefineCursor(dpy, lock->win, invisible);
+
+ /* Try to grab mouse pointer *and* keyboard for 600ms, else fail the lock */
+ for (i = 0, ptgrab = kbgrab = -1; i < 6; i++) {
+ if (ptgrab != GrabSuccess) {
+ ptgrab = XGrabPointer(dpy, lock->root, False,
+ ButtonPressMask | ButtonReleaseMask |
+ PointerMotionMask, GrabModeAsync,
+ GrabModeAsync, None, invisible, CurrentTime);
+ }
+ if (kbgrab != GrabSuccess) {
+ kbgrab = XGrabKeyboard(dpy, lock->root, True,
+ GrabModeAsync, GrabModeAsync, CurrentTime);
+ }
+
+ /* input is grabbed: we can lock the screen */
+ if (ptgrab == GrabSuccess && kbgrab == GrabSuccess) {
+ XMapRaised(dpy, lock->win);
+ if (rr->active)
+ XRRSelectInput(dpy, lock->win, RRScreenChangeNotifyMask);
+
+ XSelectInput(dpy, lock->root, SubstructureNotifyMask);
+ return lock;
+ }
+
+ /* retry on AlreadyGrabbed but fail on other errors */
+ if ((ptgrab != AlreadyGrabbed && ptgrab != GrabSuccess) ||
+ (kbgrab != AlreadyGrabbed && kbgrab != GrabSuccess))
+ break;
+
+ usleep(100000);
+ }
+
+ /* we couldn't grab all input: fail out */
+ if (ptgrab != GrabSuccess)
+ fprintf(stderr, "slock: unable to grab mouse pointer for screen %d\n",
+ screen);
+ if (kbgrab != GrabSuccess)
+ fprintf(stderr, "slock: unable to grab keyboard for screen %d\n",
+ screen);
+ return NULL;
+}
+
+static void
+usage(void)
+{
+ die("usage: slock [-v] [cmd [arg ...]]\n");
+}
+
+int
+main(int argc, char **argv) {
+ struct xrandr rr;
+ struct lock **locks;
+ struct passwd *pwd;
+ struct group *grp;
+ uid_t duid;
+ gid_t dgid;
+#ifndef HAVE_BSD_AUTH
+ const char *hash;
+#endif
+ Display *dpy;
+ int s, nlocks, nscreens;
+
+ ARGBEGIN {
+ case 'v':
+ fprintf(stderr, "slock-"VERSION"\n");
+ return 0;
+ default:
+ usage();
+ } ARGEND
+
+ /* validate drop-user and -group */
+ errno = 0;
+ if (!(pwd = getpwnam(user)))
+ die("slock: getpwnam %s: %s\n", user,
+ errno ? strerror(errno) : "user entry not found");
+ duid = pwd->pw_uid;
+ errno = 0;
+ if (!(grp = getgrnam(group)))
+ die("slock: getgrnam %s: %s\n", group,
+ errno ? strerror(errno) : "group entry not found");
+ dgid = grp->gr_gid;
+
+#ifdef __linux__
+ dontkillme();
+#endif
+
+#ifndef HAVE_BSD_AUTH
+ hash = gethash();
+ errno = 0;
+ if (!crypt("", hash))
+ die("slock: crypt: %s\n", strerror(errno));
+#endif
+
+ if (!(dpy = XOpenDisplay(NULL)))
+ die("slock: cannot open display\n");
+
+/*
+ * don't drop groups for bsd-auth, slock runs as the user's normal
+ * uid, and requires gid auth from the setgid bit. (without bsd-auth
+ * slock needs to start with uid root or gid _shadow to read spwd.db,
+ * and is unable to use non-password methods)
+ */
+#ifndef HAVE_BSD_AUTH
+ /* drop privileges */
+ if (setgroups(0, NULL) < 0)
+ die("slock: setgroups: %s\n", strerror(errno));
+ if (setgid(dgid) < 0)
+ die("slock: setgid: %s\n", strerror(errno));
+ if (setuid(duid) < 0)
+ die("slock: setuid: %s\n", strerror(errno));
+#endif
+
+ /* check for Xrandr support */
+ rr.active = XRRQueryExtension(dpy, &rr.evbase, &rr.errbase);
+
+ /* get number of screens in display "dpy" and blank them */
+ nscreens = ScreenCount(dpy);
+ if (!(locks = calloc(nscreens, sizeof(struct lock *))))
+ die("slock: out of memory\n");
+ for (nlocks = 0, s = 0; s < nscreens; s++) {
+ if ((locks[s] = lockscreen(dpy, &rr, s)) != NULL)
+ nlocks++;
+ else
+ break;
+ }
+ XSync(dpy, 0);
+
+ /* did we manage to lock everything? */
+ if (nlocks != nscreens)
+ return 1;
+
+ /* run post-lock command */
+ if (argc > 0) {
+ switch (fork()) {
+ case -1:
+ die("slock: fork failed: %s\n", strerror(errno));
+ case 0:
+ if (close(ConnectionNumber(dpy)) < 0)
+ die("slock: close: %s\n", strerror(errno));
+ execvp(argv[0], argv);
+ fprintf(stderr, "slock: execvp %s: %s\n", argv[0], strerror(errno));
+ _exit(1);
+ }
+ }
+
+ /*Start the auto-timeout command in its own thread*/
+ pthread_t thread_id;
+ pthread_create(&thread_id, NULL, timeoutCommand, NULL);
+
+ /* everything is now blank. Wait for the correct password */
+#ifdef HAVE_BSD_AUTH
+ readpw(dpy, &rr, locks, nscreens);
+#else
+ readpw(dpy, &rr, locks, nscreens, hash);
+#endif
+
+ return 0;
+}
blob - /dev/null
blob + 6f748b890ddd21240f87a02940888ec5bfa5247a (mode 644)
--- /dev/null
+++ slock/util.h
+#undef explicit_bzero
+void explicit_bzero(void *, size_t);
