swaylock/password.c

#include <assert.h>
#include <errno.h>
#include <pwd.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <xkbcommon/xkbcommon.h>
#include "comm.h"
#include "log.h"
#include "loop.h"
#include "seat.h"
#include "swaylock.h"
#include "unicode.h"

void clear_buffer(char *buf, size_t size) {
	// Use volatile keyword so so compiler can't optimize this out.
	volatile char *buffer = buf;
	volatile char zero = '\0';
	for (size_t i = 0; i < size; ++i) {
		buffer[i] = zero;
	}
}

void clear_password_buffer(struct swaylock_password *pw) {
	clear_buffer(pw->buffer, sizeof(pw->buffer));
	pw->len = 0;
}

static bool backspace(struct swaylock_password *pw) {
	if (pw->len != 0) {
		pw->buffer[--pw->len] = 0;
		return true;
	}
	return false;
}

static void append_ch(struct swaylock_password *pw, uint32_t codepoint) {
	size_t utf8_size = utf8_chsize(codepoint);
	if (pw->len + utf8_size + 1 >= sizeof(pw->buffer)) {
		// TODO: Display error
		return;
	}
	utf8_encode(&pw->buffer[pw->len], codepoint);
	pw->buffer[pw->len + utf8_size] = 0;
	pw->len += utf8_size;
}

static void clear_indicator(void *data) {
	struct swaylock_state *state = data;
	state->clear_indicator_timer = NULL;
	state->auth_state = AUTH_STATE_IDLE;
	damage_state(state);
}

void schedule_indicator_clear(struct swaylock_state *state) {
	if (state->clear_indicator_timer) {
		loop_remove_timer(state->eventloop, state->clear_indicator_timer);
	}
	state->clear_indicator_timer = loop_add_timer(
			state->eventloop, 3000, clear_indicator, state);
}

static void clear_password(void *data) {
	struct swaylock_state *state = data;
	state->clear_password_timer = NULL;
	state->auth_state = AUTH_STATE_CLEAR;
	clear_password_buffer(&state->password);
	damage_state(state);
	schedule_indicator_clear(state);
}

static void schedule_password_clear(struct swaylock_state *state) {
	if (state->clear_password_timer) {
		loop_remove_timer(state->eventloop, state->clear_password_timer);
	}
	state->clear_password_timer = loop_add_timer(
			state->eventloop, 10000, clear_password, state);
}

static void submit_password(struct swaylock_state *state) {
	if (state->args.ignore_empty && state->password.len == 0) {
		return;
	}

	state->auth_state = AUTH_STATE_VALIDATING;

	if (!write_comm_request(&state->password)) {
		state->auth_state = AUTH_STATE_INVALID;
		schedule_indicator_clear(state);
	}

	damage_state(state);
}

void swaylock_handle_key(struct swaylock_state *state,
		xkb_keysym_t keysym, uint32_t codepoint) {
	// Ignore input events if validating
	if (state->auth_state == AUTH_STATE_VALIDATING) {
		return;
	}

	switch (keysym) {
	case XKB_KEY_KP_Enter: /* fallthrough */
	case XKB_KEY_Return:
		submit_password(state);
		break;
	case XKB_KEY_Delete:
	case XKB_KEY_BackSpace:
		if (backspace(&state->password)) {
			state->auth_state = AUTH_STATE_BACKSPACE;
		} else {
			state->auth_state = AUTH_STATE_CLEAR;
		}
		damage_state(state);
		schedule_indicator_clear(state);
		schedule_password_clear(state);
		break;
	case XKB_KEY_Escape:
		clear_password_buffer(&state->password);
		state->auth_state = AUTH_STATE_CLEAR;
		damage_state(state);
		schedule_indicator_clear(state);
		break;
	case XKB_KEY_Caps_Lock:
	case XKB_KEY_Shift_L:
	case XKB_KEY_Shift_R:
	case XKB_KEY_Control_L:
	case XKB_KEY_Control_R:
	case XKB_KEY_Meta_L:
	case XKB_KEY_Meta_R:
	case XKB_KEY_Alt_L:
	case XKB_KEY_Alt_R:
	case XKB_KEY_Super_L:
	case XKB_KEY_Super_R:
		state->auth_state = AUTH_STATE_INPUT_NOP;
		damage_state(state);
		schedule_indicator_clear(state);
		schedule_password_clear(state);
		break;
	case XKB_KEY_d:
		if (state->xkb.control) {
			submit_password(state);
			break;
		}
		// fallthrough
	case XKB_KEY_c: /* fallthrough */
	case XKB_KEY_u:
		if (state->xkb.control) {
			clear_password_buffer(&state->password);
			state->auth_state = AUTH_STATE_CLEAR;
			damage_state(state);
			schedule_indicator_clear(state);
			break;
		}
		// fallthrough
	default:
		if (codepoint) {
			append_ch(&state->password, codepoint);
			state->auth_state = AUTH_STATE_INPUT;
			damage_state(state);
			schedule_indicator_clear(state);
			schedule_password_clear(state);
		}
		break;
	}
}
Add password buffer, refactor rendering/surfaces 2018-04-03 13:31:30 -05:00			`#include <assert.h>`
swaylock: exit on display error 2018-10-23 05:46:51 -05:00			`#include <errno.h>`
Verify passwords 2018-04-03 13:49:56 -05:00			`#include <pwd.h>`
Add password buffer, refactor rendering/surfaces 2018-04-03 13:31:30 -05:00			`#include <stdlib.h>`
swaylock: Securely zero-out password. - Replace char* with static array. Any chars > 1024 will be discarded. - mlock() password buffer so it can't be written to swap. - Clear password buffer after auth succeeds or fails. This is basically the same treatment I gave the 0.15 branch in https://github.com/swaywm/sway/pull/1519 2018-04-12 19:38:24 -05:00			`#include <string.h>`
Add password buffer, refactor rendering/surfaces 2018-04-03 13:31:30 -05:00			`#include <unistd.h>`
			`#include <xkbcommon/xkbcommon.h>`
Check password without blocking 2019-01-17 05:42:13 -06:00			`#include "comm.h"`
Implement logging and remove wlroots dependency This implements a simpler version of the wlroots logger for swaylock. With this logger, the dependency on wlroots can be dropped. This also adds a debug flag and disables debugging output by default 2019-01-14 22:30:54 -06:00			`#include "log.h"`
swaylock: Remove indicator after 3 seconds 2018-10-13 01:52:13 -05:00			`#include "loop.h"`
Implement logging and remove wlroots dependency This implements a simpler version of the wlroots logger for swaylock. With this logger, the dependency on wlroots can be dropped. This also adds a debug flag and disables debugging output by default 2019-01-14 22:30:54 -06:00			`#include "seat.h"`
			`#include "swaylock.h"`
Add password buffer, refactor rendering/surfaces 2018-04-03 13:31:30 -05:00			`#include "unicode.h"`

Move PAM into a child process 2019-01-16 16:35:14 -06:00			`void clear_buffer(char *buf, size_t size) {`
swaylock: Securely zero-out password. - Replace char* with static array. Any chars > 1024 will be discarded. - mlock() password buffer so it can't be written to swap. - Clear password buffer after auth succeeds or fails. This is basically the same treatment I gave the 0.15 branch in https://github.com/swaywm/sway/pull/1519 2018-04-12 19:38:24 -05:00			`// Use volatile keyword so so compiler can't optimize this out.`
Move PAM into a child process 2019-01-16 16:35:14 -06:00			`volatile char *buffer = buf;`
swaylock: Securely zero-out password. - Replace char* with static array. Any chars > 1024 will be discarded. - mlock() password buffer so it can't be written to swap. - Clear password buffer after auth succeeds or fails. This is basically the same treatment I gave the 0.15 branch in https://github.com/swaywm/sway/pull/1519 2018-04-12 19:38:24 -05:00			`volatile char zero = '\0';`
Move PAM into a child process 2019-01-16 16:35:14 -06:00			`for (size_t i = 0; i < size; ++i) {`
swaylock: Securely zero-out password. - Replace char* with static array. Any chars > 1024 will be discarded. - mlock() password buffer so it can't be written to swap. - Clear password buffer after auth succeeds or fails. This is basically the same treatment I gave the 0.15 branch in https://github.com/swaywm/sway/pull/1519 2018-04-12 19:38:24 -05:00			`buffer[i] = zero;`
			`}`
Move PAM into a child process 2019-01-16 16:35:14 -06:00			`}`

			`void clear_password_buffer(struct swaylock_password *pw) {`
			`clear_buffer(pw->buffer, sizeof(pw->buffer));`
swaylock: Securely zero-out password. - Replace char* with static array. Any chars > 1024 will be discarded. - mlock() password buffer so it can't be written to swap. - Clear password buffer after auth succeeds or fails. This is basically the same treatment I gave the 0.15 branch in https://github.com/swaywm/sway/pull/1519 2018-04-12 19:38:24 -05:00			`pw->len = 0;`
			`}`

R E N D E R I N G 2018-04-03 14:04:31 -05:00			`static bool backspace(struct swaylock_password *pw) {`
Add password buffer, refactor rendering/surfaces 2018-04-03 13:31:30 -05:00			`if (pw->len != 0) {`
			`pw->buffer[--pw->len] = 0;`
R E N D E R I N G 2018-04-03 14:04:31 -05:00			`return true;`
Add password buffer, refactor rendering/surfaces 2018-04-03 13:31:30 -05:00			`}`
R E N D E R I N G 2018-04-03 14:04:31 -05:00			`return false;`
Add password buffer, refactor rendering/surfaces 2018-04-03 13:31:30 -05:00			`}`

			`static void append_ch(struct swaylock_password *pw, uint32_t codepoint) {`
			`size_t utf8_size = utf8_chsize(codepoint);`
swaylock: Securely zero-out password. - Replace char* with static array. Any chars > 1024 will be discarded. - mlock() password buffer so it can't be written to swap. - Clear password buffer after auth succeeds or fails. This is basically the same treatment I gave the 0.15 branch in https://github.com/swaywm/sway/pull/1519 2018-04-12 19:38:24 -05:00			`if (pw->len + utf8_size + 1 >= sizeof(pw->buffer)) {`
			`// TODO: Display error`
			`return;`
Add password buffer, refactor rendering/surfaces 2018-04-03 13:31:30 -05:00			`}`
			`utf8_encode(&pw->buffer[pw->len], codepoint);`
			`pw->buffer[pw->len + utf8_size] = 0;`
			`pw->len += utf8_size;`
			`}`

Remove timerfd from loop implementation timerfd doesn't work on the BSDs, so this replaces it with a timespec for the expiry and uses a poll timeout to check the timers when needed. 2018-10-13 21:28:38 -05:00			`static void clear_indicator(void *data) {`
swaylock: Remove indicator after 3 seconds 2018-10-13 01:52:13 -05:00			`struct swaylock_state *state = data;`
			`state->clear_indicator_timer = NULL;`
			`state->auth_state = AUTH_STATE_IDLE;`
			`damage_state(state);`
			`}`

Check password without blocking 2019-01-17 05:42:13 -06:00			`void schedule_indicator_clear(struct swaylock_state *state) {`
swaylock: Remove indicator after 3 seconds 2018-10-13 01:52:13 -05:00			`if (state->clear_indicator_timer) {`
Remove timerfd from loop implementation timerfd doesn't work on the BSDs, so this replaces it with a timespec for the expiry and uses a poll timeout to check the timers when needed. 2018-10-13 21:28:38 -05:00			`loop_remove_timer(state->eventloop, state->clear_indicator_timer);`
swaylock: Remove indicator after 3 seconds 2018-10-13 01:52:13 -05:00			`}`
			`state->clear_indicator_timer = loop_add_timer(`
			`state->eventloop, 3000, clear_indicator, state);`
			`}`

Remove timerfd from loop implementation timerfd doesn't work on the BSDs, so this replaces it with a timespec for the expiry and uses a poll timeout to check the timers when needed. 2018-10-13 21:28:38 -05:00			`static void clear_password(void *data) {`
swaylock: clear password after 10 seconds 2018-10-13 01:56:35 -05:00			`struct swaylock_state *state = data;`
			`state->clear_password_timer = NULL;`
			`state->auth_state = AUTH_STATE_CLEAR;`
			`clear_password_buffer(&state->password);`
			`damage_state(state);`
			`schedule_indicator_clear(state);`
			`}`

			`static void schedule_password_clear(struct swaylock_state *state) {`
			`if (state->clear_password_timer) {`
Remove timerfd from loop implementation timerfd doesn't work on the BSDs, so this replaces it with a timespec for the expiry and uses a poll timeout to check the timers when needed. 2018-10-13 21:28:38 -05:00			`loop_remove_timer(state->eventloop, state->clear_password_timer);`
swaylock: clear password after 10 seconds 2018-10-13 01:56:35 -05:00			`}`
			`state->clear_password_timer = loop_add_timer(`
			`state->eventloop, 10000, clear_password, state);`
			`}`

swaylock: Submit password on Ctrl-D Ctrl-D functions as EOF in most cases on the terminal. login(1) & many other programs check the password on EOF, same as Enter. To make behavior consistent, have swaylock submit the password on Ctrl-D. This commit moves the handling for Enter into its own static function, which is now also called on Ctrl-D. 2018-12-20 14:32:36 -06:00			`static void submit_password(struct swaylock_state *state) {`
			`if (state->args.ignore_empty && state->password.len == 0) {`
			`return;`
			`}`
Implement swaylock customization flags 2018-07-10 20:29:15 -05:00
swaylock: Submit password on Ctrl-D Ctrl-D functions as EOF in most cases on the terminal. login(1) & many other programs check the password on EOF, same as Enter. To make behavior consistent, have swaylock submit the password on Ctrl-D. This commit moves the handling for Enter into its own static function, which is now also called on Ctrl-D. 2018-12-20 14:32:36 -06:00			`state->auth_state = AUTH_STATE_VALIDATING;`
swaylock: Don't wait too long for surface damage before verifying 2018-10-13 02:06:33 -05:00
Check password without blocking 2019-01-17 05:42:13 -06:00			`if (!write_comm_request(&state->password)) {`
			`state->auth_state = AUTH_STATE_INVALID;`
			`schedule_indicator_clear(state);`
swaylock: Submit password on Ctrl-D Ctrl-D functions as EOF in most cases on the terminal. login(1) & many other programs check the password on EOF, same as Enter. To make behavior consistent, have swaylock submit the password on Ctrl-D. This commit moves the handling for Enter into its own static function, which is now also called on Ctrl-D. 2018-12-20 14:32:36 -06:00			`}`

			`damage_state(state);`
			`}`

			`void swaylock_handle_key(struct swaylock_state *state,`
			`xkb_keysym_t keysym, uint32_t codepoint) {`
Check password without blocking 2019-01-17 05:42:13 -06:00			`// Ignore input events if validating`
			`if (state->auth_state == AUTH_STATE_VALIDATING) {`
			`return;`
			`}`

swaylock: Submit password on Ctrl-D Ctrl-D functions as EOF in most cases on the terminal. login(1) & many other programs check the password on EOF, same as Enter. To make behavior consistent, have swaylock submit the password on Ctrl-D. This commit moves the handling for Enter into its own static function, which is now also called on Ctrl-D. 2018-12-20 14:32:36 -06:00			`switch (keysym) {`
			`case XKB_KEY_KP_Enter: /* fallthrough */`
			`case XKB_KEY_Return:`
			`submit_password(state);`
swaylock: implement a proper render loop 2018-05-25 13:34:36 -05:00			`break;`
			`case XKB_KEY_Delete:`
			`case XKB_KEY_BackSpace:`
			`if (backspace(&state->password)) {`
			`state->auth_state = AUTH_STATE_BACKSPACE;`
			`} else {`
Improved key handling in swaylock Make escape clear buffer Add indicator states for ctrl,shift,super et al Add CapsLock indicator 2018-04-20 07:46:30 -05:00			`state->auth_state = AUTH_STATE_CLEAR;`
swaylock: implement a proper render loop 2018-05-25 13:34:36 -05:00			`}`
			`damage_state(state);`
swaylock: Remove indicator after 3 seconds 2018-10-13 01:52:13 -05:00			`schedule_indicator_clear(state);`
swaylock: clear password after 10 seconds 2018-10-13 01:56:35 -05:00			`schedule_password_clear(state);`
swaylock: implement a proper render loop 2018-05-25 13:34:36 -05:00			`break;`
			`case XKB_KEY_Escape:`
			`clear_password_buffer(&state->password);`
			`state->auth_state = AUTH_STATE_CLEAR;`
			`damage_state(state);`
swaylock: Remove indicator after 3 seconds 2018-10-13 01:52:13 -05:00			`schedule_indicator_clear(state);`
swaylock: implement a proper render loop 2018-05-25 13:34:36 -05:00			`break;`
			`case XKB_KEY_Caps_Lock:`
			`case XKB_KEY_Shift_L:`
			`case XKB_KEY_Shift_R:`
			`case XKB_KEY_Control_L:`
			`case XKB_KEY_Control_R:`
			`case XKB_KEY_Meta_L:`
			`case XKB_KEY_Meta_R:`
			`case XKB_KEY_Alt_L:`
			`case XKB_KEY_Alt_R:`
			`case XKB_KEY_Super_L:`
			`case XKB_KEY_Super_R:`
			`state->auth_state = AUTH_STATE_INPUT_NOP;`
			`damage_state(state);`
swaylock: Remove indicator after 3 seconds 2018-10-13 01:52:13 -05:00			`schedule_indicator_clear(state);`
swaylock: clear password after 10 seconds 2018-10-13 01:56:35 -05:00			`schedule_password_clear(state);`
swaylock: implement a proper render loop 2018-05-25 13:34:36 -05:00			`break;`
swaylock: Submit password on Ctrl-D Ctrl-D functions as EOF in most cases on the terminal. login(1) & many other programs check the password on EOF, same as Enter. To make behavior consistent, have swaylock submit the password on Ctrl-D. This commit moves the handling for Enter into its own static function, which is now also called on Ctrl-D. 2018-12-20 14:32:36 -06:00			`case XKB_KEY_d:`
			`if (state->xkb.control) {`
			`submit_password(state);`
			`break;`
			`}`
			`// fallthrough`
swaylock: Clear password buffer on Ctrl-C I've got in the habit of using Ctrl-C with login(1) to restart password entry. If Sway does the same thing I don't have to retrain my login muscle memory ;) 2018-12-20 14:19:21 -06:00			`case XKB_KEY_c: /* fallthrough */`
swaylock: implement ^U to clear buffer The whole state->xcb.modifiers thing didn't work at all (always 0) The xkb doc says "[xkb_state_serialize_mods] should not be used in regular clients; please use the xkb_state_mod_*_is_active API instead" so here it is 2018-06-08 07:58:01 -05:00			`case XKB_KEY_u:`
			`if (state->xkb.control) {`
			`clear_password_buffer(&state->password);`
			`state->auth_state = AUTH_STATE_CLEAR;`
			`damage_state(state);`
swaylock: Remove indicator after 3 seconds 2018-10-13 01:52:13 -05:00			`schedule_indicator_clear(state);`
swaylock: implement ^U to clear buffer The whole state->xcb.modifiers thing didn't work at all (always 0) The xkb doc says "[xkb_state_serialize_mods] should not be used in regular clients; please use the xkb_state_mod_*_is_active API instead" so here it is 2018-06-08 07:58:01 -05:00			`break;`
			`}`
			`// fallthrough`
swaylock: implement a proper render loop 2018-05-25 13:34:36 -05:00			`default:`
			`if (codepoint) {`
			`append_ch(&state->password, codepoint);`
			`state->auth_state = AUTH_STATE_INPUT;`
			`damage_state(state);`
swaylock: Remove indicator after 3 seconds 2018-10-13 01:52:13 -05:00			`schedule_indicator_clear(state);`
swaylock: clear password after 10 seconds 2018-10-13 01:56:35 -05:00			`schedule_password_clear(state);`
swaylock: implement a proper render loop 2018-05-25 13:34:36 -05:00			`}`
			`break;`
Add password buffer, refactor rendering/surfaces 2018-04-03 13:31:30 -05:00			`}`
			`}`