| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Replaces shadow support with PAM authentication support.
Change variable pam_service in config.def.h to the corresponding PAM
service. The default configuration is for ArchLinux's login service.
|
|
This reverts commit 4dae913a3f4233cdf805f1db647edcf97d44573a.
|
|
This patch keeps the screen unlocked but keeps the input locked. That
is, the screen is not affected by slock, but users will not be able to
interact with the X session unless they enter the correct password.
This is a modified version of the patch from suckless.org which allows
the user to op-into this behavior with the -u command line option.
Additionally, it is written against the dpms patch, to disable its
effects when unlock-screen is active.
|
|
This patch interacts with the Display Power Management Signaling and
automatically turns off the monitor after a configurable time. The
monitor is reactivated by a keystroke or moving the mouse.
The time until the monitor is disabled is configurable as monitortime in
the config.h file in seconds.
This is a modified version of the patch from suckless.org which permits
normal timeout values of zero.
|
|
Adds an additional configuration parameter, controlkeyclear. When set to
1, slock will no longer change to the failure color if a control key is
pressed while the buffer is empty. This is useful if, for example, you
wake your monitor up by pressing a control key and don't want to spoil
the detection of failed unlocking attempts.
|
|
Introduces an additional color to indicate the state of Caps Lock.
Written against HEAD at a31b919, but should apply to 1.2.
|
|
'nogroup' is not always found in a Linux system. In particular, it
does not exist by default in Arch Linux.
|
|
|
|
this patch does two things:
0. simplify the code by using posix_spawn()
1. unify the behavior of what happens if the post-lock cmd fails.
currently, if `fork()` fails, slock will die without locking the screen.
HOWEVER if `execvp()` fails it prints a message to stderr (which the
user cannot see since the screen has been locked already) and only exits
the child while the parent locks the screen.
to reproduce:
# slock some_bin_that_doesnt_exist
this behavior is inconsistent, if the idea is that post-lock cmd is
_not_ important then we shouldn't `die()` on `fork()` failure either.
and if we assume that the post-lock cmd _is_ important, then we should
die on exec failure as well.
this patch assumes the latter and calls `die()` if `posix_spawn()`
fails.
|
|
Remove the OPTIONS section and add an EXIT STATUS section.
|
|
|
|
* Fix all lint warnings.
* Remove "Op Ar arg..." in the description. It looks ugly.
* No need to set -offset left for .Bd literal.
|
|
|
|
Some things to improve at some point:
* Respect system/packaging CFLAGS/LDFLAGS (don't hardcode -Os -Wall -pedantic,
-s, etc).
|
|
|
|
|
|
|
|
When enter is pressed, passwd[len] will be set to '\0'. Pressing
backspace is supposed to remove the last entered character.
But currently, the clearing has an off-by-one, as in setting
passwd[len] to '\0' just like enter would do.
You can also verify it by imagining len=1 and that it's impossible to
clear passwd[0] by pressing backspace with the current code.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
|
|
|
|
|
|
|
When connecting/disconnecting a portrait monitor, the
XRRScreenChangeNotifyEvent height & width are reversed due to the XRandR
rotation; detect this and DTRT.
|
|
|
|
|
|
|
|
|
|
|
|
Makes it a tad more readable; the previous "optimization" will be done
by the compiler anyway.
|
|
|
|
|
|
This makes the code more readable and prevents wraparounds in the
editor.
|
|
The section on security considerations sheds some light on the problems that we
can't solve within slock but which the user has to solve in his X configuration.
|
|
FRIGN on hackers@suckless.org:
What has been bugging me for quite a while is this DPMS comment that was added
there for no reason. Every sane mind would agree that fiddling with DPMS makes
no sense whatsoever. When I slock, my screen turns off after 10 minutes. So, if
I don't like that, I disable DPMS. If I do, I just fiddle around with my mouse a
bit and get the slock promt.
|
|
|
|
This was extremely bad practice, effectively making the program behave
different depending on which architecture you are running it on.
OpenBSD offers getpwuid_shadow, but there is no getspuid for getspnam,
so we resort to using the pw_name entry in the struct passwd we filled
earlier.
This prevents slock from crashing when $USER is empty (easy to do). If
you want to run slock as a different user, don't use
$ USER="tom" slock
but doas or sudo which were designed for this purpose.
|
|
|
|
The cleanup removal is a joint-venture with Markus. We assume the X server does
the cleanup, so we don't need it. The idea is that the fds are closed at exit
and thus already indicate to the X server that the client has quit. Analogously
the same applies to freeing memory sections previously allocated for the X
server.
We love XXXXXL burgers and therefore removed
XUngrabPointer
XUngrabKeyboard
XFreeColors
XFreePixmap
XDestroyWindow
Lines of Code.
For a project like slock there is no need to carry around global state. By
moving the three structures to main() it is now clear which functions modify
which state, greatly improving the readability of the code, especially given
slock is a suid program.
|
|
Group each *FLAG with its description and add a NetBSD specific.
|
|
Don't hide privilege drops inside readpw() and actually make it
configurable what you are dropping to in config.h.
The privilege drop comes after opening the Display because the
user "nobody" with "nogroup" can't do that.
So why do I call this strategy the Polyphemus-Mitigation?
"""
After the giant returns in the evening and eats two more of the men,
Odysseus offers Polyphemus some strong and undiluted wine given to him
earlier on his journey. Drunk and unwary, the giant asks Odysseus his
name, promising him a guest-gift if he answers. Odysseus tells him
"Οὖτις", which means "nobody" and Polyphemus promises to eat this
"Nobody" last of all. With that, he falls into a drunken sleep. Odysseus
had meanwhile hardened a wooden stake in the fire and now drives it into
Polyphemus' eye. When Polyphemus shouts for help from his fellow giants,
saying that "Nobody" has hurt him, they think Polyphemus is being
afflicted by divine power and recommend prayer as the answer.
"""
(source: https://en.wikipedia.org/wiki/Polyphemus)
|
|
|
|
|
|
|
|
They are only needed there, so don't make them global.
|
|
|
|
We actually “need” to wait a little for input to be released before
locking for cases where slock is spawned from other graphical
applications using keybindings.
This undoes the misbehaviour I introduced in c2f9757, sorry for the mess.
|
|
|
|
- Use file pointers instead of raw I/O, inspired by Kernel code.
- Use OOM_SCORE_ADJ_MIN from linux/oom.h instead of working with
magic values.
- Stricter error checking and descriptive error messages.
The reasoning for using the constant rather than magic values lies
in the fact that this ensures people get the message.
With "-1000", a code reviewer would question if that is really the
lowest possible number or just an arbitrary value.
The kernel ABI probably won't change, but even in the case, we wouldn't
have to modify the code. The OOM killer only is guaranteed to not
kill you if you have OOM_SCORE_ADJ_MIN.
|
|
In all honor, the previous usage was formally more correct, but for the
sake of consistency across all the tools having the v-flag, I separated
it from the command-string.
Also, make use of the mandoc macros for the manpage. This makes it
easier to maintain, extend and change in the future.
|
|
|
|
Thanks to Hiltjo for discovering this.
|
