slock 1.4 / bsd-auth

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

slock 1.4 / bsd-auth

Stuart Henderson
I've written a patch to add bsd-auth support back to slock 1.4 which
I've been using for a while. Tidied the make variable handling a bit
as well, no need to patch to use ?=, they can just be overridden with
MAKE_FLAGS. OK?

Index: Makefile
===================================================================
RCS file: /cvs/ports/x11/slock/Makefile,v
retrieving revision 1.17
diff -u -p -r1.17 Makefile
--- Makefile 12 Jul 2019 20:51:21 -0000 1.17
+++ Makefile 21 May 2020 10:58:17 -0000
@@ -2,9 +2,7 @@
 
 COMMENT= simple X screen locker
 
-# slock-1.4 drops bsd-auth support; CVE-2016-6866 doesn't affect HAVE_BSD_AUTH
-DISTNAME= slock-1.3
-REVISION= 1
+DISTNAME= slock-1.4
 
 CATEGORIES= x11
 
@@ -19,9 +17,11 @@ WANTLIB= X11 c Xext Xrandr
 
 MASTER_SITES= http://dl.suckless.org/tools/
 
-MAKE_ENV= CC="${CC}" \
- LDFLAGS="${LDFLAGS}"
-FAKE_FLAGS= DESTDIR=""
+MAKE_FLAGS= CC="${CC}" \
+ COPTFLAGS="${CFLAGS}" \
+ MANPREFIX=${PREFIX}/man \
+ X11INC=${X11BASE}/include \
+ X11LIB=${X11BASE}/lib
 
 NO_TEST= Yes
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/x11/slock/distinfo,v
retrieving revision 1.10
diff -u -p -r1.10 distinfo
--- distinfo 5 Mar 2016 19:17:01 -0000 1.10
+++ distinfo 21 May 2020 10:58:17 -0000
@@ -1,2 +1,2 @@
-SHA256 (slock-1.3.tar.gz) = urSjrqQEaqD9A2HDZJt5uQylMbxd+uPEpsD+Q2FSvRg=
-SIZE (slock-1.3.tar.gz) = 5943
+SHA256 (slock-1.4.tar.gz) = tThJ28YBCamH16SbjaGXMFwpMH/XTBLcGK8NMEQ5Lmo=
+SIZE (slock-1.4.tar.gz) = 6889
Index: patches/patch-Makefile
===================================================================
RCS file: /cvs/ports/x11/slock/patches/patch-Makefile,v
retrieving revision 1.5
diff -u -p -r1.5 patch-Makefile
--- patches/patch-Makefile 5 Mar 2016 19:17:01 -0000 1.5
+++ patches/patch-Makefile 21 May 2020 10:58:17 -0000
@@ -1,6 +1,8 @@
-$OpenBSD: patch-Makefile,v 1.5 2016/03/05 19:17:01 jung Exp $
---- Makefile.orig Fri Feb 12 20:29:02 2016
-+++ Makefile Fri Feb 26 21:06:04 2016
+$OpenBSD$
+
+Index: Makefile
+--- Makefile.orig
++++ Makefile
 @@ -15,8 +15,7 @@ options:
  @echo "CC       = ${CC}"
 
@@ -9,7 +11,7 @@ $OpenBSD: patch-Makefile,v 1.5 2016/03/0
 - @${CC} -c ${CFLAGS} $<
 + ${CC} -c ${CFLAGS} $<
 
- ${OBJ}: config.h config.mk
+ ${OBJ}: config.h config.mk arg.h util.h
 
 @@ -25,8 +24,7 @@ config.h:
  @cp config.def.h $@
Index: patches/patch-config_def_h
===================================================================
RCS file: patches/patch-config_def_h
diff -N patches/patch-config_def_h
--- patches/patch-config_def_h 5 Mar 2016 19:17:01 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,11 +0,0 @@
-$OpenBSD: patch-config_def_h,v 1.2 2016/03/05 19:17:01 jung Exp $
---- config.def.h.orig Fri Feb 12 20:29:02 2016
-+++ config.def.h Fri Feb 26 20:57:47 2016
-@@ -1,6 +1,6 @@
- static const char *colorname[NUMCOLS] = {
- "black",     /* after initialization */
-- "#005577",   /* during input */
-+ "#404040",   /* during input */
- "#CC3333",   /* failed/cleared the input */
- };
- static const Bool failonclear = True;
Index: patches/patch-config_mk
===================================================================
RCS file: /cvs/ports/x11/slock/patches/patch-config_mk,v
retrieving revision 1.9
diff -u -p -r1.9 patch-config_mk
--- patches/patch-config_mk 13 Aug 2016 14:00:00 -0000 1.9
+++ patches/patch-config_mk 21 May 2020 10:58:17 -0000
@@ -1,44 +1,23 @@
-$OpenBSD: patch-config_mk,v 1.9 2016/08/13 14:00:00 tb Exp $
---- config.mk.orig Fri Feb 12 20:29:02 2016
-+++ config.mk Sat Aug 13 15:38:13 2016
-@@ -4,28 +4,28 @@ VERSION = 1.3
- # Customize below to fit your system
-
- # paths
--PREFIX = /usr/local
--MANPREFIX = ${PREFIX}/share/man
-+PREFIX ?= /usr/local
-+MANPREFIX = ${PREFIX}/man
-
--X11INC = /usr/X11R6/include
--X11LIB = /usr/X11R6/lib
-+X11INC = ${X11BASE}/include
-+X11LIB = ${X11BASE}/lib
+$OpenBSD$
+
+Index: config.mk
+--- config.mk.orig
++++ config.mk
+@@ -12,12 +12,13 @@ X11LIB = /usr/X11R6/lib
 
  # includes and libs
--INCS = -I. -I/usr/include -I${X11INC}
+ INCS = -I. -I/usr/include -I${X11INC}
 -LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr
-+INCS = -I${X11INC}
-+LIBS = -L${X11LIB} -lX11 -lXext -lXrandr
++LIBS = -L/usr/lib -L${X11LIB} -lX11 -lXext -lXrandr
 
  # flags
--CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H
+-CPPFLAGS = -DVERSION=\"${VERSION}\" -D_DEFAULT_SOURCE -DHAVE_SHADOW_H
 -CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}
 -LDFLAGS = -s ${LIBS}
-+CPPFLAGS += -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE
-+CFLAGS += -std=c99 -pedantic -Wall ${INCS} ${CPPFLAGS}
-+LDFLAGS += ${LIBS}
++COPTFLAGS = -Os
++CPPFLAGS = -DVERSION=\"${VERSION}\" -D_DEFAULT_SOURCE -DHAVE_BSD_AUTH -D_BSD_SOURCE
++CFLAGS = -std=c99 -pedantic -Wall ${INCS} ${CPPFLAGS} ${COPTFLAGS}
++LDFLAGS = ${LIBS}
+ COMPATSRC = explicit_bzero.c
 
- # On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH
  # On OpenBSD and Darwin remove -lcrypt from LIBS
-
- # compiler and linker
--CC = cc
-+CC ?= cc
-
- # Install mode. On BSD systems MODE=2755 and GROUP=auth
- # On others MODE=4755 and GROUP=root
--#MODE=2755
--#GROUP=auth
-+MODE=2755
-+GROUP=auth
Index: patches/patch-slock_c
===================================================================
RCS file: /cvs/ports/x11/slock/patches/patch-slock_c,v
retrieving revision 1.3
diff -u -p -r1.3 patch-slock_c
--- patches/patch-slock_c 13 Aug 2016 14:00:00 -0000 1.3
+++ patches/patch-slock_c 21 May 2020 10:58:17 -0000
@@ -1,33 +1,119 @@
-$OpenBSD: patch-slock_c,v 1.3 2016/08/13 14:00:00 tb Exp $
---- slock.c.orig Fri Feb 12 20:29:02 2016
-+++ slock.c Sat Aug 13 15:37:49 2016
-@@ -47,7 +47,7 @@ static Bool rr;
- static int rrevbase;
- static int rrerrbase;
-
--static void
-+static void __attribute__((__noreturn__, __format__(printf, 1, 2)))
- die(const char *errstr, ...)
+$OpenBSD$
+
+Add back bsd-auth support, removed in 04143fd68dbc
+
+Index: slock.c
+--- slock.c.orig
++++ slock.c
+@@ -19,6 +19,11 @@
+ #include <X11/Xlib.h>
+ #include <X11/Xutil.h>
+
++#if HAVE_BSD_AUTH
++#include <login_cap.h>
++#include <bsd_auth.h>
++#endif
++
+ #include "arg.h"
+ #include "util.h"
+
+@@ -83,6 +88,7 @@ dontkillme(void)
+ }
+ #endif
+
++#ifndef HAVE_BSD_AUTH
+ static const char *
+ gethash(void)
  {
- va_list ap;
-@@ -172,10 +172,12 @@ readpw(Display *dpy, const char *pws)
- break;
- case XK_Escape:
- len = 0;
-+ explicit_bzero(passwd, sizeof(passwd));
- break;
- case XK_BackSpace:
- if (len)
- --len;
-+ explicit_bzero(passwd + len, 1);
- break;
- default:
- if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) {
-@@ -185,6 +187,7 @@ readpw(Display *dpy, const char *pws)
- break;
- }
- color = len ? INPUT : (failure || failonclear ? FAILED : INIT);
-+ explicit_bzero(buf, sizeof(buf));
- if (running && oldc != color) {
- for (screen = 0; screen < nscreens; screen++) {
- XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[color]);
+@@ -123,13 +129,21 @@ gethash(void)
+
+ return hash;
+ }
++#endif /* HAVE_BSD_AUTH */
+
+ static void
++#ifdef HAVE_BSD_AUTH
++readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens)
++#else
+ readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens,
+        const char *hash)
++#endif
+ {
+ XRRScreenChangeNotifyEvent *rre;
+- char buf[32], passwd[256], *inputhash;
++ char buf[32], passwd[256];
++#ifndef HAVE_BSD_AUTH
++ char *inputhash;
++#endif
+ int num, screen, running, failure, oldc;
+ unsigned int len, color;
+ KeySym ksym;
+@@ -160,10 +174,14 @@ readpw(Display *dpy, struct xrandr *rr, struct lock **
+ case XK_Return:
+ passwd[len] = '\0';
+ errno = 0;
++#ifdef HAVE_BSD_AUTH
++ running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
++#else
+ if (!(inputhash = crypt(passwd, hash)))
+ fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
+ else
+ running = !!strcmp(inputhash, hash);
++#endif
+ if (running) {
+ XBell(dpy, 100);
+ failure = 1;
+@@ -303,7 +321,9 @@ main(int argc, char **argv) {
+ struct group *grp;
+ uid_t duid;
+ gid_t dgid;
++#ifndef HAVE_BSD_AUTH
+ const char *hash;
++#endif
+ Display *dpy;
+ int s, nlocks, nscreens;
+
+@@ -331,14 +351,23 @@ main(int argc, char **argv) {
+ dontkillme();
+ #endif
+
++#ifndef HAVE_BSD_AUTH
+ hash = gethash();
+ errno = 0;
+ if (!crypt("", hash))
+ die("slock: crypt: %s\n", strerror(errno));
++#endif
+
+ if (!(dpy = XOpenDisplay(NULL)))
+ die("slock: cannot open display\n");
+
++/*
++ * don't drop groups for bsd-auth, slock runs as the user's normal
++ * uid, and requires gid auth from the setgid bit. (without bsd-auth
++ * slock needs to start with uid root or gid _shadow to read spwd.db,
++ * and is unable to use non-password methods)
++ */
++#ifndef HAVE_BSD_AUTH
+ /* drop privileges */
+ if (setgroups(0, NULL) < 0)
+ die("slock: setgroups: %s\n", strerror(errno));
+@@ -346,6 +375,7 @@ main(int argc, char **argv) {
+ die("slock: setgid: %s\n", strerror(errno));
+ if (setuid(duid) < 0)
+ die("slock: setuid: %s\n", strerror(errno));
++#endif
+
+ /* check for Xrandr support */
+ rr.active = XRRQueryExtension(dpy, &rr.evbase, &rr.errbase);
+@@ -381,7 +411,11 @@ main(int argc, char **argv) {
+ }
+
+ /* everything is now blank. Wait for the correct password */
++#ifdef HAVE_BSD_AUTH
++ readpw(dpy, &rr, locks, nscreens);
++#else
+ readpw(dpy, &rr, locks, nscreens, hash);
++#endif
+
+ return 0;
+ }

Reply | Threaded
Open this post in threaded view
|

Re: slock 1.4 / bsd-auth

Theo Buehler-3
On Thu, May 21, 2020 at 11:58:37AM +0100, Stuart Henderson wrote:
> I've written a patch to add bsd-auth support back to slock 1.4 which
> I've been using for a while. Tidied the make variable handling a bit
> as well, no need to patch to use ?=, they can just be overridden with
> MAKE_FLAGS. OK?

I would prefer if this used the libc version of explicit_bzero instead
of the local copy. For this, set COMPATSRC to empty in compat.mk (why do
you add a COPTSFLAG=-Os via a patch?).

While the updated slock seems to work fine from the command line, it
doesn't lock at all if I use it from a i3 binding.  I have been using

        bindsym $mod+Mod1+l exec "slock"

in my ~/.i3/config for many years without issue, but this breaks with
this update. In my xsession-errors I see:

slock: unable to grab mouse pointer for screen 0
slock: unable to grab keyboard for screen 0

I haven't looked more closely into why this happens, but I would
appreciate a workaround for this so I can keep a binding for the lock.

Out of curiosity: what prompted this update?

>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/x11/slock/Makefile,v
> retrieving revision 1.17
> diff -u -p -r1.17 Makefile
> --- Makefile 12 Jul 2019 20:51:21 -0000 1.17
> +++ Makefile 21 May 2020 10:58:17 -0000
> @@ -2,9 +2,7 @@
>  
>  COMMENT= simple X screen locker
>  
> -# slock-1.4 drops bsd-auth support; CVE-2016-6866 doesn't affect HAVE_BSD_AUTH
> -DISTNAME= slock-1.3
> -REVISION= 1
> +DISTNAME= slock-1.4
>  
>  CATEGORIES= x11
>  
> @@ -19,9 +17,11 @@ WANTLIB= X11 c Xext Xrandr
>  
>  MASTER_SITES= http://dl.suckless.org/tools/
>  
> -MAKE_ENV= CC="${CC}" \
> - LDFLAGS="${LDFLAGS}"
> -FAKE_FLAGS= DESTDIR=""
> +MAKE_FLAGS= CC="${CC}" \
> + COPTFLAGS="${CFLAGS}" \
> + MANPREFIX=${PREFIX}/man \
> + X11INC=${X11BASE}/include \
> + X11LIB=${X11BASE}/lib
>  
>  NO_TEST= Yes
>  
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/x11/slock/distinfo,v
> retrieving revision 1.10
> diff -u -p -r1.10 distinfo
> --- distinfo 5 Mar 2016 19:17:01 -0000 1.10
> +++ distinfo 21 May 2020 10:58:17 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (slock-1.3.tar.gz) = urSjrqQEaqD9A2HDZJt5uQylMbxd+uPEpsD+Q2FSvRg=
> -SIZE (slock-1.3.tar.gz) = 5943
> +SHA256 (slock-1.4.tar.gz) = tThJ28YBCamH16SbjaGXMFwpMH/XTBLcGK8NMEQ5Lmo=
> +SIZE (slock-1.4.tar.gz) = 6889
> Index: patches/patch-Makefile
> ===================================================================
> RCS file: /cvs/ports/x11/slock/patches/patch-Makefile,v
> retrieving revision 1.5
> diff -u -p -r1.5 patch-Makefile
> --- patches/patch-Makefile 5 Mar 2016 19:17:01 -0000 1.5
> +++ patches/patch-Makefile 21 May 2020 10:58:17 -0000
> @@ -1,6 +1,8 @@
> -$OpenBSD: patch-Makefile,v 1.5 2016/03/05 19:17:01 jung Exp $
> ---- Makefile.orig Fri Feb 12 20:29:02 2016
> -+++ Makefile Fri Feb 26 21:06:04 2016
> +$OpenBSD$
> +
> +Index: Makefile
> +--- Makefile.orig
> ++++ Makefile
>  @@ -15,8 +15,7 @@ options:
>   @echo "CC       = ${CC}"
>  
> @@ -9,7 +11,7 @@ $OpenBSD: patch-Makefile,v 1.5 2016/03/0
>  - @${CC} -c ${CFLAGS} $<
>  + ${CC} -c ${CFLAGS} $<
>  
> - ${OBJ}: config.h config.mk
> + ${OBJ}: config.h config.mk arg.h util.h
>  
>  @@ -25,8 +24,7 @@ config.h:
>   @cp config.def.h $@
> Index: patches/patch-config_def_h
> ===================================================================
> RCS file: patches/patch-config_def_h
> diff -N patches/patch-config_def_h
> --- patches/patch-config_def_h 5 Mar 2016 19:17:01 -0000 1.2
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,11 +0,0 @@
> -$OpenBSD: patch-config_def_h,v 1.2 2016/03/05 19:17:01 jung Exp $
> ---- config.def.h.orig Fri Feb 12 20:29:02 2016
> -+++ config.def.h Fri Feb 26 20:57:47 2016
> -@@ -1,6 +1,6 @@
> - static const char *colorname[NUMCOLS] = {
> - "black",     /* after initialization */
> -- "#005577",   /* during input */
> -+ "#404040",   /* during input */
> - "#CC3333",   /* failed/cleared the input */
> - };
> - static const Bool failonclear = True;
> Index: patches/patch-config_mk
> ===================================================================
> RCS file: /cvs/ports/x11/slock/patches/patch-config_mk,v
> retrieving revision 1.9
> diff -u -p -r1.9 patch-config_mk
> --- patches/patch-config_mk 13 Aug 2016 14:00:00 -0000 1.9
> +++ patches/patch-config_mk 21 May 2020 10:58:17 -0000
> @@ -1,44 +1,23 @@
> -$OpenBSD: patch-config_mk,v 1.9 2016/08/13 14:00:00 tb Exp $
> ---- config.mk.orig Fri Feb 12 20:29:02 2016
> -+++ config.mk Sat Aug 13 15:38:13 2016
> -@@ -4,28 +4,28 @@ VERSION = 1.3
> - # Customize below to fit your system
> -
> - # paths
> --PREFIX = /usr/local
> --MANPREFIX = ${PREFIX}/share/man
> -+PREFIX ?= /usr/local
> -+MANPREFIX = ${PREFIX}/man
> -
> --X11INC = /usr/X11R6/include
> --X11LIB = /usr/X11R6/lib
> -+X11INC = ${X11BASE}/include
> -+X11LIB = ${X11BASE}/lib
> +$OpenBSD$
> +
> +Index: config.mk
> +--- config.mk.orig
> ++++ config.mk
> +@@ -12,12 +12,13 @@ X11LIB = /usr/X11R6/lib
>  
>   # includes and libs
> --INCS = -I. -I/usr/include -I${X11INC}
> + INCS = -I. -I/usr/include -I${X11INC}
>  -LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr
> -+INCS = -I${X11INC}
> -+LIBS = -L${X11LIB} -lX11 -lXext -lXrandr
> ++LIBS = -L/usr/lib -L${X11LIB} -lX11 -lXext -lXrandr
>  
>   # flags
> --CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H
> +-CPPFLAGS = -DVERSION=\"${VERSION}\" -D_DEFAULT_SOURCE -DHAVE_SHADOW_H
>  -CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}
>  -LDFLAGS = -s ${LIBS}
> -+CPPFLAGS += -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE
> -+CFLAGS += -std=c99 -pedantic -Wall ${INCS} ${CPPFLAGS}
> -+LDFLAGS += ${LIBS}
> ++COPTFLAGS = -Os
> ++CPPFLAGS = -DVERSION=\"${VERSION}\" -D_DEFAULT_SOURCE -DHAVE_BSD_AUTH -D_BSD_SOURCE
> ++CFLAGS = -std=c99 -pedantic -Wall ${INCS} ${CPPFLAGS} ${COPTFLAGS}
> ++LDFLAGS = ${LIBS}
> + COMPATSRC = explicit_bzero.c
>  
> - # On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH
>   # On OpenBSD and Darwin remove -lcrypt from LIBS
> -
> - # compiler and linker
> --CC = cc
> -+CC ?= cc
> -
> - # Install mode. On BSD systems MODE=2755 and GROUP=auth
> - # On others MODE=4755 and GROUP=root
> --#MODE=2755
> --#GROUP=auth
> -+MODE=2755
> -+GROUP=auth
> Index: patches/patch-slock_c
> ===================================================================
> RCS file: /cvs/ports/x11/slock/patches/patch-slock_c,v
> retrieving revision 1.3
> diff -u -p -r1.3 patch-slock_c
> --- patches/patch-slock_c 13 Aug 2016 14:00:00 -0000 1.3
> +++ patches/patch-slock_c 21 May 2020 10:58:17 -0000
> @@ -1,33 +1,119 @@
> -$OpenBSD: patch-slock_c,v 1.3 2016/08/13 14:00:00 tb Exp $
> ---- slock.c.orig Fri Feb 12 20:29:02 2016
> -+++ slock.c Sat Aug 13 15:37:49 2016
> -@@ -47,7 +47,7 @@ static Bool rr;
> - static int rrevbase;
> - static int rrerrbase;
> -
> --static void
> -+static void __attribute__((__noreturn__, __format__(printf, 1, 2)))
> - die(const char *errstr, ...)
> +$OpenBSD$
> +
> +Add back bsd-auth support, removed in 04143fd68dbc
> +
> +Index: slock.c
> +--- slock.c.orig
> ++++ slock.c
> +@@ -19,6 +19,11 @@
> + #include <X11/Xlib.h>
> + #include <X11/Xutil.h>
> +
> ++#if HAVE_BSD_AUTH
> ++#include <login_cap.h>
> ++#include <bsd_auth.h>
> ++#endif
> ++
> + #include "arg.h"
> + #include "util.h"
> +
> +@@ -83,6 +88,7 @@ dontkillme(void)
> + }
> + #endif
> +
> ++#ifndef HAVE_BSD_AUTH
> + static const char *
> + gethash(void)
>   {
> - va_list ap;
> -@@ -172,10 +172,12 @@ readpw(Display *dpy, const char *pws)
> - break;
> - case XK_Escape:
> - len = 0;
> -+ explicit_bzero(passwd, sizeof(passwd));
> - break;
> - case XK_BackSpace:
> - if (len)
> - --len;
> -+ explicit_bzero(passwd + len, 1);
> - break;
> - default:
> - if (num && !iscntrl((int)buf[0]) && (len + num < sizeof(passwd))) {
> -@@ -185,6 +187,7 @@ readpw(Display *dpy, const char *pws)
> - break;
> - }
> - color = len ? INPUT : (failure || failonclear ? FAILED : INIT);
> -+ explicit_bzero(buf, sizeof(buf));
> - if (running && oldc != color) {
> - for (screen = 0; screen < nscreens; screen++) {
> - XSetWindowBackground(dpy, locks[screen]->win, locks[screen]->colors[color]);
> +@@ -123,13 +129,21 @@ gethash(void)
> +
> + return hash;
> + }
> ++#endif /* HAVE_BSD_AUTH */
> +
> + static void
> ++#ifdef HAVE_BSD_AUTH
> ++readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens)
> ++#else
> + readpw(Display *dpy, struct xrandr *rr, struct lock **locks, int nscreens,
> +        const char *hash)
> ++#endif
> + {
> + XRRScreenChangeNotifyEvent *rre;
> +- char buf[32], passwd[256], *inputhash;
> ++ char buf[32], passwd[256];
> ++#ifndef HAVE_BSD_AUTH
> ++ char *inputhash;
> ++#endif
> + int num, screen, running, failure, oldc;
> + unsigned int len, color;
> + KeySym ksym;
> +@@ -160,10 +174,14 @@ readpw(Display *dpy, struct xrandr *rr, struct lock **
> + case XK_Return:
> + passwd[len] = '\0';
> + errno = 0;
> ++#ifdef HAVE_BSD_AUTH
> ++ running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
> ++#else
> + if (!(inputhash = crypt(passwd, hash)))
> + fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
> + else
> + running = !!strcmp(inputhash, hash);
> ++#endif
> + if (running) {
> + XBell(dpy, 100);
> + failure = 1;
> +@@ -303,7 +321,9 @@ main(int argc, char **argv) {
> + struct group *grp;
> + uid_t duid;
> + gid_t dgid;
> ++#ifndef HAVE_BSD_AUTH
> + const char *hash;
> ++#endif
> + Display *dpy;
> + int s, nlocks, nscreens;
> +
> +@@ -331,14 +351,23 @@ main(int argc, char **argv) {
> + dontkillme();
> + #endif
> +
> ++#ifndef HAVE_BSD_AUTH
> + hash = gethash();
> + errno = 0;
> + if (!crypt("", hash))
> + die("slock: crypt: %s\n", strerror(errno));
> ++#endif
> +
> + if (!(dpy = XOpenDisplay(NULL)))
> + die("slock: cannot open display\n");
> +
> ++/*
> ++ * don't drop groups for bsd-auth, slock runs as the user's normal
> ++ * uid, and requires gid auth from the setgid bit. (without bsd-auth
> ++ * slock needs to start with uid root or gid _shadow to read spwd.db,
> ++ * and is unable to use non-password methods)
> ++ */
> ++#ifndef HAVE_BSD_AUTH
> + /* drop privileges */
> + if (setgroups(0, NULL) < 0)
> + die("slock: setgroups: %s\n", strerror(errno));
> +@@ -346,6 +375,7 @@ main(int argc, char **argv) {
> + die("slock: setgid: %s\n", strerror(errno));
> + if (setuid(duid) < 0)
> + die("slock: setuid: %s\n", strerror(errno));
> ++#endif
> +
> + /* check for Xrandr support */
> + rr.active = XRRQueryExtension(dpy, &rr.evbase, &rr.errbase);
> +@@ -381,7 +411,11 @@ main(int argc, char **argv) {
> + }
> +
> + /* everything is now blank. Wait for the correct password */
> ++#ifdef HAVE_BSD_AUTH
> ++ readpw(dpy, &rr, locks, nscreens);
> ++#else
> + readpw(dpy, &rr, locks, nscreens, hash);
> ++#endif
> +
> + return 0;
> + }
>

Reply | Threaded
Open this post in threaded view
|

Re: slock 1.4 / bsd-auth

Gleydson Soares-2
In reply to this post by Stuart Henderson
On Thu, May 21, 2020 at 11:58:37AM +0100, Stuart Henderson wrote:
> I've written a patch to add bsd-auth support back to slock 1.4 which
> I've been using for a while. Tidied the make variable handling a bit
> as well, no need to patch to use ?=, they can just be overridden with
> MAKE_FLAGS. OK?

OK gsoares@

Reply | Threaded
Open this post in threaded view
|

Re: slock 1.4 / bsd-auth

Gleydson Soares-2
In reply to this post by Theo Buehler-3
On Thu, May 21, 2020 at 01:49:36PM +0200, Theo Buehler wrote:

> On Thu, May 21, 2020 at 11:58:37AM +0100, Stuart Henderson wrote:
> > I've written a patch to add bsd-auth support back to slock 1.4 which
> > I've been using for a while. Tidied the make variable handling a bit
> > as well, no need to patch to use ?=, they can just be overridden with
> > MAKE_FLAGS. OK?
>
> I would prefer if this used the libc version of explicit_bzero instead
> of the local copy. For this, set COMPATSRC to empty in compat.mk (why do
> you add a COPTSFLAG=-Os via a patch?).
>
> While the updated slock seems to work fine from the command line, it
> doesn't lock at all if I use it from a i3 binding.  I have been using
>
> bindsym $mod+Mod1+l exec "slock"

It happens with some X11 apps that request the mouse pointer right away,
but it is grabbed so it fails,

You can fix it changing your bindkey to something like:
"bindsym --release $mod+Mod1+l exec "sleep 0.5 ; slock"

Actually, i3 has a feature for dealing with it though, --release:
try better: bindsym --release $mod+Mod1+l exec "slock"

Reply | Threaded
Open this post in threaded view
|

Re: slock 1.4 / bsd-auth

Theo Buehler-5
> Actually, i3 has a feature for dealing with it though, --release:
> try better: bindsym --release $mod+Mod1+l exec "slock"

That works, thanks. I'm fine with this going in if the port's copy of
explicit_bzero is disabled with "COMPATSRC=".

Reply | Threaded
Open this post in threaded view
|

Re: slock 1.4 / bsd-auth

Gleydson Soares-2
On Sun, May 24, 2020 at 02:15:58AM +0200, Theo Buehler wrote:
> > Actually, i3 has a feature for dealing with it though, --release:
> > try better: bindsym --release $mod+Mod1+l exec "slock"
>
> That works, thanks. I'm fine with this going in if the port's copy of
> explicit_bzero is disabled with "COMPATSRC=".

sthen@
You have my OK either way, with or w/o COMPATSRC stuff tweak
requested by tb@

Reply | Threaded
Open this post in threaded view
|

Re: slock 1.4 / bsd-auth

Stuart Henderson
In reply to this post by Gleydson Soares-2
On 2020/05/21 13:49, Theo Buehler wrote:
> On Thu, May 21, 2020 at 11:58:37AM +0100, Stuart Henderson wrote:
> > I've written a patch to add bsd-auth support back to slock 1.4 which
> > I've been using for a while. Tidied the make variable handling a bit
> > as well, no need to patch to use ?=, they can just be overridden with
> > MAKE_FLAGS. OK?
>
> I would prefer if this used the libc version of explicit_bzero instead
> of the local copy. For this, set COMPATSRC to empty in compat.mk (why do
> you add a COPTSFLAG=-Os via a patch?).

I wanted to keep the patched Makefile doing the same thing as the original,
just allowing optimizer flags to be changed without having to copy the set of
standard flags to the port.

> Out of curiosity: what prompted this update?

I wanted to try jcs's modified version that adds DPMS support (which was forked
after bsd-auth was removed) so I had to add that back in. And having done that
I though I might as well send a diff for the port.

On 2020/05/23 20:40, Gleydson Soares wrote:

> On Thu, May 21, 2020 at 01:49:36PM +0200, Theo Buehler wrote:
> > While the updated slock seems to work fine from the command line, it
> > doesn't lock at all if I use it from a i3 binding.  I have been using
> >
> > bindsym $mod+Mod1+l exec "slock"
>
> It happens with some X11 apps that request the mouse pointer right away,
> but it is grabbed so it fails,
>
> You can fix it changing your bindkey to something like:
> "bindsym --release $mod+Mod1+l exec "sleep 0.5 ; slock"
>
> Actually, i3 has a feature for dealing with it though, --release:
> try better: bindsym --release $mod+Mod1+l exec "slock"

Thanks for tracking that down + the workaround!