sway/swaylock/password.c

#define _XOPEN_SOURCE 500
#include <assert.h>
#include <errno.h>
#include <pwd.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <wlr/util/log.h>
#include <xkbcommon/xkbcommon.h>
#include "swaylock/swaylock.h"
#include "swaylock/seat.h"
#include "loop.h"
#include "unicode.h"

void clear_password_buffer(struct swaylock_password *pw) {
	// Use volatile keyword so so compiler can't optimize this out.
	volatile char *buffer = pw->buffer;
	volatile char zero = '\0';
	for (size_t i = 0; i < sizeof(pw->buffer); ++i) {
		buffer[i] = zero;
	}
	pw->len = 0;
}

static bool backspace(struct swaylock_password *pw) {
	if (pw->len != 0) {
		pw->buffer[--pw->len] = 0;
		return true;
	}
	return false;
}

static void append_ch(struct swaylock_password *pw, uint32_t codepoint) {
	size_t utf8_size = utf8_chsize(codepoint);
	if (pw->len + utf8_size + 1 >= sizeof(pw->buffer)) {
		// TODO: Display error
		return;
	}
	utf8_encode(&pw->buffer[pw->len], codepoint);
	pw->buffer[pw->len + utf8_size] = 0;
	pw->len += utf8_size;
}

static void clear_indicator(void *data) {
	struct swaylock_state *state = data;
	state->clear_indicator_timer = NULL;
	state->auth_state = AUTH_STATE_IDLE;
	damage_state(state);
}

static void schedule_indicator_clear(struct swaylock_state *state) {
	if (state->clear_indicator_timer) {
		loop_remove_timer(state->eventloop, state->clear_indicator_timer);
	}
	state->clear_indicator_timer = loop_add_timer(
			state->eventloop, 3000, clear_indicator, state);
}

static void clear_password(void *data) {
	struct swaylock_state *state = data;
	state->clear_password_timer = NULL;
	state->auth_state = AUTH_STATE_CLEAR;
	clear_password_buffer(&state->password);
	damage_state(state);
	schedule_indicator_clear(state);
}

static void schedule_password_clear(struct swaylock_state *state) {
	if (state->clear_password_timer) {
		loop_remove_timer(state->eventloop, state->clear_password_timer);
	}
	state->clear_password_timer = loop_add_timer(
			state->eventloop, 10000, clear_password, state);
}

static void handle_preverify_timeout(void *data) {
	struct swaylock_state *state = data;
	state->verify_password_timer = NULL;
}

void swaylock_handle_key(struct swaylock_state *state,
		xkb_keysym_t keysym, uint32_t codepoint) {
	switch (keysym) {
	case XKB_KEY_KP_Enter: /* fallthrough */
	case XKB_KEY_Return:
		if (state->args.ignore_empty && state->password.len == 0) {
			break;
		}

		state->auth_state = AUTH_STATE_VALIDATING;
		damage_state(state);

		// We generally want to wait until all surfaces are showing the
		// "verifying" state before we go and verify the password, because
		// verifying it is a blocking operation. However, if the surface is on
		// an output with DPMS off then it won't update, so we set a timer.
		state->verify_password_timer = loop_add_timer(
				state->eventloop, 50, handle_preverify_timeout, state);

		while (state->run_display && state->verify_password_timer) {
			errno = 0;
			if (wl_display_flush(state->display) == -1 && errno != EAGAIN) {
				break;
			}
			loop_poll(state->eventloop);

			bool ok = 1;
			struct swaylock_surface *surface;
			wl_list_for_each(surface, &state->surfaces, link) {
				if (surface->dirty) {
					ok = 0;
				}
			}
			if (ok) {
				break;
			}
		}
		wl_display_flush(state->display);

		if (attempt_password(&state->password)) {
			state->run_display = false;
			break;
		}
		state->auth_state = AUTH_STATE_INVALID;
		damage_state(state);
		schedule_indicator_clear(state);
		break;
	case XKB_KEY_Delete:
	case XKB_KEY_BackSpace:
		if (backspace(&state->password)) {
			state->auth_state = AUTH_STATE_BACKSPACE;
		} else {
			state->auth_state = AUTH_STATE_CLEAR;
		}
		damage_state(state);
		schedule_indicator_clear(state);
		schedule_password_clear(state);
		break;
	case XKB_KEY_Escape:
		clear_password_buffer(&state->password);
		state->auth_state = AUTH_STATE_CLEAR;
		damage_state(state);
		schedule_indicator_clear(state);
		break;
	case XKB_KEY_Caps_Lock:
		/* The state is getting active after this
		 * so we need to manually toggle it */
		state->xkb.caps_lock = !state->xkb.caps_lock;
		state->auth_state = AUTH_STATE_INPUT_NOP;
		damage_state(state);
		schedule_indicator_clear(state);
		schedule_password_clear(state);
		break;
	case XKB_KEY_Shift_L:
	case XKB_KEY_Shift_R:
	case XKB_KEY_Control_L:
	case XKB_KEY_Control_R:
	case XKB_KEY_Meta_L:
	case XKB_KEY_Meta_R:
	case XKB_KEY_Alt_L:
	case XKB_KEY_Alt_R:
	case XKB_KEY_Super_L:
	case XKB_KEY_Super_R:
		state->auth_state = AUTH_STATE_INPUT_NOP;
		damage_state(state);
		schedule_indicator_clear(state);
		schedule_password_clear(state);
		break;
	case XKB_KEY_u:
		if (state->xkb.control) {
			clear_password_buffer(&state->password);
			state->auth_state = AUTH_STATE_CLEAR;
			damage_state(state);
			schedule_indicator_clear(state);
			break;
		}
		// fallthrough
	default:
		if (codepoint) {
			append_ch(&state->password, codepoint);
			state->auth_state = AUTH_STATE_INPUT;
			damage_state(state);
			schedule_indicator_clear(state);
			schedule_password_clear(state);
		}
		break;
	}
}
swaylock: Securely zero-out password. - Replace char* with static array. Any chars > 1024 will be discarded. - mlock() password buffer so it can't be written to swap. - Clear password buffer after auth succeeds or fails. This is basically the same treatment I gave the 0.15 branch in https://github.com/swaywm/sway/pull/1519 2018-04-13 00:38:24 +00:00			`#define _XOPEN_SOURCE 500`
Add password buffer, refactor rendering/surfaces 2018-04-03 18:31:30 +00:00			`#include <assert.h>`
swaylock: exit on display error 2018-10-23 10:46:51 +00:00			`#include <errno.h>`
Verify passwords 2018-04-03 18:49:56 +00:00			`#include <pwd.h>`
Add password buffer, refactor rendering/surfaces 2018-04-03 18:31:30 +00:00			`#include <stdlib.h>`
swaylock: Securely zero-out password. - Replace char* with static array. Any chars > 1024 will be discarded. - mlock() password buffer so it can't be written to swap. - Clear password buffer after auth succeeds or fails. This is basically the same treatment I gave the 0.15 branch in https://github.com/swaywm/sway/pull/1519 2018-04-13 00:38:24 +00:00			`#include <string.h>`
Add password buffer, refactor rendering/surfaces 2018-04-03 18:31:30 +00:00			`#include <unistd.h>`
			`#include <wlr/util/log.h>`
			`#include <xkbcommon/xkbcommon.h>`
			`#include "swaylock/swaylock.h"`
			`#include "swaylock/seat.h"`
swaylock: Remove indicator after 3 seconds 2018-10-13 06:52:13 +00:00			`#include "loop.h"`
Add password buffer, refactor rendering/surfaces 2018-04-03 18:31:30 +00:00			`#include "unicode.h"`

swaylock: Securely zero-out password. - Replace char* with static array. Any chars > 1024 will be discarded. - mlock() password buffer so it can't be written to swap. - Clear password buffer after auth succeeds or fails. This is basically the same treatment I gave the 0.15 branch in https://github.com/swaywm/sway/pull/1519 2018-04-13 00:38:24 +00:00			`void clear_password_buffer(struct swaylock_password *pw) {`
			`// Use volatile keyword so so compiler can't optimize this out.`
			`volatile char *buffer = pw->buffer;`
			`volatile char zero = '\0';`
swaylock: fix clear_password_buffer 2018-10-14 04:40:33 +00:00			`for (size_t i = 0; i < sizeof(pw->buffer); ++i) {`
swaylock: Securely zero-out password. - Replace char* with static array. Any chars > 1024 will be discarded. - mlock() password buffer so it can't be written to swap. - Clear password buffer after auth succeeds or fails. This is basically the same treatment I gave the 0.15 branch in https://github.com/swaywm/sway/pull/1519 2018-04-13 00:38:24 +00:00			`buffer[i] = zero;`
			`}`
			`pw->len = 0;`
			`}`

R E N D E R I N G 2018-04-03 19:04:31 +00:00			`static bool backspace(struct swaylock_password *pw) {`
Add password buffer, refactor rendering/surfaces 2018-04-03 18:31:30 +00:00			`if (pw->len != 0) {`
			`pw->buffer[--pw->len] = 0;`
R E N D E R I N G 2018-04-03 19:04:31 +00:00			`return true;`
Add password buffer, refactor rendering/surfaces 2018-04-03 18:31:30 +00:00			`}`
R E N D E R I N G 2018-04-03 19:04:31 +00:00			`return false;`
Add password buffer, refactor rendering/surfaces 2018-04-03 18:31:30 +00:00			`}`

			`static void append_ch(struct swaylock_password *pw, uint32_t codepoint) {`
			`size_t utf8_size = utf8_chsize(codepoint);`
swaylock: Securely zero-out password. - Replace char* with static array. Any chars > 1024 will be discarded. - mlock() password buffer so it can't be written to swap. - Clear password buffer after auth succeeds or fails. This is basically the same treatment I gave the 0.15 branch in https://github.com/swaywm/sway/pull/1519 2018-04-13 00:38:24 +00:00			`if (pw->len + utf8_size + 1 >= sizeof(pw->buffer)) {`
			`// TODO: Display error`
			`return;`
Add password buffer, refactor rendering/surfaces 2018-04-03 18:31:30 +00:00			`}`
			`utf8_encode(&pw->buffer[pw->len], codepoint);`
			`pw->buffer[pw->len + utf8_size] = 0;`
			`pw->len += utf8_size;`
			`}`

Remove timerfd from loop implementation timerfd doesn't work on the BSDs, so this replaces it with a timespec for the expiry and uses a poll timeout to check the timers when needed. 2018-10-14 02:28:38 +00:00			`static void clear_indicator(void *data) {`
swaylock: Remove indicator after 3 seconds 2018-10-13 06:52:13 +00:00			`struct swaylock_state *state = data;`
			`state->clear_indicator_timer = NULL;`
			`state->auth_state = AUTH_STATE_IDLE;`
			`damage_state(state);`
			`}`

			`static void schedule_indicator_clear(struct swaylock_state *state) {`
			`if (state->clear_indicator_timer) {`
Remove timerfd from loop implementation timerfd doesn't work on the BSDs, so this replaces it with a timespec for the expiry and uses a poll timeout to check the timers when needed. 2018-10-14 02:28:38 +00:00			`loop_remove_timer(state->eventloop, state->clear_indicator_timer);`
swaylock: Remove indicator after 3 seconds 2018-10-13 06:52:13 +00:00			`}`
			`state->clear_indicator_timer = loop_add_timer(`
			`state->eventloop, 3000, clear_indicator, state);`
			`}`

Remove timerfd from loop implementation timerfd doesn't work on the BSDs, so this replaces it with a timespec for the expiry and uses a poll timeout to check the timers when needed. 2018-10-14 02:28:38 +00:00			`static void clear_password(void *data) {`
swaylock: clear password after 10 seconds 2018-10-13 06:56:35 +00:00			`struct swaylock_state *state = data;`
			`state->clear_password_timer = NULL;`
			`state->auth_state = AUTH_STATE_CLEAR;`
			`clear_password_buffer(&state->password);`
			`damage_state(state);`
			`schedule_indicator_clear(state);`
			`}`

			`static void schedule_password_clear(struct swaylock_state *state) {`
			`if (state->clear_password_timer) {`
Remove timerfd from loop implementation timerfd doesn't work on the BSDs, so this replaces it with a timespec for the expiry and uses a poll timeout to check the timers when needed. 2018-10-14 02:28:38 +00:00			`loop_remove_timer(state->eventloop, state->clear_password_timer);`
swaylock: clear password after 10 seconds 2018-10-13 06:56:35 +00:00			`}`
			`state->clear_password_timer = loop_add_timer(`
			`state->eventloop, 10000, clear_password, state);`
			`}`

Remove timerfd from loop implementation timerfd doesn't work on the BSDs, so this replaces it with a timespec for the expiry and uses a poll timeout to check the timers when needed. 2018-10-14 02:28:38 +00:00			`static void handle_preverify_timeout(void *data) {`
swaylock: Don't wait too long for surface damage before verifying 2018-10-13 07:06:33 +00:00			`struct swaylock_state *state = data;`
			`state->verify_password_timer = NULL;`
			`}`

Add password buffer, refactor rendering/surfaces 2018-04-03 18:31:30 +00:00			`void swaylock_handle_key(struct swaylock_state *state,`
			`xkb_keysym_t keysym, uint32_t codepoint) {`
			`switch (keysym) {`
swaylock: implement a proper render loop 2018-05-25 18:34:36 +00:00			`case XKB_KEY_KP_Enter: /* fallthrough */`
			`case XKB_KEY_Return:`
Implement swaylock customization flags 2018-07-11 01:29:15 +00:00			`if (state->args.ignore_empty && state->password.len == 0) {`
			`break;`
			`}`

swaylock: implement a proper render loop 2018-05-25 18:34:36 +00:00			`state->auth_state = AUTH_STATE_VALIDATING;`
			`damage_state(state);`
swaylock: Don't wait too long for surface damage before verifying 2018-10-13 07:06:33 +00:00
			`// We generally want to wait until all surfaces are showing the`
			`// "verifying" state before we go and verify the password, because`
			`// verifying it is a blocking operation. However, if the surface is on`
			`// an output with DPMS off then it won't update, so we set a timer.`
			`state->verify_password_timer = loop_add_timer(`
			`state->eventloop, 50, handle_preverify_timeout, state);`

			`while (state->run_display && state->verify_password_timer) {`
swaylock: exit on display error 2018-10-23 10:46:51 +00:00			`errno = 0;`
			`if (wl_display_flush(state->display) == -1 && errno != EAGAIN) {`
			`break;`
			`}`
swaylock: Don't wait too long for surface damage before verifying 2018-10-13 07:06:33 +00:00			`loop_poll(state->eventloop);`

swaylock: fix the displaying of "verified" Displaying verified after damaging state needs more than one roundtrip, so keep looping until surfaces are not dirty anymore 2018-06-08 12:59:18 +00:00			`bool ok = 1;`
			`struct swaylock_surface *surface;`
			`wl_list_for_each(surface, &state->surfaces, link) {`
			`if (surface->dirty) {`
			`ok = 0;`
			`}`
			`}`
			`if (ok) {`
			`break;`
			`}`
			`}`
			`wl_display_flush(state->display);`

swaylock: implement a proper render loop 2018-05-25 18:34:36 +00:00			`if (attempt_password(&state->password)) {`
			`state->run_display = false;`
Add password buffer, refactor rendering/surfaces 2018-04-03 18:31:30 +00:00			`break;`
swaylock: implement a proper render loop 2018-05-25 18:34:36 +00:00			`}`
			`state->auth_state = AUTH_STATE_INVALID;`
			`damage_state(state);`
swaylock: Don't wait too long for surface damage before verifying 2018-10-13 07:06:33 +00:00			`schedule_indicator_clear(state);`
swaylock: implement a proper render loop 2018-05-25 18:34:36 +00:00			`break;`
			`case XKB_KEY_Delete:`
			`case XKB_KEY_BackSpace:`
			`if (backspace(&state->password)) {`
			`state->auth_state = AUTH_STATE_BACKSPACE;`
			`} else {`
Improved key handling in swaylock Make escape clear buffer Add indicator states for ctrl,shift,super et al Add CapsLock indicator 2018-04-20 12:46:30 +00:00			`state->auth_state = AUTH_STATE_CLEAR;`
swaylock: implement a proper render loop 2018-05-25 18:34:36 +00:00			`}`
			`damage_state(state);`
swaylock: Remove indicator after 3 seconds 2018-10-13 06:52:13 +00:00			`schedule_indicator_clear(state);`
swaylock: clear password after 10 seconds 2018-10-13 06:56:35 +00:00			`schedule_password_clear(state);`
swaylock: implement a proper render loop 2018-05-25 18:34:36 +00:00			`break;`
			`case XKB_KEY_Escape:`
			`clear_password_buffer(&state->password);`
			`state->auth_state = AUTH_STATE_CLEAR;`
			`damage_state(state);`
swaylock: Remove indicator after 3 seconds 2018-10-13 06:52:13 +00:00			`schedule_indicator_clear(state);`
swaylock: implement a proper render loop 2018-05-25 18:34:36 +00:00			`break;`
			`case XKB_KEY_Caps_Lock:`
			`/* The state is getting active after this`
			`* so we need to manually toggle it */`
			`state->xkb.caps_lock = !state->xkb.caps_lock;`
			`state->auth_state = AUTH_STATE_INPUT_NOP;`
			`damage_state(state);`
swaylock: Remove indicator after 3 seconds 2018-10-13 06:52:13 +00:00			`schedule_indicator_clear(state);`
swaylock: clear password after 10 seconds 2018-10-13 06:56:35 +00:00			`schedule_password_clear(state);`
swaylock: implement a proper render loop 2018-05-25 18:34:36 +00:00			`break;`
			`case XKB_KEY_Shift_L:`
			`case XKB_KEY_Shift_R:`
			`case XKB_KEY_Control_L:`
			`case XKB_KEY_Control_R:`
			`case XKB_KEY_Meta_L:`
			`case XKB_KEY_Meta_R:`
			`case XKB_KEY_Alt_L:`
			`case XKB_KEY_Alt_R:`
			`case XKB_KEY_Super_L:`
			`case XKB_KEY_Super_R:`
			`state->auth_state = AUTH_STATE_INPUT_NOP;`
			`damage_state(state);`
swaylock: Remove indicator after 3 seconds 2018-10-13 06:52:13 +00:00			`schedule_indicator_clear(state);`
swaylock: clear password after 10 seconds 2018-10-13 06:56:35 +00:00			`schedule_password_clear(state);`
swaylock: implement a proper render loop 2018-05-25 18:34:36 +00:00			`break;`
swaylock: implement ^U to clear buffer The whole state->xcb.modifiers thing didn't work at all (always 0) The xkb doc says "[xkb_state_serialize_mods] should not be used in regular clients; please use the xkb_state_mod_*_is_active API instead" so here it is 2018-06-08 12:58:01 +00:00			`case XKB_KEY_u:`
			`if (state->xkb.control) {`
			`clear_password_buffer(&state->password);`
			`state->auth_state = AUTH_STATE_CLEAR;`
			`damage_state(state);`
swaylock: Remove indicator after 3 seconds 2018-10-13 06:52:13 +00:00			`schedule_indicator_clear(state);`
swaylock: implement ^U to clear buffer The whole state->xcb.modifiers thing didn't work at all (always 0) The xkb doc says "[xkb_state_serialize_mods] should not be used in regular clients; please use the xkb_state_mod_*_is_active API instead" so here it is 2018-06-08 12:58:01 +00:00			`break;`
			`}`
			`// fallthrough`
swaylock: implement a proper render loop 2018-05-25 18:34:36 +00:00			`default:`
			`if (codepoint) {`
			`append_ch(&state->password, codepoint);`
			`state->auth_state = AUTH_STATE_INPUT;`
			`damage_state(state);`
swaylock: Remove indicator after 3 seconds 2018-10-13 06:52:13 +00:00			`schedule_indicator_clear(state);`
swaylock: clear password after 10 seconds 2018-10-13 06:56:35 +00:00			`schedule_password_clear(state);`
swaylock: implement a proper render loop 2018-05-25 18:34:36 +00:00			`}`
			`break;`
Add password buffer, refactor rendering/surfaces 2018-04-03 18:31:30 +00:00			`}`
			`}`