mirrors
/
sway
mirror of https://github.com/swaywm/sway.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,875 Commits 10 Branches 91 Tags 39 MiB
Commit Graph

125 Commits

Author SHA1 Message Date
Drew DeVault c89e00a97e Fix swaylock w/shadow on glibc, improve security 
Today I learned that GNU flaunts the POSIX standard in yet another
creative way. Additionally, this adds some security improvements,
namely:

- Zeroing out password buffers in the privileged child process
- setuid/setgid after reading /etc/shadow
 2018-10-06 12:20:12 -04:00
Ryan Dwyer b0393ae34b swaylock: Support keyboard and pointer disconnects and reconnects 2018-10-06 09:38:12 +10:00
Arkadiusz Hiler eed0bc3ebd Add support for installing binaries with DT_RPATH 
It's better to use DT_RPATH dynamic section of the elf binary to store
the paths of libraries to load instead of overwriting LD_LIBRARY_PATH
for the whole environment, causing surprises. This solution is much more
transparent and perfectly suitable for running contained installations
of wayland/wlroots/sway.

The code unsetting the LD_LIBRARY_PATH/LD_PRELOAD was also deleted as
it's a placebo security at best - we should trust the execution path
that leads us to running sway, and it's way too late to care about those
variables since we already started executing our compositor, thus we
would be compromised anyway.
 2018-09-30 15:37:01 +03:00
Arkadiusz Hiler 1e70f7b19e Turn funcs() into funcs(void) 
If they really do not take undefined number of arguments.
 2018-09-30 14:09:05 +03:00
Drew DeVault c977349120 Add support for building swaylock without PAM 
This involves setuid'ing swaylock, which then forks and drops perms on
the parent process. The child process remains root and listens on a pipe
for requests to validate passwords against /etc/shadow.
 2018-09-28 13:53:01 +02:00
Geoff Greer c495164f60 swaybar, swaylock, & tree/container: Set cairo font options to render text and lines with subpixel hinting (if available). 2018-09-22 11:34:21 -07:00
sghctoma 6de777a986 Add FreeBSD-specific PAM configuration 
The "login" PAM configuration means somathing entirely different on
FreeBSD than on Linux: if you try to authenticate as the calling user,
it OKs the request without prompting for password. The "passwd" config
implements the desired functionality, therefore it should be used by
swaylock.
 2018-08-30 09:58:57 +02:00
Brian Ashworth 7885a138af Fix swaylock arguments 2018-07-17 21:50:15 -04:00
Brian Ashworth 7b91712416 Switch to using getopt_long for config flag 2018-07-16 12:17:40 -04:00
Brian Ashworth 14c949c1c7 Remove leftover parens 2018-07-16 12:17:40 -04:00
Brian Ashworth 85584734ce Remove int cast after changing to size_t 2018-07-16 12:17:40 -04:00
Brian Ashworth d375f6af18 Change to size_t in swaylock's get_config_path 2018-07-16 12:17:40 -04:00
Brian Ashworth 296889f3d7 Implement swaylock configuration file parsing 2018-07-16 12:17:40 -04:00
Brian Ashworth 22d152f1fe Change formatting of swaylock usage in the code 2018-07-10 22:09:31 -04:00
Brian Ashworth 936a920a8e Implement swaylock customization flags 2018-07-10 21:29:15 -04:00
emersion 63b4bf5000
Update for swaywm/wlroots#1126 2018-07-09 22:54:30 +01:00
emersion ceb08b6365
swaylock: daemonize after locking 2018-07-07 18:36:49 +01:00
Dominique Martinet b78c29a83f swaylock: fix the displaying of "verified" 
Displaying verified after damaging state needs more than one roundtrip,
so keep looping until surfaces are not dirty anymore
 2018-07-07 21:02:28 +09:00
Ryan Dwyer 3b842f4eed Detect opaque lockscreen when using a solid color 2018-07-07 00:17:08 +10:00
Ryan Dwyer 58b2c8ed14 Use infinite opaque region in swaylock 2018-07-07 00:03:49 +10:00
Ryan Dwyer 839c3a5500 Use opaque region to determine if frame done should be sent 2018-07-07 00:03:49 +10:00
Bor Grošelj Simić 484042efd8 Fix transparency in background images in swaylock 2018-07-04 12:09:05 +02:00
Bor Grošelj Simić 1d0963737e Fix #1857 2018-07-04 01:53:32 +02:00
Dominique Martinet 2725185aeb swaylock daemonize: fix leak of devnull fd 2018-07-02 08:03:41 +09:00
Dominique Martinet c78ce0770a swaylock: implement ^U to clear buffer 
The whole state->xcb.modifiers thing didn't work at all (always 0)
The xkb doc says "[xkb_state_serialize_mods] should not be used in
regular clients; please use the xkb_state_mod_*_is_active API instead"
so here it is
 2018-06-08 22:42:15 +09:00
emersion cc10c7af65
swaylock: implement a proper render loop 2018-05-27 13:39:38 +01:00
emersion 7af172ed0a
Delete old asciidoc man pages 2018-05-25 19:11:43 +01:00
emersion df61bfbb57
swaylock: remove unused field 2018-05-23 22:59:24 +01:00
emersion 32f8ade7ab
swaylock: don't try to render unconfigured surfaces 2018-05-23 22:55:57 +01:00
emersion cd0fca2ebf
Merge branch 'master' into fix-swaylock-hotplugging 2018-05-23 22:54:52 +01:00
Ryan Dwyer 8361233295 Swaylock: Use calloc instead of malloc 2018-05-20 22:54:09 +10:00
Ryan Dwyer bde9711f3c Swaylock: Log error if multiple images are defined for the same output 2018-05-20 22:54:09 +10:00
Ryan Dwyer 9d99e5c2e7 Swaylock: Allow per-output images 2018-05-20 22:54:09 +10:00
emersion b7ab7c0e66
Fix output hotplugging 2018-05-18 21:57:58 +01:00
emersion e4dbafe4d8
Fix swaylock crashing when unplugging output 2018-05-18 19:13:08 +01:00
Drew DeVault 22f52b91ed Add swaylock(1) and swaymsg(1) 2018-05-11 21:39:47 -04:00
Mattias Eriksson 2d884d4e4f Improved key handling in swaylock 
Make escape clear buffer
Add indicator states for ctrl,shift,super et al
Add CapsLock indicator
 2018-04-24 15:40:30 +02:00
Bruno Pinto 55ed2736b5
[swaylock] Install pam module 2018-04-20 01:29:47 +01:00
Geoff Greer ad6aa21c43 swaylock: Securely zero-out password. 
- Replace char* with static array. Any chars > 1024 will be discarded.
- mlock() password buffer so it can't be written to swap.
- Clear password buffer after auth succeeds or fails.

This is basically the same treatment I gave the 0.15 branch in https://github.com/swaywm/sway/pull/1519
 2018-04-12 17:49:21 -07:00
Drew DeVault 9939d98454 Error handling in swaylock daemonize() 
Fixes #1741
 2018-04-05 09:21:39 -04:00
Drew DeVault 5d444b34f6 Address review feedback from @emersion 2018-04-04 18:52:44 -04:00
Drew DeVault 053b51c3ff exit() needs stdlib.h 
inb4 acrisci
 2018-04-04 18:47:49 -04:00
Drew DeVault 218a3787d2 Import stdlib.h and define POSIX macro for rand() 2018-04-04 18:47:49 -04:00
Drew DeVault 0138f79b4a Move extra roundtrip into password.c 2018-04-04 18:47:49 -04:00
Drew DeVault 46b388995d Add hidpi support to swaylock 2018-04-04 18:47:48 -04:00
Drew DeVault b7e7794912 Implement input-inhibit in sway, swaylock 2018-04-04 18:47:48 -04:00
Drew DeVault 62a736a196 Actually let's not do that TODO 2018-04-04 18:47:48 -04:00
Drew DeVault d053acbed6 R E N D E R I N G 2018-04-04 18:47:48 -04:00
Drew DeVault e902de34db Verify passwords 2018-04-04 18:47:48 -04:00
Drew DeVault 066143adef Add password buffer, refactor rendering/surfaces 2018-04-04 18:47:48 -04:00