/*
* Hides the unlock indicator completely when there is no content in the
* password buffer.
*
*/
void clear_indicator(void) {
if (input_position == 0) {
unlock_state = STATE_STARTED;
} else
unlock_state = STATE_KEY_PRESSED;
redraw_unlock_indicator();
}
static void clear_input(void) {
input_position = 0;
clear_password_memory();
password[input_position] = '\0';
/* Hide the unlock indicator after a bit if the password buffer is
* empty. */
if (unlock_indicator) {
START_TIMER(clear_indicator_timeout, 1.0, clear_indicator_cb);
unlock_state = STATE_BACKSPACE_ACTIVE;
redraw_unlock_indicator();
unlock_state = STATE_KEY_PRESSED;
}
}
/*
* Resets pam_state to STATE_PAM_IDLE 2 seconds after an unsuccessful
* authentication event.
*
*/
static void clear_pam_wrong(EV_P_ ev_timer *w, int revents) {
DEBUG("clearing pam wrong\n");
pam_state = STATE_PAM_IDLE;
unlock_state = STATE_STARTED;
redraw_unlock_indicator();
/* Clear modifier string. */
if (modifier_string != NULL) {
free(modifier_string);
modifier_string = NULL;
}
/* Now free this timeout. */
STOP_TIMER(clear_pam_wrong_timeout);
}
/*
* Handle key presses. Fixes state, then looks up the key symbol for the
* given keycode, then looks up the key symbol (as UCS-2), converts it to
* UTF-8 and stores it in the password array.
*
*/
static void handle_key_press(xcb_key_press_event_t *event) {
xkb_keysym_t ksym;
char buffer[128];
int n;
bool ctrl;
bool composed = false;
ksym = xkb_state_key_get_one_sym(xkb_state, event->detail);
ctrl = xkb_state_mod_name_is_active(xkb_state, XKB_MOD_NAME_CTRL,
XKB_STATE_MODS_DEPRESSED);
/* The buffer will be null-terminated, so n >= 2 for 1 actual character. */
memset(buffer, '\0', sizeof(buffer));
if (xkb_compose_state &&
xkb_compose_state_feed(xkb_compose_state, ksym) ==
XKB_COMPOSE_FEED_ACCEPTED) {
switch (xkb_compose_state_get_status(xkb_compose_state)) {
case XKB_COMPOSE_NOTHING:
break;
case XKB_COMPOSE_COMPOSING:
return;
case XKB_COMPOSE_COMPOSED:
/* xkb_compose_state_get_utf8 doesn't include the terminating
* byte in the return value
* as xkb_keysym_to_utf8 does. Adding one makes the variable n
* consistent. */
n = xkb_compose_state_get_utf8(xkb_compose_state, buffer,
sizeof(buffer)) +
1;
ksym = xkb_compose_state_get_one_sym(xkb_compose_state);
composed = true;
break;
case XKB_COMPOSE_CANCELLED:
xkb_compose_state_reset(xkb_compose_state);
return;
}
}
if (!composed) {
n = xkb_keysym_to_utf8(ksym, buffer, sizeof(buffer));
}
switch (ksym) {
case XKB_KEY_Return:
case XKB_KEY_KP_Enter:
case XKB_KEY_XF86ScreenSaver:
if (pam_state == STATE_PAM_WRONG)
return;
if (skip_without_validation()) {
clear_input();
return;
}
password[input_position] = '\0';
unlock_state = STATE_KEY_PRESSED;
redraw_unlock_indicator();
input_done();
skip_repeated_empty_password = true;
return;
default:
skip_repeated_empty_password = false;
}
switch (ksym) {
case XKB_KEY_u:
if (ctrl) {
DEBUG("C-u pressed\n");
clear_input();
return;
}
break;
case XKB_KEY_Escape:
clear_input();
return;
case XKB_KEY_BackSpace:
if (input_position == 0)
return;
/* decrement input_position to point to the previous glyph */
u8_dec(password, &input_position);
password[input_position] = '\0';
/* Hide the unlock indicator after a bit if the password buffer is
* empty. */
START_TIMER(clear_indicator_timeout, 1.0, clear_indicator_cb);
unlock_state = STATE_BACKSPACE_ACTIVE;
redraw_unlock_indicator();
unlock_state = STATE_KEY_PRESSED;
return;
}
if ((input_position + 8) >= sizeof(password))
return;
#if 0
/* FIXME: handle all of these? */
printf("is_keypad_key = %d\n", xcb_is_keypad_key(sym));
printf("is_private_keypad_key = %d\n", xcb_is_private_keypad_key(sym));
printf("xcb_is_cursor_key = %d\n", xcb_is_cursor_key(sym));
printf("xcb_is_pf_key = %d\n", xcb_is_pf_key(sym));
printf("xcb_is_function_key = %d\n", xcb_is_function_key(sym));
printf("xcb_is_misc_function_key = %d\n", xcb_is_misc_function_key(sym));
printf("xcb_is_modifier_key = %d\n", xcb_is_modifier_key(sym));
#endif
if (n < 2)
return;
/* store it in the password array as UTF-8 */
memcpy(password + input_position, buffer, n - 1);
input_position += n - 1;
DEBUG("current password = %.*s\n", input_position, password);
if (unlock_indicator) {
unlock_state = STATE_KEY_ACTIVE;
redraw_unlock_indicator();
unlock_state = STATE_KEY_PRESSED;
struct ev_timer *timeout = NULL;
START_TIMER(timeout, TSTAMP_N_SECS(0.25), redraw_timeout);
STOP_TIMER(clear_indicator_timeout);
}
START_TIMER(discard_passwd_timeout, TSTAMP_N_MINS(3), discard_passwd_cb);
}
static void redraw_timeout(EV_P_ ev_timer *w, int revents) {
redraw_unlock_indicator();
STOP_TIMER(w);
}
static void input_done(void) {
STOP_TIMER(clear_pam_wrong_timeout);
pam_state = STATE_PAM_VERIFY;
redraw_unlock_indicator();
if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) {
DEBUG("successfully authenticated\n");
clear_password_memory();
/* PAM credentials should be refreshed, this will for example update any
* kerberos tickets.
* Related to credentials pam_end() needs to be called to cleanup any
* temporary
* credentials like kerberos /tmp/krb5cc_pam_* files which may of been
* left behind if the
* refresh of the credentials failed. */
pam_setcred(pam_handle, PAM_REFRESH_CRED);
pam_end(pam_handle, PAM_SUCCESS);
exit(0);
}
if (debug_mode)
fprintf(stderr, "Authentication failure\n");
/* Get state of Caps and Num lock modifiers, to be displayed in
* STATE_PAM_WRONG state */
xkb_mod_index_t idx, num_mods;
const char *mod_name;
num_mods = xkb_keymap_num_mods(xkb_keymap);
for (idx = 0; idx < num_mods; idx++) {
if (!xkb_state_mod_index_is_active(xkb_state, idx,
XKB_STATE_MODS_EFFECTIVE))
continue;
mod_name = xkb_keymap_mod_get_name(xkb_keymap, idx);
if (mod_name == NULL)
continue;
/* Replace certain xkb names with nicer, human-readable ones. */
if (strcmp(mod_name, XKB_MOD_NAME_CAPS) == 0)
mod_name = "Caps Lock";
else if (strcmp(mod_name, XKB_MOD_NAME_ALT) == 0)
mod_name = "Alt";
else if (strcmp(mod_name, XKB_MOD_NAME_NUM) == 0)
mod_name = "Num Lock";
else if (strcmp(mod_name, XKB_MOD_NAME_LOGO) == 0)
mod_name = "Win";
char *tmp;
if (modifier_string == NULL) {
if (asprintf(&tmp, "%s", mod_name) != -1)
modifier_string = tmp;
} else if (asprintf(&tmp, "%s, %s", modifier_string, mod_name) != -1) {
free(modifier_string);
modifier_string = tmp;
}
}
pam_state = STATE_PAM_WRONG;
failed_attempts += 1;
clear_input();
if (unlock_indicator)
redraw_unlock_indicator();
/* Clear this state after 2 seconds (unless the user enters another
* password during that time). */
ev_now_update(main_loop);
START_TIMER(clear_pam_wrong_timeout, TSTAMP_N_SECS(2), clear_pam_wrong);
/* Cancel the clear_indicator_timeout, it would hide the unlock indicator
* too early. */
STOP_TIMER(clear_indicator_timeout);
/* beep on authentication failure, if enabled */
if (beep) {
xcb_bell(conn, 100);
xcb_flush(conn);
}
}
