|
xsecurelock
1.7.0
XSecureLock is an X11 screen lock utility.
|
#include <X11/X.h>#include <X11/Xatom.h>#include <X11/Xlib.h>#include <X11/Xutil.h>#include <X11/cursorfont.h>#include <X11/keysym.h>#include <fcntl.h>#include <locale.h>#include <signal.h>#include <stdio.h>#include <stdlib.h>#include <string.h>#include <sys/select.h>#include <sys/time.h>#include <time.h>#include <unistd.h>#include "auth_child.h"#include "env_settings.h"#include "logging.h"#include "mlock_page.h"#include "saver_child.h"#include "unmap_all.h"#include "util.h"#include "version.h"#include "wait_pgrp.h"#include "wm_properties.h"#include "env_helpstr.inc"Data Structures | |
| struct | AcquireGrabsState |
Macros | |
| #define | WATCH_CHILDREN_HZ 10 |
| XSecureLock. More... | |
| #define | ALL_POINTER_EVENTS |
| Try to reinstate grabs in regular intervals. More... | |
Enumerations | |
| enum | WatchChildrenState { WATCH_CHILDREN_NORMAL, WATCH_CHILDREN_SAVER_DISABLED, WATCH_CHILDREN_FORCE_AUTH } |
Functions | |
| void | ResetBlankScreenTimer (void) |
| void | InitBlankScreen (void) |
| void | MaybeBlankScreen (Display *display) |
| void | ScreenNoLongerBlanked (Display *display) |
| void | UnblankScreen (Display *display) |
| static void | HandleSIGTERM (int signo) |
| int | WatchChildren (Display *dpy, Window auth_win, Window saver_win, enum WatchChildrenState state, const char *stdinbuf) |
| Watch the child processes, and bring them into the desired state. More... | |
| int | WakeUp (Display *dpy, Window auth_win, Window saver_win, const char *stdinbuf) |
| Wake up the screen saver in response to a keyboard or mouse event. More... | |
| int | JustLogErrorsHandler (Display *display, XErrorEvent *error) |
| An X11 error handler that merely logs errors to stderr. More... | |
| int | SilentlyIgnoreErrorsHandler (Display *display, XErrorEvent *error) |
| An X11 error handler that does nothing at all. More... | |
| void | Version (void) |
| Print a version message. More... | |
| void | Usage (const char *me) |
| Print an usage message. More... | |
| void | LoadDefaults () |
| Load default settings from environment variables. More... | |
| void | ParseArgumentsOrExit (int argc, char **argv) |
| Parse the command line arguments, or exit in case of failure. More... | |
| int | CheckSettings () |
| Check the settings. More... | |
| void | DebugDumpWindowInfo (Window w) |
| Print some debug info about a window. More... | |
| void | MaybeRaiseWindow (Display *display, Window w, int silent, int force) |
| Raise a window if necessary. More... | |
| int | TryAcquireGrabs (Window w, void *state_voidp) |
| int | AcquireGrabs (Display *display, Window root_window, Window *ignored_windows, unsigned int n_ignored_windows, Cursor cursor, int silent, int force) |
| Acquire all necessary grabs to lock the screen. More... | |
| void | NotifyOfLock (int xss_sleep_lock_fd) |
| Tell xss-lock or others that we're done locking. More... | |
| int | CheckLockingEffectiveness () |
| int | main (int argc, char **argv) |
| The main program. More... | |
Variables | |
| struct { | |
| XEvent ev | |
| char buf [16] | |
| KeySym keysym | |
| int len | |
| } | priv |
| Private (possibly containing information about the user's password) data. More... | |
| const char * | auth_executable |
| The name of the auth child to execute, relative to HELPER_PATH. More... | |
| const char * | saver_executable |
| The name of the saver child to execute, relative to HELPER_PATH. More... | |
| char *const * | notify_command = NULL |
| The command to run once screen locking is complete. More... | |
| int | have_switch_user_command = 0 |
| If set, we can start a new login session. More... | |
| int | force_grab = 0 |
| If set, we try to force grabbing by "evil" means. More... | |
| int | debug_window_info = 0 |
| If set, print window info about any "conflicting" windows to stderr. More... | |
| int | blank_timeout = -1 |
| If nonnegative, the time in seconds till we blank the screen explicitly. More... | |
| const char * | blank_dpms_state = "off" |
| The DPMS state to switch the screen to when blanking. More... | |
| int | saver_reset_on_auth_close = 0 |
| Whether to reset the saver module when auth closes. More... | |
| pid_t | notify_command_pid = 0 |
| The PID of a currently running notify command, or 0 if none is running. More... | |
| struct timeval | time_to_blank |
| The time when we will blank the screen. More... | |
| int | blanked = 0 |
| Whether the screen is currently blanked by us. More... | |
| #define ALL_POINTER_EVENTS |
Try to reinstate grabs in regular intervals.
This will reinstate the grabs WATCH_CHILDREN_HZ times per second. This appears to be required with some XScreenSaver hacks that cause XSecureLock to lose MotionNotify events, but nothing else.
Try to bring the grab window to foreground in regular intervals.
Some desktop environments have transparent OverrideRedirect notifications. These do not send a VisibilityNotify to this window, as some part still shines through. As a workaround, this enables raising the grab window periodically.
Show cursor during auth.
If enabled, a mouse cursor is shown whenever the auth_window is mapped.
Note that proper use of this also would require a way to forward click events to the auth helper, which doesn't exist yet.
Exhaustive list of all mouse related X11 events.
These will be selected for grab. It is important that this contains all pointer event types, to not let any through to other applications.
| #define WATCH_CHILDREN_HZ 10 |
XSecureLock.
XSecureLock is an X11 screen lock utility designed with the primary goal of security.
How often (in times per second) to watch child processes.
This defines the minimum frequency to call WatchChildren().
| enum WatchChildrenState |
| int AcquireGrabs | ( | Display * | display, |
| Window | root_window, | ||
| Window * | ignored_windows, | ||
| unsigned int | n_ignored_windows, | ||
| Cursor | cursor, | ||
| int | silent, | ||
| int | force | ||
| ) |
Acquire all necessary grabs to lock the screen.
| display | The X11 display. |
| root_window | The root window. |
| silent | Do not log errors. |
| force | Try extra hard (1), or even harder (2). The latter mode will very likely interfere strongly with window managers. |
| int CheckLockingEffectiveness | ( | ) |
| int CheckSettings | ( | ) |
Check the settings.
This tests whether the selected auth and saver executables are valid and actually executable. Failure of this could lead to an un-unlockable screen, and we sure don't want that.
Possible errors will be printed on stderr.
| void DebugDumpWindowInfo | ( | Window | w | ) |
Print some debug info about a window.
Only enabled if debug_window_info is set.
Spammy.
|
static |
| void InitBlankScreen | ( | void | ) |
| int JustLogErrorsHandler | ( | Display * | display, |
| XErrorEvent * | error | ||
| ) |
An X11 error handler that merely logs errors to stderr.
This is used to prevent X11 errors from terminating XSecureLock.
| void LoadDefaults | ( | ) |
Load default settings from environment variables.
These settings override what was figured out at ./configure time.
| int main | ( | int | argc, |
| char ** | argv | ||
| ) |
The main program.
Usage: see Usage().
| void MaybeBlankScreen | ( | Display * | display | ) |
| void MaybeRaiseWindow | ( | Display * | display, |
| Window | w, | ||
| int | silent, | ||
| int | force | ||
| ) |
Raise a window if necessary.
Does not cause any events if the window is already on the top.
| display | The X11 display. |
| w | The window to raise. |
| silent | Whether to output something if we can't detect what is wrong. |
| force | Whether to always raise our window, even if we can't find what covers us. Set this only if confident that there is something overlapping us, like in response to a negative VisibilityNotify. |
| void NotifyOfLock | ( | int | xss_sleep_lock_fd | ) |
Tell xss-lock or others that we're done locking.
This enables xss-lock to delay going to sleep until the screen is actually locked - useful to prevent information leaks after wakeup.
| fd | The file descriptor of the X11 connection that we shouldn't close. |
| void ParseArgumentsOrExit | ( | int | argc, |
| char ** | argv | ||
| ) |
Parse the command line arguments, or exit in case of failure.
This accepts saver_* or auth_* arguments, and puts them in their respective global variable.
This is DEPRECATED - use the XSECURELOCK_SAVER and XSECURELOCK_AUTH environment variables instead!
Possible errors will be printed on stderr.
| void ResetBlankScreenTimer | ( | void | ) |
| void ScreenNoLongerBlanked | ( | Display * | display | ) |
| int SilentlyIgnoreErrorsHandler | ( | Display * | display, |
| XErrorEvent * | error | ||
| ) |
An X11 error handler that does nothing at all.
This is used for calls where we expect errors to happen.
| int TryAcquireGrabs | ( | Window | w, |
| void * | state_voidp | ||
| ) |
| void UnblankScreen | ( | Display * | display | ) |
| void Usage | ( | const char * | me | ) |
Print an usage message.
A message is shown explaining how to use XSecureLock.
| me | The name this executable was invoked as. |
| void Version | ( | void | ) |
Print a version message.
| int WakeUp | ( | Display * | dpy, |
| Window | auth_win, | ||
| Window | saver_win, | ||
| const char * | stdinbuf | ||
| ) |
Wake up the screen saver in response to a keyboard or mouse event.
| int WatchChildren | ( | Display * | dpy, |
| Window | auth_win, | ||
| Window | saver_win, | ||
| enum WatchChildrenState | state, | ||
| const char * | stdinbuf | ||
| ) |
Watch the child processes, and bring them into the desired state.
If the requested state is WATCH_CHILDREN_NORMAL and neither auth nor saver child are running, the saver child will be spawned.
If the requested state is WATCH_CHILDREN_SAVER_DISABLED, a possibly running saver child will be killed.
If the requested state is WATCH_CHILDREN_FORCE_AUTH, a possibly running saver child will be killed, and an auth child will be spawned.
If the auth child was already running, the stdinbuf is sent to the auth child on standard input.
| state | The request to perform. |
| stdinbuf | Key presses to send to the auth child, if set. |
| const char* auth_executable |
The name of the auth child to execute, relative to HELPER_PATH.
| const char* blank_dpms_state = "off" |
The DPMS state to switch the screen to when blanking.
| int blank_timeout = -1 |
If nonnegative, the time in seconds till we blank the screen explicitly.
| int blanked = 0 |
Whether the screen is currently blanked by us.
| char buf[16] |
| int debug_window_info = 0 |
If set, print window info about any "conflicting" windows to stderr.
| XEvent ev |
| int force_grab = 0 |
If set, we try to force grabbing by "evil" means.
| int have_switch_user_command = 0 |
If set, we can start a new login session.
| KeySym keysym |
| int len |
| char* const* notify_command = NULL |
The command to run once screen locking is complete.
| pid_t notify_command_pid = 0 |
The PID of a currently running notify command, or 0 if none is running.
| struct { ... } priv |
Private (possibly containing information about the user's password) data.
| const char* saver_executable |
The name of the saver child to execute, relative to HELPER_PATH.
| int saver_reset_on_auth_close = 0 |
Whether to reset the saver module when auth closes.
| struct timeval time_to_blank |
The time when we will blank the screen.
1.8.14