cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to i3lock-2.9.1 and remove all bsd_auth patches that have been merged upstream

Browse Source 
from Kaashif Hymabaccus
This commit is contained in:
jasper 2017-07-09 18:18:37 +00:00
parent bcd18e7c19
commit 6589f6041a
7 changed files with 13 additions and 408 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
x11/i3lock/Makefile
View File

@ -1,12 +1,10 @@
# $OpenBSD: Makefile,v 1.1.1.1 2017/04/15 12:53:02 jasper Exp $
# $OpenBSD: Makefile,v 1.2 2017/07/09 18:18:37 jasper Exp $
COMMENT = improved screen locker
GH_ACCOUNT = i3
GH_PROJECT = i3lock
# XXX: Remove when upgrading
GH_COMMIT = 80d4452ec680bcb0e57418f69d44d88ded82047c
DISTNAME = i3lock-2.9
GH_TAGNAME = 2.9.1
CATEGORIES = x11
@ -17,7 +15,7 @@ MAINTAINER = Jasper Lievisse Adriaanse <jasper@openbsd.org>
# BSD
PERMIT_PACKAGE_CDROM = Yes
WANTLIB += c cairo ev m xcb xcb-composite xcb-dpms xcb-image xcb-shm
WANTLIB += c cairo ev m xcb xcb-image xcb-shm
WANTLIB += xcb-util xcb-xinerama xcb-xkb xkbcommon xkbcommon-x11
LIB_DEPENDS = devel/libev \

4
x11/i3lock/distinfo
View File

@ -1,2 +1,2 @@
SHA256 (i3lock-2.9-80d4452e.tar.gz) = IrR9TeilPaU6myyezcWpbQhB3iQHNGAR+ycutlEBZRE=
SIZE (i3lock-2.9-80d4452e.tar.gz) = 23692
SHA256 (i3lock-2.9.1.tar.gz) = mY50R3gTvJxti9V6lFVBQA996Ny4mE8U1Lb4pSje7/c=
SIZE (i3lock-2.9.1.tar.gz) = 24108

30
x11/i3lock/patches/patch-Makefile
View File

@ -1,29 +1,15 @@
$OpenBSD: patch-Makefile,v 1.1.1.1 2017/04/15 12:53:02 jasper Exp $
$OpenBSD: patch-Makefile,v 1.2 2017/07/09 18:18:37 jasper Exp $
Add bsd_auth(3) support.
https://github.com/i3/i3lock/pull/137
--- Makefile.orig Sun Mar 26 15:01:23 2017
+++ Makefile Fri Apr 14 19:44:10 2017
@@ -1,4 +1,5 @@
TOPDIR=$(shell pwd)
+UNAME=$(shell uname)
INSTALL=install
PREFIX=/usr
@@ -16,9 +17,15 @@ CFLAGS += -Wall
Index: Makefile
--- Makefile.orig
+++ Makefile
@@ -17,7 +17,6 @@ CFLAGS += -Wall
CPPFLAGS += -D_GNU_SOURCE
CFLAGS += $(shell $(PKG_CONFIG) --cflags cairo xcb-composite xcb-dpms xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11)
LIBS += $(shell $(PKG_CONFIG) --libs cairo xcb-composite xcb-dpms xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11)
CFLAGS += $(shell $(PKG_CONFIG) --cflags cairo xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11)
LIBS += $(shell $(PKG_CONFIG) --libs cairo xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11)
-LIBS += -lpam
LIBS += -lev
LIBS += -lm
+
+# OpenBSD lacks PAM, use bsd_auth(3) instead.
+ifeq ($(UNAME),OpenBSD)
+ CPPFLAGS += -DUSE_BSDAUTH
+else
+ LIBS += -lpam
+endif
FILES:=$(wildcard *.c)
FILES:=$(FILES:.c=.o)

231
x11/i3lock/patches/patch-i3lock_c
View File

@ -1,231 +0,0 @@
$OpenBSD: patch-i3lock_c,v 1.1.1.1 2017/04/15 12:53:02 jasper Exp $
Add bsd_auth(3) support.
--- i3lock.c.orig Sun Mar 26 15:01:23 2017
+++ i3lock.c Fri Apr 14 19:42:14 2017
@@ -18,7 +18,12 @@
#include <xcb/xkb.h>
#include <err.h>
#include <assert.h>
+#ifdef USE_BSDAUTH
+#include <login_cap.h>
+#include <bsd_auth.h>
+#else
#include <security/pam_appl.h>
+#endif
#include <getopt.h>
#include <string.h>
#include <ev.h>
@@ -29,6 +34,9 @@
#include <cairo.h>
#include <cairo/cairo-xcb.h>
+#ifdef __OpenBSD__
+#include <strings.h> /* explicit_bzero(3) */
+#endif
#include "i3lock.h"
#include "xcb.h"
#include "cursors.h"
@@ -49,7 +57,9 @@ char color[7] = "ffffff";
uint32_t last_resolution[2];
xcb_window_t win;
static xcb_cursor_t cursor;
+#ifndef USE_BSDAUTH
static pam_handle_t *pam_handle;
+#endif /* !USE_BSDAUTH */
int input_position = 0;
/* Holds the password you enter (in UTF-8). */
static char password[512];
@@ -59,11 +69,11 @@ bool unlock_indicator = true;
char *modifier_string = NULL;
static bool dont_fork = false;
struct ev_loop *main_loop;
-static struct ev_timer *clear_pam_wrong_timeout;
+static struct ev_timer *clear_auth_wrong_timeout;
static struct ev_timer *clear_indicator_timeout;
static struct ev_timer *discard_passwd_timeout;
extern unlock_state_t unlock_state;
-extern pam_state_t pam_state;
+extern auth_state_t auth_state;
int failed_attempts = 0;
bool show_failed_attempts = false;
bool retry_verification = false;
@@ -158,6 +168,9 @@ static bool load_compose_table(const char *locale) {
*
*/
static void clear_password_memory(void) {
+#ifdef __OpenBSD__
+ explicit_bzero(password, strlen(password));
+#else
/* A volatile pointer to the password buffer to prevent the compiler from
* optimizing this out. */
volatile char *vpassword = password;
@@ -167,6 +180,7 @@ static void clear_password_memory(void) {
* compiler from optimizing the calls away, since the value of 'beep'
* is not known at compile-time. */
vpassword[c] = c + (int)beep;
+#endif
}
ev_timer *start_timer(ev_timer *timer_obj, ev_tstamp timeout, ev_callback_t callback) {
@@ -206,13 +220,13 @@ static void finish_input(void) {
}
/*
- * Resets pam_state to STATE_PAM_IDLE 2 seconds after an unsuccessful
+ * Resets auth_state to STATE_AUTH_IDLE 2 seconds after an unsuccessful
* authentication event.
*
*/
static void clear_pam_wrong(EV_P_ ev_timer *w, int revents) {
DEBUG("clearing pam wrong\n");
- pam_state = STATE_PAM_IDLE;
+ auth_state = STATE_AUTH_IDLE;
redraw_screen();
/* Clear modifier string. */
@@ -222,7 +236,7 @@ static void clear_pam_wrong(EV_P_ ev_timer *w, int rev
}
/* Now free this timeout. */
- STOP_TIMER(clear_pam_wrong_timeout);
+ STOP_TIMER(clear_auth_wrong_timeout);
/* retry with input done during pam verification */
if (retry_verification) {
@@ -248,11 +262,24 @@ static void discard_passwd_cb(EV_P_ ev_timer *w, int r
}
static void input_done(void) {
- STOP_TIMER(clear_pam_wrong_timeout);
- pam_state = STATE_PAM_VERIFY;
+ STOP_TIMER(clear_auth_wrong_timeout);
+ auth_state = STATE_AUTH_VERIFY;
unlock_state = STATE_STARTED;
redraw_screen();
+#ifdef USE_BSDAUTH
+ struct passwd *pw;
+
+ if (!(pw = getpwuid(getuid())))
+ errx(1, "unknown uid %u.", getuid());
+
+ if (auth_userokay(pw->pw_name, NULL, NULL, password) != 0) {
+ DEBUG("successfully authenticated\n");
+ clear_password_memory();
+
+ exit(0);
+ }
+#else
if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) {
DEBUG("successfully authenticated\n");
clear_password_memory();
@@ -266,12 +293,13 @@ static void input_done(void) {
exit(0);
}
+#endif
if (debug_mode)
fprintf(stderr, "Authentication failure\n");
/* Get state of Caps and Num lock modifiers, to be displayed in
- * STATE_PAM_WRONG state */
+ * STATE_AUTH_WRONG state */
xkb_mod_index_t idx, num_mods;
const char *mod_name;
@@ -305,7 +333,7 @@ static void input_done(void) {
}
}
- pam_state = STATE_PAM_WRONG;
+ auth_state = STATE_AUTH_WRONG;
failed_attempts += 1;
clear_input();
if (unlock_indicator)
@@ -314,7 +342,7 @@ static void input_done(void) {
/* Clear this state after 2 seconds (unless the user enters another
* password during that time). */
ev_now_update(main_loop);
- START_TIMER(clear_pam_wrong_timeout, TSTAMP_N_SECS(2), clear_pam_wrong);
+ START_TIMER(clear_auth_wrong_timeout, TSTAMP_N_SECS(2), clear_pam_wrong);
/* Cancel the clear_indicator_timeout, it would hide the unlock indicator
* too early. */
@@ -393,7 +421,7 @@ static void handle_key_press(xcb_key_press_event_t *ev
if ((ksym == XKB_KEY_j || ksym == XKB_KEY_m) && !ctrl)
break;
- if (pam_state == STATE_PAM_WRONG) {
+ if (auth_state == STATE_AUTH_WRONG) {
retry_verification = true;
return;
}
@@ -601,6 +629,7 @@ void handle_screen_resize(void) {
* Callback function for PAM. We only react on password request callbacks.
*
*/
+#ifndef USE_BSDAUTH
static int conv_callback(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr) {
if (num_msg == 0)
@@ -627,6 +656,7 @@ static int conv_callback(int num_msg, const struct pam
return 0;
}
+#endif /* !USE_BSDAUTH */
/*
* This callback is only a dummy, see xcb_prepare_cb and xcb_check_cb.
@@ -782,8 +812,10 @@ int main(int argc, char *argv[]) {
struct passwd *pw;
char *username;
char *image_path = NULL;
+#ifndef USE_BSDAUTH
int ret;
struct pam_conv conv = {conv_callback, NULL};
+#endif /* !USE_BSDAUTH */
int curs_choice = CURS_NONE;
int o;
int optind = 0;
@@ -877,17 +909,19 @@ int main(int argc, char *argv[]) {
* the unlock indicator upon keypresses. */
srand(time(NULL));
+#ifndef USE_BSDAUTH
/* Initialize PAM */
if ((ret = pam_start("i3lock", username, &conv, &pam_handle)) != PAM_SUCCESS)
errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret));
if ((ret = pam_set_item(pam_handle, PAM_TTY, getenv("DISPLAY"))) != PAM_SUCCESS)
errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret));
+#endif /* !USE_BSDAUTH */
/* Using mlock() as non-super-user seems only possible in Linux. Users of other
* operating systems should use encrypted swap/no swap (or remove the ifdef and
* run i3lock as super-user). */
-#if defined(__linux__)
+#if defined(__linux__) || defined(__OpenBSD__)
/* Lock the area where we store the password in memory, we dont want it to
* be swapped to disk. Since Linux 2.6.9, this does not require any
* privileges, just enough bytes in the RLIMIT_MEMLOCK limit. */
@@ -985,7 +1019,7 @@ int main(int argc, char *argv[]) {
cursor = create_cursor(conn, screen, win, curs_choice);
/* Display the "locking…" message while trying to grab the pointer/keyboard. */
- pam_state = STATE_PAM_LOCK;
+ auth_state = STATE_AUTH_LOCK;
grab_pointer_and_keyboard(conn, screen, cursor);
pid_t pid = fork();
@@ -1012,7 +1046,7 @@ int main(int argc, char *argv[]) {
errx(EXIT_FAILURE, "Could not initialize libev. Bad LIBEV_FLAGS?\n");
/* Explicitly call the screen redraw in case "locking…" message was displayed */
- pam_state = STATE_PAM_IDLE;
+ auth_state = STATE_AUTH_IDLE;
redraw_screen();
struct ev_io *xcb_watcher = calloc(sizeof(struct ev_io), 1);

100
x11/i3lock/patches/patch-unlock_indicator_c
View File

@ -1,100 +0,0 @@
$OpenBSD: patch-unlock_indicator_c,v 1.1.1.1 2017/04/15 12:53:02 jasper Exp $
Add bsd_auth(3) support.
--- unlock_indicator.c.orig Sun Mar 26 15:01:23 2017
+++ unlock_indicator.c Fri Apr 14 19:42:14 2017
@@ -78,7 +78,7 @@ static xcb_visualtype_t *vistype;
/* Maintain the current unlock/PAM state to draw the appropriate unlock
* indicator. */
unlock_state_t unlock_state;
-pam_state_t pam_state;
+auth_state_t auth_state;
/*
* Returns the scaling factor of the current screen. E.g., on a 227 DPI MacBook
@@ -141,7 +141,7 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
}
if (unlock_indicator &&
- (unlock_state >= STATE_KEY_PRESSED || pam_state > STATE_PAM_IDLE)) {
+ (unlock_state >= STATE_KEY_PRESSED || auth_state > STATE_AUTH_IDLE)) {
cairo_scale(ctx, scaling_factor(), scaling_factor());
/* Draw a (centered) circle with transparent background. */
cairo_set_line_width(ctx, 10.0);
@@ -154,12 +154,12 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
/* Use the appropriate color for the different PAM states
* (currently verifying, wrong password, or default) */
- switch (pam_state) {
- case STATE_PAM_VERIFY:
- case STATE_PAM_LOCK:
+ switch (auth_state) {
+ case STATE_AUTH_VERIFY:
+ case STATE_AUTH_LOCK:
cairo_set_source_rgba(ctx, 0, 114.0 / 255, 255.0 / 255, 0.75);
break;
- case STATE_PAM_WRONG:
+ case STATE_AUTH_WRONG:
case STATE_I3LOCK_LOCK_FAILED:
cairo_set_source_rgba(ctx, 250.0 / 255, 0, 0, 0.75);
break;
@@ -169,16 +169,16 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
}
cairo_fill_preserve(ctx);
- switch (pam_state) {
- case STATE_PAM_VERIFY:
- case STATE_PAM_LOCK:
+ switch (auth_state) {
+ case STATE_AUTH_VERIFY:
+ case STATE_AUTH_LOCK:
cairo_set_source_rgb(ctx, 51.0 / 255, 0, 250.0 / 255);
break;
- case STATE_PAM_WRONG:
+ case STATE_AUTH_WRONG:
case STATE_I3LOCK_LOCK_FAILED:
cairo_set_source_rgb(ctx, 125.0 / 255, 51.0 / 255, 0);
break;
- case STATE_PAM_IDLE:
+ case STATE_AUTH_IDLE:
cairo_set_source_rgb(ctx, 51.0 / 255, 125.0 / 255, 0);
break;
}
@@ -205,14 +205,14 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
cairo_set_source_rgb(ctx, 0, 0, 0);
cairo_select_font_face(ctx, "sans-serif", CAIRO_FONT_SLANT_NORMAL, CAIRO_FONT_WEIGHT_NORMAL);
cairo_set_font_size(ctx, 28.0);
- switch (pam_state) {
- case STATE_PAM_VERIFY:
+ switch (auth_state) {
+ case STATE_AUTH_VERIFY:
text = "verifying…";
break;
- case STATE_PAM_LOCK:
+ case STATE_AUTH_LOCK:
text = "locking…";
break;
- case STATE_PAM_WRONG:
+ case STATE_AUTH_WRONG:
text = "wrong!";
break;
case STATE_I3LOCK_LOCK_FAILED:
@@ -245,7 +245,7 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
cairo_close_path(ctx);
}
- if (pam_state == STATE_PAM_WRONG && (modifier_string != NULL)) {
+ if (auth_state == STATE_AUTH_WRONG && (modifier_string != NULL)) {
cairo_text_extents_t extents;
double x, y;
@@ -334,7 +334,7 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
*
*/
void redraw_screen(void) {
- DEBUG("redraw_screen(unlock_state = %d, pam_state = %d)\n", unlock_state, pam_state);
+ DEBUG("redraw_screen(unlock_state = %d, auth_state = %d)\n", unlock_state, auth_state);
xcb_pixmap_t bg_pixmap = draw_image(last_resolution);
xcb_change_window_attributes(conn, win, XCB_CW_BACK_PIXMAP, (uint32_t[1]){bg_pixmap});
/* XXX: Possible optimization: Only update the area in the middle of the

24
x11/i3lock/patches/patch-unlock_indicator_h
View File

@ -1,24 +0,0 @@
$OpenBSD: patch-unlock_indicator_h,v 1.1.1.1 2017/04/15 12:53:02 jasper Exp $
Add bsd_auth(3) support.
--- unlock_indicator.h.orig Sun Mar 26 15:01:23 2017
+++ unlock_indicator.h Fri Apr 14 19:42:14 2017
@@ -11,12 +11,12 @@ typedef enum {
} unlock_state_t;
typedef enum {
- STATE_PAM_IDLE = 0, /* no PAM interaction at the moment */
- STATE_PAM_VERIFY = 1, /* currently verifying the password via PAM */
- STATE_PAM_LOCK = 2, /* currently locking the screen */
- STATE_PAM_WRONG = 3, /* the password was wrong */
+ STATE_AUTH_IDLE = 0, /* no authenticator interaction at the moment */
+ STATE_AUTH_VERIFY = 1, /* currently verifying the password via authenticator */
+ STATE_AUTH_LOCK = 2, /* currently locking the screen */
+ STATE_AUTH_WRONG = 3, /* the password was wrong */
STATE_I3LOCK_LOCK_FAILED = 4 /* i3lock failed to load */
-} pam_state_t;
+} auth_state_t;
xcb_pixmap_t draw_image(uint32_t* resolution);
void redraw_screen(void);

24
x11/i3lock/patches/patch-xcb_c
View File

@ -1,24 +0,0 @@
$OpenBSD: patch-xcb_c,v 1.1.1.1 2017/04/15 12:53:02 jasper Exp $
Add bsd_auth(3) support.
--- xcb.c.orig Sun Mar 26 15:01:23 2017
+++ xcb.c Fri Apr 14 19:42:14 2017
@@ -24,7 +24,7 @@
#include "cursors.h"
#include "unlock_indicator.h"
-extern pam_state_t pam_state;
+extern auth_state_t auth_state;
xcb_connection_t *conn;
xcb_screen_t *screen;
@@ -262,7 +262,7 @@ void grab_pointer_and_keyboard(xcb_connection_t *conn,
/* After trying for 10000 times, i3lock will display an error message
* for 2 sec prior to terminate. */
if (tries <= 0) {
- pam_state = STATE_I3LOCK_LOCK_FAILED;
+ auth_state = STATE_I3LOCK_LOCK_FAILED;
redraw_screen();
sleep(1);
errx(EXIT_FAILURE, "Cannot grab pointer/keyboard");