Hello community, here is the log from the commit of package i3lock for openSUSE:Factory checked in at 2014-02-18 20:24:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/i3lock (Old) and /work/SRC/openSUSE:Factory/.i3lock.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "i3lock" Changes: -------- --- /work/SRC/openSUSE:Factory/i3lock/i3lock.changes 2013-04-29 13:57:59.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.i3lock.new/i3lock.changes 2014-02-18 20:24:38.000000000 +0100 @@ -1,0 +2,33 @@ +Mon Feb 17 08:01:39 UTC 2014 - [email protected] + +- readd the pam config file, which is still needed by unix2_chkpwd + (I should read the man page more thoroughly next time) + +------------------------------------------------------------------- +Sat Feb 15 13:51:41 UTC 2014 - [email protected] + +- add patch to use unix2_chkpwd instead of pam directly (which + would need to make i3lock sgid shadow to work for non-root) + * i3lock-2.5-use-unix2_chkpwd.diff + +------------------------------------------------------------------- +Sat Feb 15 10:45:46 UTC 2014 - [email protected] + +- update to version 2.5: + * NEW DEPENDENCY: Use libxkbcommon for input handling + This makes input handling much better for many edge cases. + * Bugfix: fix argument parsing on ARM (s/char/int/) + * Bugfix: free(reply) to avoid memory leak + * Bugfix: Use ev_loop_fork after fork, fixes forking on kqueue based OSes + * Bugfix: Fix centering the indicator in the no-xinerama case + * promote the "could not load image" message from debug to normal + * s/pam_message/pam_response/ (Thanks Tucos) + * remove support for NOLIBCAIRO, cairo-xcb is widespread by now + * Allow XKB_KEY_XF86ScreenSaver as synonym for enter + This keysym is generated on convertible tablets by pressing a hardware + lock/unlock button. + * Allow passwordless PAM conversations (e.g. fingerprint) + * Add ctrl+u password reset + * Set window name to i3lock + +------------------------------------------------------------------- Old: ---- i3lock-2.4.1.tar.bz2 New: ---- i3lock-2.5-use-unix2_chkpwd.diff i3lock-2.5.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ i3lock.spec ++++++ --- /var/tmp/diff_new_pack.0duHcT/_old 2014-02-18 20:24:39.000000000 +0100 +++ /var/tmp/diff_new_pack.0duHcT/_new 2014-02-18 20:24:39.000000000 +0100 @@ -2,7 +2,8 @@ # # spec file for package i3lock # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 B1 Systems GmbH, Vohburg, Germany. # Copyright (c) 2012 Pascal Bleser <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -21,13 +22,15 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ Name: i3lock -Version: 2.4.1 +Version: 2.5 Release: 0 Summary: Screen Locker for the i3 Window Manager License: BSD-3-Clause Group: System/GUI/Other Source: http://i3wm.org/i3lock/i3lock-%{version}.tar.bz2 Source1: i3lock.pam +# PATCH-FEATURE-OPENSUSE i3lock-2.5-use-unix2_chkpwd.diff -- [email protected] +Patch1: i3lock-2.5-use-unix2_chkpwd.diff Url: http://i3wm.org/i3lock/ BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: cairo-devel @@ -35,6 +38,10 @@ BuildRequires: glib2-devel BuildRequires: glibc-devel BuildRequires: libev-devel +%if 0%{?suse_version} > 1310 +# /usr/lib64/libEGL.so.1 now requires libudev.so.1, might be a packaging error +BuildRequires: libudev1 +%endif BuildRequires: make BuildRequires: pam-devel BuildRequires: pkgconfig @@ -43,6 +50,7 @@ BuildRequires: pam-modules BuildRequires: pkgconfig(xcb-image) BuildRequires: pkgconfig(xcb-keysyms) +BuildRequires: pkgconfig(xkbcommon) %description i3lock is a simple screen locker like slock. After starting it, you will see a @@ -51,22 +59,19 @@ %prep %setup -q +%patch1 -p1 %build export CFLAGS="%{optflags}" make %{?_smp_mflags} \ -%if 0%{?suse_version} < 1220 - NOLIBCAIRO=1 \ -%endif + USE_UNIX2_CHKPWD=1 \ PREFIX="%{_prefix}" \ SYSCONFDIR="%{_sysconfdir}" %install export CFLAGS="%{optflags}" make \ -%if 0%{?suse_version} < 1220 - NOLIBCAIRO=1 \ -%endif + USE_UNIX2_CHKPWD=1 \ PREFIX="%{_prefix}" \ SYSCONFDIR="%{_sysconfdir}" \ DESTDIR="%{buildroot}" \ ++++++ i3lock-2.5-use-unix2_chkpwd.diff ++++++ Author: Stefan Seyfried <[email protected]> Date: Sat Feb 15 14:20:27 2014 +0100 add the option to use unix2_chkpwd instead of needing setgid shadow diff --git a/Makefile b/Makefile index 2633bef..27a471b 100644 --- a/Makefile +++ b/Makefile @@ -13,7 +13,11 @@ CFLAGS += -Wall CPPFLAGS += -D_GNU_SOURCE CFLAGS += $(shell pkg-config --cflags cairo xcb-dpms xcb-xinerama xcb-atom xkbcommon xkbfile x11 x11-xcb) LIBS += $(shell pkg-config --libs cairo xcb-dpms xcb-xinerama xcb-atom xcb-image xkbcommon xkbfile x11 x11-xcb) +ifeq ($(USE_UNIX2_CHKPWD),1) +CFLAGS += -DUSE_UNIX2_CHKPWD=1 +else LIBS += -lpam +endif LIBS += -lev FILES:=$(wildcard *.c) diff --git a/i3lock.c b/i3lock.c index 5a87999..70842c6 100644 --- a/i3lock.c +++ b/i3lock.c @@ -16,7 +16,9 @@ #include <xcb/dpms.h> #include <err.h> #include <assert.h> +#ifndef USE_UNIX2_CHKPWD #include <security/pam_appl.h> +#endif #include <X11/Xlib-xcb.h> #include <getopt.h> #include <string.h> @@ -28,6 +30,13 @@ #include <cairo.h> #include <cairo/cairo-xcb.h> +#ifdef USE_UNIX2_CHKPWD +#include <sys/types.h> +#include <sys/wait.h> +#include <pwd.h> +#include <errno.h> +#endif + #include "i3lock.h" #include "xcb.h" #include "cursors.h" @@ -40,7 +49,9 @@ char color[7] = "ffffff"; uint32_t last_resolution[2]; xcb_window_t win; static xcb_cursor_t cursor; +#ifndef USE_UNIX2_CHKPWD static pam_handle_t *pam_handle; +#endif int input_position = 0; /* Holds the password you enter (in UTF-8). */ static char password[512]; @@ -195,11 +206,68 @@ static void input_done(void) { pam_state = STATE_PAM_VERIFY; redraw_screen(); +#ifdef USE_UNIX2_CHKPWD + struct passwd *pw; + + pw = getpwuid(getuid()); + if (! pw) + perror("i3lock: getpwuid() failed"); + else { + int pfd[2], status; + pid_t pid; + + if (pipe(pfd) < 0) { + perror("i3lock: pipe() failed"); + goto auth_failed; + } + + if ((pid = fork()) < 0) { + perror("i3lock: fork() failed"); + close(pfd[0]); + close(pfd[1]); + goto auth_failed; + } + + if (pid == 0) { + close(pfd[1]); + if (pfd[0] != 0) + dup2(pfd[0], 0); + + /* Helper is invoked as helper service-name [user] */ + printf("calling '/sbin/unix2_chkpwd i3lock %s'\n", pw->pw_name); + execlp("/sbin/unix2_chkpwd", "/sbin/unix2_chkpwd", "i3lock", pw->pw_name, NULL); + perror("i3lock: execlp(/sbin/unix2_chkpwd)"); + exit(1); + } + + close(pfd[0]); + /* Write out password to helper process */ + write(pfd[1], password, strlen(password)); + close(pfd[1]); + + while (waitpid(pid, &status, 0) < 0) { + if (errno == EINTR) + continue; + perror("i3lock: waitpid() failed"); + goto auth_failed; + } + + if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) + goto auth_failed; + endpwent(); + DEBUG("successfully authenticated\n"); + clear_password_memory(); + exit(0); + } + auth_failed: + endpwent(); +#else if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) { DEBUG("successfully authenticated\n"); clear_password_memory(); exit(0); } +#endif if (debug_mode) fprintf(stderr, "Authentication failure\n"); @@ -398,6 +466,7 @@ void handle_screen_resize(void) { redraw_screen(); } +#ifndef USE_UNIX2_CHKPWD /* * Callback function for PAM. We only react on password request callbacks. * @@ -429,6 +498,7 @@ static int conv_callback(int num_msg, const struct pam_message **msg, return 0; } +#endif /* * This callback is only a dummy, see xcb_prepare_cb and xcb_check_cb. @@ -516,8 +586,10 @@ static void xcb_check_cb(EV_P_ ev_check *w, int revents) { int main(int argc, char *argv[]) { char *username; char *image_path = NULL; +#ifndef USE_UNIX2_CHKPWD int ret; struct pam_conv conv = {conv_callback, NULL}; +#endif int curs_choice = CURS_NONE; int o; int optind = 0; @@ -597,10 +669,12 @@ int main(int argc, char *argv[]) { * the unlock indicator upon keypresses. */ srand(time(NULL)); +#ifndef USE_UNIX2_CHKPWD /* Initialize PAM */ ret = pam_start("i3lock", username, &conv, &pam_handle); if (ret != PAM_SUCCESS) errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret)); +#endif /* Using mlock() as non-super-user seems only possible in Linux. Users of other * operating systems should use encrypted swap/no swap (or remove the ifdef and ++++++ i3lock-2.4.1.tar.bz2 -> i3lock-2.5.tar.bz2 ++++++ ++++ 1838 lines of diff (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
