lock: Introduce locking - inaban - Distrustful Wayland Compositor (inspired by XMonad and dwm)

commit: 041e12b4aee66b4cf2625783861e390fc092223f
parent 2d0e5a96ba00d2b331404c7ab9f3882f938cc968
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Mon, 10 May 2021 09:59:05 +0200

lock: Introduce locking

Diffstat:
M commands.c 7 +++++++
M config.h 2 ++
M inaban.c 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
M inaban.h 3 +++
M security.md 7 ++++---

5 files changed, 72 insertions(+), 6 deletions(-)
diff --git a/commands.c b/commands.c
@@ -66,3 +66,10 @@ quit(const Arg *arg)
 	(void)arg;
 	wl_display_terminate(server.wl_display);
 }
+
+void
+lock(const Arg *arg)
+{
+	(void)arg;
+	server.locked = true;
+}
diff --git a/config.h b/config.h
@@ -6,6 +6,7 @@ static char *termcmd[] = {"svte", NULL};
 
 static const float background_color[4] = {0.11f, 0.11f, 0.11f, 1.0f}; // approx. gruvbox hard-dark
 static const float border_color[4]     = {0.25f, 0.25f, 0.50f, 1.0f};
+static const float locked_color[4]     = {0.50f, 0.25f, 0.25f, 1.0f};
 
 #define BORDER_SIZE 1
 
@@ -19,6 +20,7 @@ static Shortcut shortcuts[] = {
 //    {ModMask,                XKB_KEY_p,      spawn,          {.v = menucmd}},
     {ModMask,                XKB_KEY_Return, spawn,          {.v = termcmd}},
     {ModMask | ShiftMask,    XKB_KEY_q,      quit,           {0}},
+    {ModMask,                XKB_KEY_l,      lock,           {0}},
 //    {MODKEY | ShiftMask,    XKB_KEY_c,      killclient,     {0}},
 //    {MODKEY,                XKB_KEY_j,      focusstack,     {.i = +1}},
 //    {MODKEY,                XKB_KEY_k,      focusstack,     {.i = -1}},
diff --git a/inaban.c b/inaban.c
@@ -31,8 +31,15 @@ keyboard_handle_modifiers(struct wl_listener *listener, void *data)
 	struct inaban_keyboard *keyboard = wl_container_of(listener, keyboard, modifiers);
 	struct wlr_seat *seat            = keyboard->server->seat;
 
-	wlr_seat_set_keyboard(seat, keyboard->device);
-	wlr_seat_keyboard_notify_modifiers(seat, &keyboard->device->keyboard->modifiers);
+	if(server.locked == true)
+	{
+		// needs to be written
+	}
+	else
+	{
+		wlr_seat_set_keyboard(seat, keyboard->device);
+		wlr_seat_keyboard_notify_modifiers(seat, &keyboard->device->keyboard->modifiers);
+	}
 }
 
 /* event raised when a key is pressed or released. */
@@ -51,6 +58,12 @@ keyboard_handle_key(struct wl_listener *listener, void *data)
 	bool handled       = false;
 	uint32_t modifiers = wlr_keyboard_get_modifiers(keyboard->device->keyboard);
 
+	if(server->locked == true)
+	{
+		// needs to be written
+		return;
+	}
+
 	switch(event->state)
 	{
 	case WL_KEYBOARD_KEY_STATE_PRESSED:
@@ -286,6 +299,10 @@ process_cursor_motion(struct inaban_server *server, uint32_t time)
 static void
 server_cursor_motion(struct wl_listener *listener, void *data)
 {
+	if(server.locked == true)
+	{
+		return;
+	}
 	/* This event is forwarded by the cursor when a pointer emits a _relative_
 	 * pointer motion event (i.e. a delta) */
 	struct inaban_server *server           = wl_container_of(listener, server, cursor_motion);
@@ -302,6 +319,10 @@ server_cursor_motion(struct wl_listener *listener, void *data)
 static void
 server_cursor_motion_absolute(struct wl_listener *listener, void *data)
 {
+	if(server.locked == true)
+	{
+		return;
+	}
 	/* This event is forwarded by the cursor when a pointer emits an _absolute_
 	 * motion event, from 0..1 on each axis. This happens, for example, when
 	 * wlroots is running under a Wayland window rather than KMS+DRM, and you
@@ -318,6 +339,11 @@ server_cursor_motion_absolute(struct wl_listener *listener, void *data)
 static void
 server_cursor_button(struct wl_listener *listener, void *data)
 {
+	if(server.locked == true)
+	{
+		return;
+	}
+
 	struct inaban_server *server           = wl_container_of(listener, server, cursor_button);
 	struct wlr_event_pointer_button *event = data;
 	double sx, sy;
@@ -368,6 +394,11 @@ server_cursor_button(struct wl_listener *listener, void *data)
 static void
 server_cursor_axis(struct wl_listener *listener, void *data)
 {
+	if(server.locked == true)
+	{
+		return;
+	}
+
 	/* This event is forwarded by the cursor when a pointer emits an axis event,
 	 * for example when you move the scroll wheel. */
 	struct inaban_server *server         = wl_container_of(listener, server, cursor_axis);
@@ -384,6 +415,10 @@ server_cursor_axis(struct wl_listener *listener, void *data)
 static void
 server_cursor_frame(struct wl_listener *listener, void *data)
 {
+	if(server.locked == true)
+	{
+		return;
+	}
 	(void)data;
 	/* This event is forwarded by the cursor when a pointer emits an frame
 	 * event. Frame events are sent after regular pointer events to group
@@ -492,8 +527,16 @@ output_frame(struct wl_listener *listener, void *data)
 	/* Begin the renderer (calls glViewport and some other GL sanity checks) */
 	wlr_renderer_begin(renderer, (uint32_t)width, (uint32_t)height);
 
-	wlr_renderer_clear(renderer, background_color);
+	if(output->server->locked == true)
+	{
+		// cursor isn't draw because the cursor motion is ignored
+		wlr_renderer_clear(renderer, locked_color);
+		wlr_renderer_end(renderer);
+		wlr_output_commit(output->wlr_output);
+		return;
+	}
 
+	wlr_renderer_clear(renderer, background_color);
 	/* Each subsequent window we render is rendered on top of the last. Because
 	 * our view list is ordered front-to-back, we iterate over it backwards. */
 	struct inaban_view *view;
@@ -637,6 +680,10 @@ server_new_xdg_surface(struct wl_listener *listener, void *data)
 static void
 handle_request_set_primary_selection(struct wl_listener *listener, void *data)
 {
+	if(server.locked == true)
+	{
+		return;
+	}
 	struct inaban_server *server = wl_container_of(listener, server, request_set_primary_selection);
 
 	struct wlr_seat_request_set_primary_selection_event *event = data;
@@ -647,6 +694,10 @@ handle_request_set_primary_selection(struct wl_listener *listener, void *data)
 static void
 handle_request_set_selection(struct wl_listener *listener, void *data)
 {
+	if(server.locked == true)
+	{
+		return;
+	}
 	struct inaban_server *server = wl_container_of(listener, server, request_set_selection);
 
 	struct wlr_seat_request_set_selection_event *event = data;
@@ -678,6 +729,8 @@ main(int argc, char *argv[])
 	struct wlr_server_decoration_manager *server_decoration_manager = NULL;
 	struct wlr_xdg_decoration_manager_v1 *xdg_decoration_manager    = NULL;
 
+	server.locked = false;
+
 	if((getuid() * geteuid() * getgid() * getegid()) == 0)
 	{
 		wlr_log(WLR_ERROR, "running as root, refusing to continue");
diff --git a/inaban.h b/inaban.h
@@ -84,6 +84,8 @@ struct inaban_server
 	/* clipboard */
 	struct wl_listener request_set_primary_selection;
 	struct wl_listener request_set_selection;
+
+	bool locked;
 };
 
 struct inaban_output
@@ -147,4 +149,5 @@ typedef struct
 void spawn(const Arg *arg);
 void focus_view(struct inaban_view *view, struct wlr_surface *surface);
 void quit(const Arg *arg);
+void lock(const Arg *arg);
 #endif /* INABAN_H */
diff --git a/security.md b/security.md
@@ -22,7 +22,8 @@ Special permissions are needed for: Screen capturing/recording, app-requested fu
 - Normal applications get title/`app_id`/… displayed when Logo is pressed
 - Separated authentication process launched by the compositor
 	- setuid-root is frowned upon, use TCB shadow
-	- PAM is unsupported, I believe it suffers design issues
-	- Can return only "Valid" or "Denied" to stdout; Other messages trigger a warning
+	- PAM is unsupported
+	- Patches for OpenBSD Authentication are welcome
+	- On success it returned a unique hash to stdout and returned 0
 	- stderr for Error messages
-- Screensavers are unsupported for now, they could be handed a special file descriptor
+- Screensavers are unsupported for now, they could be handed a wayland file descriptor to connect to

M	commands.c	7	+++++++
M	config.h	2	++
M	inaban.c	59	++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
M	inaban.h	3	+++
M	security.md	7	++++---