From f235cba312895587f63ccdef18ea1fc845ac8254 Mon Sep 17 00:00:00 2001 From: elenapan Date: Thu, 16 Apr 2020 03:56:46 +0300 Subject: [PATCH] Add support for PAM authentication in lock screen --- README.md | 18 +++++++++- config/awesome/elemental/lock_screen/init.lua | 33 +++++++++++++++++++ .../{ => lock_screen}/lock_screen.lua | 18 +++++----- config/awesome/helpers.lua | 6 ++++ config/awesome/rc.lua | 16 +++++---- 5 files changed, 74 insertions(+), 17 deletions(-) create mode 100644 config/awesome/elemental/lock_screen/init.lua rename config/awesome/elemental/{ => lock_screen}/lock_screen.lua (93%) diff --git a/README.md b/README.md index ba13963..bea4e3c 100644 --- a/README.md +++ b/README.md @@ -112,7 +112,21 @@ Here are the instructions you should follow to replicate my AwesomeWM setup. cp -r config/awesome ~/.config/awesome ``` - Optionally, you can take a look at [how my configuration is structured](#awesomewm-configuration-file-structure). + + *(Optional but recommended)* Improved lock screen security + + Instead of authenticating with a custom password stored in plain text inside your configuration files, it is possible to use [PAM](https://wiki.archlinux.org/index.php/PAM) in order to do it using your regular user password in a secure way. [lua-pam](https://github.com/RMTT/lua-pam) allows us to use PAM from within AwesomeWM. + + You will need to install the `pam` package through your distribution's package manager and then follow the [instructions to build lua-pam](https://github.com/RMTT/lua-pam). + After building it, you can simply copy the resulting `liblua_pam.so` file to the lock screen configuration directory, like so: + + ```shell + cp liblua_pam.so ~/.config/awesome/elemental/lock_screen/ + ``` + + If you do not want to install it, no worries! + You can set a custom lock screen password in your user preferences (see next section). + + The lock screen will automatically determine the authentication method depending on whether `lua-pam` is installed or not. 4. Configure stuff @@ -133,6 +147,8 @@ Here are the instructions you should follow to replicate my AwesomeWM setup. You can edit `keys.lua` to configure your keybinds. + + *(Optional)* This is also a good time to take a look at [how my configuration is structured](#awesomewm-configuration-file-structure) in order to understand the purpose of each file. + 5. Login with AwesomeWM 🎉 Congratulations, at this point you should be ready to log out of your current desktop and into AwesomeWM. diff --git a/config/awesome/elemental/lock_screen/init.lua b/config/awesome/elemental/lock_screen/init.lua new file mode 100644 index 0000000..1525b56 --- /dev/null +++ b/config/awesome/elemental/lock_screen/init.lua @@ -0,0 +1,33 @@ +local awful = require("awful") +local helpers = require("helpers") + +local lock_screen = {} + +-- local lua_pam_path = os.getenv("HOME").."/.config/awesome/elemental/lock_screen/liblua_pam.so" +local lua_pam_path = helpers.this_dir().."liblua_pam.so" + +lock_screen.init = function () + -- Initialize authentication method based on whether lua-pam has been + -- installed or not + awful.spawn.easy_async_with_shell("stat "..lua_pam_path.." >/dev/null 2>&1", function (_, __, ___, exitcode) + if exitcode == 0 then + local pam = require("liblua_pam") + -- lua-pam was installed. + -- Authenticate with PAM + lock_screen.authenticate = function (password) + return pam.auth_current_user(password) + end + else + -- lua-pam was NOT installed. + -- Authenticate with user.lock_screen_custom_password + lock_screen.authenticate = function (password) + return password == user.lock_screen_custom_password + end + end + + -- Load the lock_screen element + require("elemental.lock_screen.lock_screen") + end) +end + +return lock_screen diff --git a/config/awesome/elemental/lock_screen.lua b/config/awesome/elemental/lock_screen/lock_screen.lua similarity index 93% rename from config/awesome/elemental/lock_screen.lua rename to config/awesome/elemental/lock_screen/lock_screen.lua index 76063b7..46f5468 100644 --- a/config/awesome/elemental/lock_screen.lua +++ b/config/awesome/elemental/lock_screen/lock_screen.lua @@ -7,10 +7,8 @@ local gears = require("gears") local wibox = require("wibox") local beautiful = require("beautiful") local naughty = require("naughty") - local helpers = require("helpers") - -local password = user.lock_screen_password or "" +local lock_screen = require("elemental.lock_screen") local lock_screen_symbol = "" local lock_screen_fail_symbol = "" @@ -31,16 +29,16 @@ local some_textbox = wibox.widget.textbox() -- Create the lock screen wibox -- Set the type to "splash" and set all "splash" windows to be blurred in your -- compositor configuration file -lock_screen = wibox({visible = false, ontop = true, type = "splash", screen = screen.primary}) -awful.placement.maximize(lock_screen) +lock_screen_box = wibox({visible = false, ontop = true, type = "splash", screen = screen.primary}) +awful.placement.maximize(lock_screen_box) -lock_screen.bg = beautiful.lock_screen_bg or beautiful.exit_screen_bg or beautiful.wibar_bg or "#111111" -lock_screen.fg = beautiful.lock_screen_fg or beautiful.exit_screen_fg or beautiful.wibar_fg or "#FEFEFE" +lock_screen_box.bg = beautiful.lock_screen_bg or beautiful.exit_screen_bg or beautiful.wibar_bg or "#111111" +lock_screen_box.fg = beautiful.lock_screen_fg or beautiful.exit_screen_fg or beautiful.wibar_fg or "#FEFEFE" -- Add lockscreen to each screen for s in screen do if s == screen.primary then - s.mylockscreen = lock_screen + s.mylockscreen = lock_screen_box else s.mylockscreen = helpers.screen_mask(s, beautiful.lock_screen_bg or beautiful.exit_screen_bg or x.background) end @@ -218,7 +216,7 @@ local function grab_password() end, exe_callback = function(input) -- Check input - if input == password then + if lock_screen.authenticate(input) then -- YAY reset() set_visibility(false) @@ -238,7 +236,7 @@ function lock_screen_show() end -- Item placement -lock_screen:setup { +lock_screen_box:setup { -- Horizontal centering nil, { diff --git a/config/awesome/helpers.lua b/config/awesome/helpers.lua index 33201f4..8825caf 100644 --- a/config/awesome/helpers.lua +++ b/config/awesome/helpers.lua @@ -478,5 +478,11 @@ function helpers.remote_watch(command, interval, output_file, callback) } end +-- The directory of the currently executed lua script +-- Requires the `debug` library to be available in the build of Lua that is running +function helpers.this_dir() + local str = debug.getinfo(2, "S").source:sub(2) + return str:match("(.*/)") +end return helpers diff --git a/config/awesome/rc.lua b/config/awesome/rc.lua index c71c00c..c44f294 100644 --- a/config/awesome/rc.lua +++ b/config/awesome/rc.lua @@ -108,10 +108,12 @@ user = { sidebar_show_on_mouse_screen_edge = true, -- >> Lock screen << - -- You can set this to whatever you want or leave it empty in - -- order to unlock with just the Enter key. - -- lock_screen_password = "", - lock_screen_password = "awesome", + -- This password will ONLY be used if you have not installed + -- https://github.com/RMTT/lua-pam + -- as described in the README instructions + -- Leave it empty in order to unlock with just the Enter key. + -- lock_screen_custom_password = "", + lock_screen_custom_password = "awesome", -- >> Battery << -- You will receive notifications when your battery reaches these @@ -216,8 +218,10 @@ require("elemental.sidebar."..sidebar_theme) -- Dashboard (previously called: Start screen) require("elemental.dashboard."..dashboard_theme) -- Lock screen --- Make sure to configure your password in the 'user' section above -require("elemental.lock_screen") +-- Make sure to install lua-pam as described in the README or configure your +-- custom password in the 'user' section above +local lock_screen = require("elemental.lock_screen") +lock_screen.init() -- App drawer require("elemental.app_drawer") -- Window switcher