Lock: add -ignore-empty-password option

This allows users who, habitually or otherwise, use the Enter key to wake their computer to avoid causing multiple failed authentication attempts in the process. Unfortunately, this doesn't seem viable as a default as there appear to be valid configurations where submitting an empty password to PAM is exactly what the user intends. To quote a commit message from when i3lock added this feature: > Some users may want to validate an empty password: PAM may rely on > other sources to unlock the screen, like the presence of a token or > the proximity of some Bluetooth device.
ifreund · Oct 26, 2023 · b9bd798 · b9bd798
1 parent 4ad16ca
commit b9bd798
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 0 deletions.
diff --git a/doc/waylock.1.scd b/doc/waylock.1.scd
@@ -35,6 +35,11 @@ unlocked.
 	session before suspend. With this option waylock will exit once the
 	session has been locked and it is safe to suspend.
 
+*-ignore-empty-password*
+	Do not submit empty passwords to PAM for validation when the Enter
+	key is pressed. Instead, do nothing. This may be useful if, for
+	example, the Enter key is used to wake the computer from sleep.
+
 *-init-color* _0xRRGGBB_
 	Set the initial color. (default: 0x002b36)
 

diff --git a/src/Lock.zig b/src/Lock.zig
@@ -30,6 +30,7 @@ pub const Color = enum {
 
 pub const Options = struct {
     fork_on_lock: bool,
+    ignore_empty_password: bool,
     init_color: u24 = 0x002b36,
     input_color: u24 = 0x6c71c4,
     fail_color: u24 = 0xdc322f,
@@ -59,6 +60,7 @@ state: enum {
 color: Color = .init,
 
 fork_on_lock: bool,
+ignore_empty_password: bool,
 
 pollfds: [2]os.pollfd,
 
@@ -80,6 +82,7 @@ auth_connection: auth.Connection,
 pub fn run(options: Options) void {
     var lock: Lock = .{
         .fork_on_lock = options.fork_on_lock,
+        .ignore_empty_password = options.ignore_empty_password,
         .pollfds = undefined,
         .display = wl.Display.connect(null) catch |err| {
             fatal("failed to connect to a wayland compositor: {s}", .{@errorName(err)});
@@ -381,6 +384,11 @@ fn session_lock_listener(_: *ext.SessionLockV1, event: ext.SessionLockV1.Event,
 pub fn submit_password(lock: *Lock) void {
     assert(lock.state == .locked);
 
+    if (lock.ignore_empty_password and lock.password.buffer.len == 0) {
+        log.info("ignoring submission of empty password", .{});
+        return;
+    }
+
     lock.send_password_to_auth() catch |err| {
         fatal("failed to send password to child authentication process: {s}", .{@errorName(err)});
     };

diff --git a/src/main.zig b/src/main.zig
@@ -31,6 +31,7 @@ pub fn main() void {
         .{ .name = "version", .kind = .boolean },
         .{ .name = "log-level", .kind = .arg },
         .{ .name = "fork-on-lock", .kind = .boolean },
+        .{ .name = "ignore-empty-password", .kind = .boolean },
         .{ .name = "init-color", .kind = .arg },
         .{ .name = "input-color", .kind = .arg },
         .{ .name = "fail-color", .kind = .arg },
@@ -69,6 +70,7 @@ pub fn main() void {
 
     var options: Lock.Options = .{
         .fork_on_lock = result.flags.@"fork-on-lock",
+        .ignore_empty_password = result.flags.@"ignore-empty-password",
     };
     if (result.flags.@"init-color") |raw| options.init_color = parse_color(raw);
     if (result.flags.@"input-color") |raw| options.input_color = parse_color(raw);