* pam: fix username race by using getpwuid_r instead of getpwuid
getpwuid() returns a pointer into a static buffer shared across all
threads. Any getpw*/getpwent call from another thread — including
those made internally by PAM modules during authentication — will
overwrite it before pam_start() reads pw_name, causing hyprlock to
authenticate as a random system user (root, bin, systemd-network)
or fail with 'user unknown'.
Replace with getpwuid_r(), which writes into a caller-supplied buffer,
and copy pw_name into a std::string before calling pam_start().
* pam: get username once
Instead of retrieving the username via getpwuid_r as in a69f526c95,
get the username once when initializing CPam and save it in a string.
This should be sufficent for making sure there are no problems with the
static buffer returned by getpwuid and is simpler.
* misc: clang-format
---------
Co-authored-by: mcgi5sr2 <mcgi5sr2@gmail.com>
Makes more sense than clearing the input buffer in the auth impl.
Also added a check for the password buffer length to reset the fail
color as soon as the password length > 0.
BREAKING:
- Removed $PROMPT variable. Either use $PAMPROMPT or $FPRINTPROMPT.
- Removed $FPRINTMESSAGE. Use $FPRINTPROMPT instead. There is also
$FPRINTFAIL.
* auth: add an interface for different authentication methods
* auth: pick inline feedback based on last active implementation
* config: move auth options to auth:<auth_impl>
BREAKING:
- general:pam_module -> auth:pam:module
- general:enable_fingerprint -> auth:fingerprint:enabled
- general:fingerprint_ready_message -> auth:fingerprint:ready_message
- general:fingerprint_present_message ->
auth:fingerprint:present_message
* auth: don't clear password input for fingerprint auth check
* fingerprint: checkAuthenticated when handling verfiy status
* Revert conditionally clearing the password input buffer
Makes sure the input field can show the fail text for fingerprint auth.
* auth: virtual instead of override, remove braces
* pam: join the thread
* auth: remove isAuthenticated and switch to a control flow based unlock
* auth: initialize authentication before aquiring the session lock
