fix: security and correctness audit fixes (v0.4.1)

PAM conv callback: check msg_style (password only for ECHO_OFF), handle strdup OOM with proper cleanup, null-check PAM handle. Fingerprint: self-wire D-Bus g-signal in start() via Rc<RefCell<>> and connect_local — VerifyStatus signals are now actually dispatched. VerifyStop before VerifyStart in restart_verify. Lockscreen: password entry stays active after faillock threshold (PAM decides lockout, not UI), use Zeroizing<String> from GTK entry. Release builds exit(1) without ext-session-lock-v1 support. Config: fingerprint_enabled as Option<bool> so empty user config does not override system config. Dead code: remove unused i18n strings and fingerprint accessors, parameterize faillock_warning max_attempts.
2026-03-28 00:06:27 +01:00
parent 64f032cd9a
commit 17f8930ff7
8 changed files with 201 additions and 70 deletions
@@ -43,8 +43,16 @@ fn activate(app: &gtk::Application) {
    if gtk4_session_lock::is_supported() {
        activate_with_session_lock(app, &display, &bg_path, &config);
    } else {
-        log::warn!("ext-session-lock-v1 not supported — running in development mode");
-        activate_without_lock(app, &bg_path, &config);
+        #[cfg(debug_assertions)]
+        {
+            log::warn!("ext-session-lock-v1 not supported — running in development mode");
+            activate_without_lock(app, &bg_path, &config);
+        }
+        #[cfg(not(debug_assertions))]
+        {
+            log::error!("ext-session-lock-v1 not supported — refusing to run without session lock");
+            std::process::exit(1);
+        }
    }
 }

@@ -90,6 +98,7 @@ fn activate_with_session_lock(
    }
 }

+#[cfg(debug_assertions)]
 fn activate_without_lock(
    app: &gtk::Application,
    bg_path: &PathBuf,