moonlock

nevaforget/moonlock

Fork 0

Commit Graph

Author	SHA1	Message	Date
nevaforget	73c59e54c1	fix: drop pam_acct_mgmt from password and FP paths (v0.6.13) Update PKGBUILD version / update-pkgver (push) Successful in 3s Details The PAM stack only ever had `auth include login` — no account module. auth.rs nevertheless called pam_acct_mgmt after pam_authenticate, which fell back to /etc/pam.d/other (pam_deny) and rejected every password. On the FP side, the same call was wrapped in a spawn_blocking + 2s resume_async retry path that triggered a use-after-free in gtk_window_destroy (20+ SIGSEGVs in 6 days). - auth.rs: remove pam_acct_mgmt extern + call; return pam_authenticate result directly. Lockout still works via pam_faillock in the auth stack. - auth.rs: drop check_account() and its tests (FP path no longer needs it). - lockscreen.rs::start_fingerprint: on success go straight to label.set_text + fp.stop() + cb(); no PAM acct check, no resume retry. - fingerprint.rs: remove resume_async() — no caller left. - config/moonlock-pam: keep single `auth include login` line, matching swaylock/gtklock pattern. - CLAUDE.md, DECISIONS.md updated.	2026-05-04 09:28:11 +02:00
nevaforget	db05df36d4	Add security hardening, config system, and integration tests - Password wiping after PAM auth (bytearray zeroed) - TOML config loading (/etc/moonlock/ and ~/.config/moonlock/) - Config controls fingerprint_enabled and background_path - Integration tests for password/fingerprint auth flows - Security tests for bypass prevention and data cleanup - 51 tests passing	2026-03-26 12:36:58 +01:00
nevaforget	0ee451de9e	Add GTK4 lockscreen UI and ext-session-lock-v1 integration Lockscreen window with avatar, password entry, fingerprint indicator, power buttons. Session locking via Gtk4SessionLock (ext-session-lock-v1) with multi-monitor support and dev fallback mode.	2026-03-26 12:29:38 +01:00

Author

SHA1

Message

Date

nevaforget

73c59e54c1

fix: drop pam_acct_mgmt from password and FP paths (v0.6.13)

Update PKGBUILD version / update-pkgver (push) Successful in 3s

Details

The PAM stack only ever had `auth include login` — no account module.
auth.rs nevertheless called pam_acct_mgmt after pam_authenticate, which
fell back to /etc/pam.d/other (pam_deny) and rejected every password.
On the FP side, the same call was wrapped in a spawn_blocking + 2s
resume_async retry path that triggered a use-after-free in
gtk_window_destroy (20+ SIGSEGVs in 6 days).

- auth.rs: remove pam_acct_mgmt extern + call; return pam_authenticate
  result directly. Lockout still works via pam_faillock in the auth stack.
- auth.rs: drop check_account() and its tests (FP path no longer needs it).
- lockscreen.rs::start_fingerprint: on success go straight to
  label.set_text + fp.stop() + cb(); no PAM acct check, no resume retry.
- fingerprint.rs: remove resume_async() — no caller left.
- config/moonlock-pam: keep single `auth include login` line, matching
  swaylock/gtklock pattern.
- CLAUDE.md, DECISIONS.md updated.

2026-05-04 09:28:11 +02:00

nevaforget

db05df36d4

Add security hardening, config system, and integration tests

- Password wiping after PAM auth (bytearray zeroed)
- TOML config loading (/etc/moonlock/ and ~/.config/moonlock/)
- Config controls fingerprint_enabled and background_path
- Integration tests for password/fingerprint auth flows
- Security tests for bypass prevention and data cleanup
- 51 tests passing

2026-03-26 12:36:58 +01:00

nevaforget

0ee451de9e

Add GTK4 lockscreen UI and ext-session-lock-v1 integration

Lockscreen window with avatar, password entry, fingerprint indicator,
power buttons. Session locking via Gtk4SessionLock (ext-session-lock-v1)
with multi-monitor support and dev fallback mode.

2026-03-26 12:29:38 +01:00

3 Commits