From 41f547e49ed6ea36b8165500491a2752d2a478c1 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Tue, 9 Nov 2021 12:15:42 +0100
Subject: [PATCH] i3lock: Add syslog support

... that gets enabled if syslog() is available and
produces messages like:

    2021-12-04T10:53:59.806338+01:00 t520.local i3lock <9>1 25791 - - Locking screen for fk.
    2021-12-04T10:54:01.771469+01:00 t520.local i3lock <9>1 36520 - - Authentication failure for fk.
    2021-12-04T10:54:04.018666+01:00 t520.local i3lock <9>1 36520 - - Successfully authenticated fk.

While the first and the last message could also be created
with a script, creating the one in the middle with a script
would be less trivial.
---
 configure.ac |  1 +
 i3lock.c     | 28 +++++++++++++++++++++++-----
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/configure.ac b/configure.ac
index 32ab0b3..a3a6841 100644
--- a/configure.ac
+++ b/configure.ac
@@ -67,6 +67,7 @@ AC_FUNC_LSTAT_FOLLOWS_SLASHED_SYMLINK
 AC_FUNC_STRNLEN
 AC_CHECK_FUNCS([atexit dup2 ftruncate getcwd gettimeofday localtime_r memchr memset mkdir rmdir setlocale socket strcasecmp strchr strdup strerror strncasecmp strndup strrchr strspn strstr strtol strtoul], , [AC_MSG_FAILURE([cannot find the $ac_func function, which i3lock requires])])
 AC_CHECK_FUNCS([explicit_bzero])
+AC_CHECK_FUNCS([syslog])
 
 # Checks for libraries.
 
diff --git a/i3lock.c b/i3lock.c
index 3ab9397..af9cb05 100644
--- a/i3lock.c
+++ b/i3lock.c
@@ -15,7 +15,13 @@
 #include <string.h>
 #include <unistd.h>
 #include <stdbool.h>
+#ifdef HAVE_SYSLOG
+#include <stdarg.h>
+#endif
 #include <stdint.h>
+#ifdef HAVE_SYSLOG
+#include <syslog.h>
+#endif
 #include <xcb/xcb.h>
 #include <xcb/xkb.h>
 #include <err.h>
@@ -270,17 +276,19 @@ static void discard_passwd_cb(EV_P_ ev_timer *w, int revents) {
 }
 
 static void input_done(void) {
+#if defined(__OpenBSD__) || defined(HAVE_SYSLOG)
+    struct passwd *pw;
+
+    if (!(pw = getpwuid(getuid())))
+        errx(1, "unknown uid %u.", getuid());
+#endif
+
     STOP_TIMER(clear_auth_wrong_timeout);
     auth_state = STATE_AUTH_VERIFY;
     unlock_state = STATE_STARTED;
     redraw_screen();
 
 #ifdef __OpenBSD__
-    struct passwd *pw;
-
-    if (!(pw = getpwuid(getuid())))
-        errx(1, "unknown uid %u.", getuid());
-
     if (auth_userokay(pw->pw_name, NULL, NULL, password) != 0) {
         DEBUG("successfully authenticated\n");
         clear_password_memory();
@@ -291,6 +299,9 @@ static void input_done(void) {
 #else
     if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) {
         DEBUG("successfully authenticated\n");
+#ifdef HAVE_SYSLOG
+        syslog(LOG_ALERT, "Successfully authenticated %s.", pw->pw_name);
+#endif
         clear_password_memory();
 
         /* PAM credentials should be refreshed, this will for example update any kerberos tickets.
@@ -305,6 +316,9 @@ static void input_done(void) {
     }
 #endif
 
+#ifdef HAVE_SYSLOG
+    syslog(LOG_ALERT, "Authentication failure for %s.", pw->pw_name);
+#endif
     if (debug_mode)
         fprintf(stderr, "Authentication failure\n");
 
@@ -1233,6 +1247,10 @@ int main(int argc, char *argv[]) {
 
     cursor = create_cursor(conn, screen, win, curs_choice);
 
+#ifdef HAVE_SYSLOG
+    syslog(LOG_ALERT, "Locking screen for %s.", username);
+#endif
+
     /* Display the "locking…" message while trying to grab the pointer/keyboard. */
     auth_state = STATE_AUTH_LOCK;
     if (!grab_pointer_and_keyboard(conn, screen, cursor, 1000)) {
-- 
2.32.0