Using our own pam file now, so we do not get faillock lockouts.

[auto] go fmt applied to staged files

Author: Tuxx

Makefile

@@ -8,14 +8,15 @@ INSTALL_PATH := /usr/local/bin
 GIT_COMMIT := $(shell git rev-parse --short HEAD)
 BUILD_DATE := $(shell date -u +%Y-%m-%dT%H:%M:%SZ)
 VERSION := $(shell git describe --tags --always --dirty)
+TAG_VERSION := $(shell git describe --tags --abbrev=0 | sed 's/^v//')
 
 # ldflags for embedding version info
 LDFLAGS := -ldflags="-s -w \
   -X github.com/tuxx/fancylock/internal.Version=$(VERSION) \
   -X github.com/tuxx/fancylock/internal.Commit=$(GIT_COMMIT) \
   -X github.com/tuxx/fancylock/internal.BuildDate=$(BUILD_DATE)"
 
-.PHONY: all clean native package install check-go $(ARCHES)
+.PHONY: all clean native install check-go $(ARCHES) package aur
 
 all: check-go $(ARCHES)
 
@@ -26,46 +27,34 @@ $(DIST):
 	mkdir -p $(DIST)
 
 check-go:
-	@command -v go >/dev/null 2>&1 || { echo >&2 "Go is not installed. Please install Go before continuing."; exit 1; }
+	@command -v go >/dev/null 2>&1 || { echo >&2 "Go is not installed."; exit 1; }
 
 $(ARCHES): | $(BIN)
-	GOOS=linux GOARCH=$@ CGO_ENABLED=1 go build $(LDFLAGS) -o $(BIN)/$(APP)-linux-$@ main.go
+	GOOS=linux GOARCH=$@ CGO_ENABLED=1 go build $(LDFLAGS) -o "$(BIN)/$(APP)-linux-$@" main.go
 
 native: check-go | $(BIN)
-	CGO_ENABLED=1 go build $(LDFLAGS) -o $(BIN)/$(APP)-native main.go
+	CGO_ENABLED=1 go build $(LDFLAGS) -o "$(BIN)/$(APP)-native" main.go
 
-package: | $(DIST)
+package: all | $(DIST)
 	@for arch in $(ARCHES); do \
-		if [ -f $(BIN)/$(APP)-linux-$$arch ]; then \
-			tar -czvf $(DIST)/$(APP)-linux-$$arch.tar.gz -C $(BIN) $(APP)-linux-$$arch; \
-		fi \
+		[ -f "$(BIN)/$(APP)-linux-$$arch" ] && \
+		tar -czvf "$(DIST)/$(APP)-linux-$$arch.tar.gz" -C "$(BIN)" "$(APP)-linux-$$arch"; \
 	done
-	@if [ -f $(BIN)/$(APP)-native ]; then \
-		tar -czvf $(DIST)/$(APP)-native.tar.gz -C $(BIN) $(APP)-native; \
+	@if [ -f "$(BIN)/$(APP)-native" ]; then \
+		tar -czvf "$(DIST)/$(APP)-native.tar.gz" -C "$(BIN)" "$(APP)-native"; \
 	fi
+	cp "$(BIN)/$(APP)-linux-amd64" "$(DIST)/"
+	tar -C "$(DIST)" -czf "$(DIST)/$(APP)-linux-amd64.tar.gz" "$(APP)-linux-amd64"
 
 install: native
-	@install -Dm755 $(BIN)/$(APP)-native $(INSTALL_PATH)/$(APP)
+	@install -Dm755 "$(BIN)/$(APP)-native" "$(INSTALL_PATH)/$(APP)"
 	@echo "Installed $(APP)-native to $(INSTALL_PATH)/$(APP)"
-
-clean:
-	rm -rf $(BIN) $(DIST)
-
-BINARY=fancylock-linux-amd64
-DIST_DIR=dist
-TAG_VERSION=$(shell git describe --tags --abbrev=0 | sed 's/^v//')
-
-amd64:
-	mkdir -p bin
-	GOARCH=amd64 GOOS=linux go build -o bin/$(BINARY) -ldflags="-X 'github.com/tuxx/fancylock/internal.Version=$(TAG_VERSION)'"
-
-package: amd64
-	mkdir -p $(DIST_DIR)
-	cp bin/$(BINARY) $(DIST_DIR)/
-	tar -C $(DIST_DIR) -czf $(DIST_DIR)/$(BINARY).tar.gz $(BINARY)
+	@install -Dm644 "pam.d/fancylock" "/etc/pam.d/fancylock"
 
 aur: package
 	mkdir -p packages/aur/fancylock-bin
 	sed "s/@VERSION@/$(TAG_VERSION)/g" packages/aur/fancylock-bin/PKGBUILD.template > packages/aur/fancylock-bin/PKGBUILD
 	sed "s/@VERSION@/$(TAG_VERSION)/g" packages/aur/fancylock-bin/.SRCINFO.template > packages/aur/fancylock-bin/.SRCINFO
 
+clean:
+	rm -rf $(BIN) $(DIST)

README.md

@@ -34,6 +34,9 @@ tar -xzvf fancylock.tar.gz
 # Make it executable
 chmod +x fancylock-linux-amd64
 
+# Add a pam.d file for fancylock:
+sudo curl -L -o /etc/pam.d/fancylock https://raw.githubusercontent.com/tuxx/fancylock/refs/heads/master/pam.d/fancylock
+
 # Optional: install system-wide
 sudo mv fancylock-linux-amd64 /usr/local/bin/fancylock
 
@@ -46,7 +49,7 @@ cat > ~/.config/fancylock/config.json << 'EOF'
   "media_dir": "$HOME/Videos",
   "lock_screen": false,
   "supported_extensions": [".mp4", ".mkv", ".mov", ".avi", ".webm"],
-  "pam_service": "system-auth",
+  "pam_service": "fancylock",
   "include_images": true,
   "image_display_time": 30,
   "background_color": "#000000",
@@ -181,7 +184,7 @@ fancylock -c /path/to/config.json
   "media_dir": "/home/user/Videos",
   "lock_screen": false,
   "supported_extensions": [".mp4", ".mkv", ".mov", ".avi", ".webm"],
-  "pam_service": "system-auth",
+  "pam_service": "fancylock",
   "include_images": true,
   "image_display_time": 30,
   "background_color": "#000000",

internal/config.go

@@ -14,12 +14,18 @@ func DefaultConfig() Configuration {
 		homeDir = "/tmp"
 	}
 
+	pamPath := "/etc/pam.d/fancylock"
+	PamService := "system-auth"
+	if _, err := os.Stat(pamPath); err == nil {
+		PamService = "fancylock"
+	}
+
 	return Configuration{
 		MediaDir:         filepath.Join(homeDir, "Videos"),
 		LockScreen:       false,
 		SupportedExt:     []string{".mov", ".mkv", ".mp4", ".avi", ".webm"},
 		IdleTimeout:      300, // 5 minutes
-		PamService:       "system-auth",
+		PamService:       PamService,
 		IncludeImages:    true,
 		ImageDisplayTime: 30,
 		BackgroundColor:  "#000000",

internal/lock.go

@@ -6,6 +6,7 @@ import (
 	"os"
 	"os/exec"
 	"os/user"
+	"strings"
 	"syscall"
 
 	"github.com/msteinert/pam"
@@ -20,14 +21,8 @@ func NewPamAuthenticator(config Configuration) *PamAuthenticator {
 		username = currentUser.Username
 	}
 
-	// Use default PAM service from config
-	serviceName := config.PamService
-	if serviceName == "" {
-		serviceName = "system-auth"
-	}
-
 	return &PamAuthenticator{
-		serviceName: serviceName,
+		serviceName: config.PamService,
 		username:    username,
 	}
 }
@@ -92,52 +87,40 @@ func (a *PamAuthenticator) Authenticate(password string) AuthResult {
 	}
 }
 
-// LockHelper provides common functionality for screen lockers
 type LockHelper struct {
-	config        Configuration
 	authenticator *PamAuthenticator
+	config        Configuration
 }
 
-// NewLockHelper creates a new lock helper
+// NewLockHelper creates a new helper instance with the given configuration
 func NewLockHelper(config Configuration) *LockHelper {
+	auth := &PamAuthenticator{
+		serviceName: config.PamService,
+		username:    os.Getenv("USER"),
+	}
+
 	return &LockHelper{
+		authenticator: auth,
 		config:        config,
-		authenticator: NewPamAuthenticator(config),
 	}
 }
 
-// RunPreLockCommand executes the configured pre-lock command
+// RunPreLockCommand runs the configured pre-lock command (if any)
 func (h *LockHelper) RunPreLockCommand() error {
 	if h.config.PreLockCommand == "" {
-		return nil // No command to run
-	}
-
-	Info("Running pre-lock command: %s", h.config.PreLockCommand)
-	output, err := h.RunCommand("sh", "-c", h.config.PreLockCommand)
-	if err != nil {
-		Error("Pre-lock command failed: %v - %s", err, output)
-		return fmt.Errorf("pre-lock command failed: %v", err)
+		return nil
 	}
-
-	Debug("Pre-lock command output: %s", output)
-	return nil
+	Debug("Running pre-lock command: %s", h.config.PreLockCommand)
+	return runShellCommand(h.config.PreLockCommand)
 }
 
-// RunPostLockCommand executes the configured post-lock command
+// RunPostLockCommand runs the configured post-lock command (if any)
 func (h *LockHelper) RunPostLockCommand() error {
 	if h.config.PostLockCommand == "" {
-		return nil // No command to run
-	}
-
-	Info("Running post-lock command: %s", h.config.PostLockCommand)
-	output, err := h.RunCommand("sh", "-c", h.config.PostLockCommand)
-	if err != nil {
-		Error("Post-lock command failed: %v - %s", err, output)
-		return fmt.Errorf("post-lock command failed: %v", err)
+		return nil
 	}
-
-	Debug("Post-lock command output: %s", output)
-	return nil
+	Debug("Running post-lock command: %s", h.config.PostLockCommand)
+	return runShellCommand(h.config.PostLockCommand)
 }
 
 // CheckUserPermissions verifies that the user has the necessary permissions
@@ -278,3 +261,8 @@ func (p *SecurePassword) Length() int {
 	defer p.mu.Unlock()
 	return len(p.data)
 }
+
+// runShellCommand executes a shell command string
+func runShellCommand(cmd string) error {
+	return exec.Command("sh", "-c", strings.TrimSpace(cmd)).Run()
+}

packages/aur/fancylock-bin/PKGBUILD.template

@@ -13,4 +13,17 @@ sha256sums=('SKIP')
 
 package() {
   install -Dm755 fancylock-linux-amd64 "$pkgdir/usr/bin/fancylock"
+  if [ ! -f /etc/pam.d/fancylock ]; then
+  install -d "$pkgdir/etc/pam.d"
+    cat > "$pkgdir/etc/pam.d/fancylock" <<EOF
+#%PAM-1.0
+# /etc/pam.d/fancylock - PAM configuration for fancylock screen locker
+auth       required   pam_env.so
+auth       required   pam_unix.so try_first_pass
+account    required   pam_nologin.so
+account    required   pam_unix.so
+session    required   pam_limits.so
+session    required   pam_unix.so
+EOF
+  fi
 }