diff --git a/CREDITS b/CREDITS index 3539addc3..c59babe74 100644 --- a/CREDITS +++ b/CREDITS @@ -51,6 +51,7 @@ Thomas Neumann - Shadow passwords Tom Bertelson's - AIX auth fixes Tor-Ake Fransson - AIX support Tudor Bosman - MD5 password support +Zack Weinberg - GNOME askpass enhancement Apologies to anyone I have missed. diff --git a/ChangeLog b/ChangeLog index 997aa31d0..46a444280 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20000606 - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III + - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg + - (djm) OpenBSD CVS updates: - todd@cvs.openbsd.org [sshconnect2.c] diff --git a/contrib/gnome-ssh-askpass.c b/contrib/gnome-ssh-askpass.c index fd537e676..5b6f65e88 100644 --- a/contrib/gnome-ssh-askpass.c +++ b/contrib/gnome-ssh-askpass.c @@ -49,7 +49,22 @@ #include #include -int passphrase_dialog(char **passphrase_p, char *message) +void +report_failed_grab (void) +{ + GtkWidget *err; + + err = gnome_message_box_new("Could not grab keyboard or mouse.\n" + "A malicious client may be eavesdropping on your session.", + GNOME_MESSAGE_BOX_ERROR, "EXIT", NULL); + gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER); + gtk_object_set(GTK_OBJECT(err), "type", GTK_WINDOW_POPUP, NULL); + + gnome_dialog_run_and_close(GNOME_DIALOG(err)); +} + +void +passphrase_dialog(char *message) { char *passphrase; int result; @@ -80,41 +95,51 @@ int passphrase_dialog(char **passphrase_p, char *message) /* Grab focus */ XGrabServer(GDK_DISPLAY()); - gdk_pointer_grab(dialog->window, TRUE, 0, NULL, NULL, GDK_CURRENT_TIME); - gdk_keyboard_grab(dialog->window, FALSE, GDK_CURRENT_TIME); + if (gdk_pointer_grab(dialog->window, TRUE, 0, + NULL, NULL, GDK_CURRENT_TIME)) + goto nograb; + if (gdk_keyboard_grab(dialog->window, FALSE, GDK_CURRENT_TIME)) + goto nograbkb; /* Make close dialog */ gnome_dialog_editable_enters(GNOME_DIALOG(dialog), GTK_EDITABLE(entry)); /* Run dialog */ result = gnome_dialog_run(GNOME_DIALOG(dialog)); - + /* Ungrab */ XUngrabServer(GDK_DISPLAY()); gdk_pointer_ungrab(GDK_CURRENT_TIME); gdk_keyboard_ungrab(GDK_CURRENT_TIME); gdk_flush(); + /* Report passphrase if user selected OK */ passphrase = gtk_entry_get_text(GTK_ENTRY(entry)); - - /* Take copy of passphrase if user selected OK */ - if (result == 0) - *passphrase_p = strdup(passphrase); - else - *passphrase_p = NULL; + if (result == 0) + puts(passphrase); - /* Zero existing passphrase */ + /* Zero passphrase in memory */ memset(passphrase, '\0', strlen(passphrase)); gtk_entry_set_text(GTK_ENTRY(entry), passphrase); gnome_dialog_close(GNOME_DIALOG(dialog)); + return; - return (result == 0); + /* At least one grab failed - ungrab what we got, and report + the failure to the user. Note that XGrabServer() cannot + fail. */ + nograbkb: + gdk_pointer_ungrab(GDK_CURRENT_TIME); + nograb: + XUngrabServer(GDK_DISPLAY()); + gnome_dialog_close(GNOME_DIALOG(dialog)); + + report_failed_grab(); } -int main(int argc, char **argv) +int +main(int argc, char **argv) { - char *passphrase; char *message; gnome_init("GNOME ssh-askpass", "0.1", argc, argv); @@ -124,11 +149,7 @@ int main(int argc, char **argv) else message = "Enter your OpenSSH passphrase:"; - if (passphrase_dialog(&passphrase, message)) - { - puts(passphrase); - memset(passphrase, '\0', strlen(passphrase)); - } - + setvbuf(stdout, 0, _IONBF, 0); + passphrase_dialog(message); return 0; }