From kde-commits Sat Oct 17 14:59:44 2009 From: Oswald Buddenhagen Date: Sat, 17 Oct 2009 14:59:44 +0000 To: kde-commits Subject: KDE/kdebase/workspace/kdm Message-Id: <1255791584.699544.16489.nullmailer () svn ! kde ! org> X-MARC-Message: https://marc.info/?l=kde-commits&m=125579159632621 SVN commit 1036653 by ossi: make input grabbing optional it doesn't add any real security on most systems anyway, but it breaks input aids running in separate x clients. FEATURE: 164210 M +4 -0 ChangeLog M +22 -0 config.def M +5 -0 kfrontend/kdmconfig.cpp M +2 -0 kfrontend/kdmconfig.h M +14 -6 kfrontend/kfdialog.cpp M +24 -20 kfrontend/kgapp.cpp --- trunk/KDE/kdebase/workspace/kdm/ChangeLog #1036652:1036653 @@ -2,6 +2,10 @@ startup and packaging. Bug fixes are not listed, and feature changes only if they affect the configuration. +2009-10-17 Oswald Buddenhagen + + * Made input grabbing optional. Option GrabInput. + 2008-11-23 Oswald Buddenhagen * Added setting of PAM_XDISPLAY and PAM_XAUTHDATA PAM items. --- trunk/KDE/kdebase/workspace/kdm/config.def #1036652:1036653 @@ -2431,6 +2431,28 @@ kdesktoprc does. Its options are not described herein; guess their meanings or use the control center. +Key: GrabInput +Type: enum + Never/GRAB_NEVER: never grab + IfNoAuth/GRAB_IFNOAUTH: grab if the display requires no X authorization + Always/GRAB_ALWAYS: always grab +Default: IfNoAuth +User: greeter-c(grabInputPre) +Instance: #*/Always +Comment: + Whether to grab keyboard and mouse while the greeter is visible. Grabs + may improve security, but make on-screen keyboards, etc. unusable. +Description: + To improve security, the greeter may grab mouse and keyboard input so + no other X clients can eavesdrop it. However, the X authorization + mechanism will usually prevent malicious X clients from connecting + in the first place. Consequently, enabling grabs for local displays + is pointless and only marginally improves security for remote displays. + + The mouse grab will make on-screen keyboards unusable. + + + Key: GrabServer Type: bool Default: false --- trunk/KDE/kdebase/workspace/kdm/kfrontend/kdmconfig.cpp #1036652:1036653 @@ -44,6 +44,7 @@ bool _isLocal; bool _isReserve; bool _authorized; +int _grabInput; static QString getCfgQStr( int id ) @@ -87,6 +88,10 @@ _isReserve = _isLocal && getCfgInt( C_isReserve ); _hasConsole = _hasConsole && _isLocal && getCfgInt( C_hasConsole ); _authorized = getCfgInt( C_isAuthorized ); + _grabInput = + (_grabInputPre == GRAB_NEVER) ? 0 : + (_grabInputPre == GRAB_ALWAYS) ? 1 : + !_authorized; _stsFile = _dataDir + "/kdmsts"; --- trunk/KDE/kdebase/workspace/kdm/kfrontend/kdmconfig.h #1036652:1036653 @@ -49,6 +49,8 @@ #endif void initConfig( void ); +extern int _grabInput; + CONF_GREET_C_DECLS #endif /* KDMCONFIG_H */ --- trunk/KDE/kdebase/workspace/kdm/kfrontend/kfdialog.cpp #1036652:1036653 @@ -140,19 +140,27 @@ static QWidget *current; adjustGeometry(); - if (!current) + if (_grabInput && !current) secureInputs( QX11Info::display() ); show(); qApp->processEvents(); - fakeFocusIn( winId() ); + if (_grabInput) + fakeFocusIn( winId() ); + else + activateWindow(); QWidget *previous = current; current = this; inherited::exec(); current = previous; - if (current) - fakeFocusIn( current->winId() ); - else - unsecureInputs( QX11Info::display() ); + if (current) { + if (_grabInput) + fakeFocusIn( current->winId() ); + else + current->activateWindow(); + } else { + if (_grabInput) + unsecureInputs( QX11Info::display() ); + } return result(); } --- trunk/KDE/kdebase/workspace/kdm/kfrontend/kgapp.cpp #1036652:1036653 @@ -121,27 +121,31 @@ { KeySym sym; + if (_grabInput) { + switch (ev->type) { + case FocusIn: + case FocusOut: + if (ev->xfocus.mode == NotifyUngrab) { + if (!regrabKbd) { + secureKeyboard( QX11Info::display() ); + regrabKbd = true; + } + } else + regrabKbd = false; + return false; + case EnterNotify: + case LeaveNotify: + if (ev->xcrossing.mode == NotifyUngrab) { + if (!regrabPtr) { + securePointer( QX11Info::display() ); + regrabPtr = true; + } + } else + regrabPtr = false; + return false; + } + } switch (ev->type) { - case FocusIn: - case FocusOut: - if (ev->xfocus.mode == NotifyUngrab) { - if (!regrabKbd) { - secureKeyboard( QX11Info::display() ); - regrabKbd = true; - } - } else - regrabKbd = false; - break; - case EnterNotify: - case LeaveNotify: - if (ev->xcrossing.mode == NotifyUngrab) { - if (!regrabPtr) { - securePointer( QX11Info::display() ); - regrabPtr = true; - } - } else - regrabPtr = false; - break; case KeyPress: sym = XLookupKeysym( &ev->xkey, 0 ); if (sym != XK_Return && !IsModifierKey( sym ))