2 * Copyright (c) 2000-2002 Damien Miller. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 /* GTK2 support by Nalin Dahyabhai <nalin@redhat.com> */
28 * This is a simple GNOME SSH passphrase grabber. To use it, set the
29 * environment variable SSH_ASKPASS to point to the location of
30 * gnome-ssh-askpass before calling "ssh-add < /dev/null".
32 * There is only two run-time options: if you set the environment variable
33 * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
34 * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
35 * pointer will be grabbed too. These may have some benefit to security if
36 * you don't trust your X server. We grab the keyboard always.
42 * cc `pkg-config --cflags gtk+-2.0` \
43 * gnome-ssh-askpass2.c -o gnome-ssh-askpass \
44 * `pkg-config --libs gtk+-2.0`
56 report_failed_grab (const char *what)
60 err = gtk_message_dialog_new(NULL, 0,
64 "A malicious client may be eavesdropping "
65 "on your session.", what);
66 gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
67 gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(err))->label),
70 gtk_dialog_run(GTK_DIALOG(err));
72 gtk_widget_destroy(err);
76 ok_dialog(GtkWidget *entry, gpointer dialog)
78 g_return_if_fail(GTK_IS_DIALOG(dialog));
79 gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
83 passphrase_dialog(char *message)
86 char *passphrase, *local;
88 int result, i, grab_server, grab_pointer;
89 GtkWidget *dialog, *entry, *label;
92 grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
93 grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
95 dialog = gtk_message_dialog_new(NULL, 0,
97 GTK_BUTTONS_OK_CANCEL,
101 entry = gtk_entry_new();
102 gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE,
104 gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
105 gtk_widget_grab_focus(entry);
106 gtk_widget_show(entry);
108 gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");
109 gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
110 gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(dialog))->label),
113 /* Make <enter> close dialog */
114 gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
115 g_signal_connect(G_OBJECT(entry), "activate",
116 G_CALLBACK(ok_dialog), dialog);
119 gtk_widget_show_now(dialog);
121 gdk_x11_grab_server();
124 status = gdk_pointer_grab((GTK_WIDGET(dialog))->window, TRUE,
125 0, NULL, NULL, GDK_CURRENT_TIME);
126 if (status != GDK_GRAB_SUCCESS) {
131 status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window, FALSE,
133 if (status != GDK_GRAB_SUCCESS) {
137 result = gtk_dialog_run(GTK_DIALOG(dialog));
141 XUngrabServer(GDK_DISPLAY());
143 gdk_pointer_ungrab(GDK_CURRENT_TIME);
144 gdk_keyboard_ungrab(GDK_CURRENT_TIME);
147 /* Report passphrase if user selected OK */
148 passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
149 if (result == GTK_RESPONSE_OK) {
150 local = g_locale_from_utf8(passphrase, strlen(passphrase),
154 memset(local, '\0', strlen(local));
161 /* Zero passphrase in memory */
162 memset(passphrase, '\b', strlen(passphrase));
163 gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
164 memset(passphrase, '\0', strlen(passphrase));
167 gtk_widget_destroy(dialog);
168 return (result == GTK_RESPONSE_OK ? 0 : -1);
170 /* At least one grab failed - ungrab what we got, and report
171 the failure to the user. Note that XGrabServer() cannot
174 gdk_pointer_ungrab(GDK_CURRENT_TIME);
177 XUngrabServer(GDK_DISPLAY());
178 gtk_widget_destroy(dialog);
180 report_failed_grab(failed);
186 main(int argc, char **argv)
191 gtk_init(&argc, &argv);
194 message = g_strjoinv(" ", argv + 1);
196 message = g_strdup("Enter your OpenSSH passphrase:");
199 setvbuf(stdout, 0, _IONBF, 0);
200 result = passphrase_dialog(message);