Page MenuHome GnuPG

pinentry-gtk-2's --no-global-grab does not work as advertised
Open, NormalPublic

Description

The description says "Grab keyboard only while window is focused", but the keyboard is
not grabbed at all.

grab_keyboard returns early if ! pinentry->grab, but merely dropping that does not yield
the expected behavior either, since the grab is not released on focus-out because the
event handler is not called. Running with GDK_DEBUG=events suggests that a different
focus-out event is generated while the keyboard is grabbed.

Details

Version
master

Event Timeline

justus set Version to master.
justus added a subscriber: justus.

I have not looked at this since I did some work on the pinentries, but if noone fixed this then yes, it is still an issue. Indeed, I just quickly read over the source:

    ARGPARSE_s_n('g', "no-global-grab",
                 "Grab keyboard only while window is focused"),
[...]
        case 'g':
          pinentry.grab = 0;
          break;
[...]
/* Grab the keyboard for maximum security */
static int
grab_keyboard (GtkWidget *win, GdkEvent *event, gpointer data)
{
  GdkGrabStatus err;
  int tries = 0, max_tries = 4096;
  (void)data;

  if (! pinentry->grab)
    return FALSE;
werner lowered the priority of this task from Unbreak Now! to Normal.May 19 2017, 10:39 AM

Confirmed that the support of --no-global-grab doesn't work well.

For GTK+, I found several issues in the current implementation.
(0) Semantics is not clear (at least, for me). a) Window focus also relates to the management by window manager. b) Window focus means keyboard input goes to the window (even if pointer is outside), "keyboard grab" for focused window means what?
(1) To receive "focus-in-event"/"focus-out-event", we need to add GDK_FOCUS_CHANGE_MASK: so, those events are now not received.
(2) gdk_keyboard_grab/gdk_pointer_grab API is deprecated. New API was suggested for GDK3: gdk_device_grab

I think that --no-global-grab for pinentry-gtk-2 is a kind of debug aid only.

In this situation, I'd like to keep current implementation as-is, and let it done correctly in pinentry-gtk-3 or pinentry-gtk-4.