From 93ca945acb85760ce3661debf5badb570ffe0454 Mon Sep 17 00:00:00 2001
From: runge <runge>
Date: Tue, 4 Jul 2006 23:04:30 +0000
Subject: [PATCH] x11vnc: plug a couple unixpw gaps.

---
 x11vnc/README     |  2 +-
 x11vnc/keyboard.c | 16 ++++++++++++--
 x11vnc/unixpw.c   | 55 +++++++++++++++++++++++++++++++++--------------
 x11vnc/unixpw.h   |  1 +
 4 files changed, 55 insertions(+), 19 deletions(-)

diff --git a/x11vnc/README b/x11vnc/README
index baaa6d3..aebfc9e 100644
--- a/x11vnc/README
+++ b/x11vnc/README
@@ -1,5 +1,5 @@
 
-x11vnc README file                         Date: Tue Jul  4 14:26:15 EDT 2006
+x11vnc README file                         Date: Tue Jul  4 18:26:52 EDT 2006
 
 The following information is taken from these URLs:
 
diff --git a/x11vnc/keyboard.c b/x11vnc/keyboard.c
index d056d05..a8760d1 100644
--- a/x11vnc/keyboard.c
+++ b/x11vnc/keyboard.c
@@ -2627,13 +2627,25 @@ void keyboard(rfbBool down, rfbKeySym keysym, rfbClientPtr client) {
 		char *str;
 		X_LOCK;
 		str = XKeysymToString(keysym);
-		rfbLog("# keyboard(%s, 0x%x \"%s\")  %.4f\n", down ? "down":"up",
-		    (int) keysym, str ? str : "null", tnow - x11vnc_start);
 		X_UNLOCK;
+		rfbLog("# keyboard(%s, 0x%x \"%s\") uip=%d  %.4f\n",
+		    down ? "down":"up", (int) keysym, str ? str : "null",
+		    unixpw_in_progress, tnow - x11vnc_start);
+	}
+
+	if (keysym <= 0) {
+		rfbLog("keyboard: skipping 0x0 keysym\n");
+		return;
 	}
 	
 	if (unixpw && unixpw_in_progress) {
+		if (unixpw_denied) {
+			rfbLog("keyboard: ignoring keystroke 0x%x in "
+			    "unixpw_denied=1 state\n", (int) keysym);
+			return;
+		}
 		if (client != unixpw_client) {
+			rfbLog("keyboard: skipping other client in unixpw\n");
 			return;
 		}
 		unixpw_keystroke(down, keysym, 0);
diff --git a/x11vnc/unixpw.c b/x11vnc/unixpw.c
index 6e3da94..5606156 100644
--- a/x11vnc/unixpw.c
+++ b/x11vnc/unixpw.c
@@ -71,6 +71,7 @@ static void set_db(void);
 static void unixpw_verify(char *user, char *pass);
 
 int unixpw_in_progress = 0;
+int unixpw_denied = 0;
 int unixpw_in_rfbPE = 0;
 int unixpw_login_viewonly = 0;
 time_t unixpw_last_try_time = 0;
@@ -929,6 +930,7 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
 	static char user[100], pass[100];
 	static int  u_cnt = 0, p_cnt = 0, first = 1;
 	char keystr[100];
+	char *str;
 
 	if (first) {
 		set_db();
@@ -938,6 +940,7 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
 	if (init) {
 		in_login = 1;
 		in_passwd = 0;
+		unixpw_denied = 0;
 		if (init == 1) {
 			tries = 0;
 		}
@@ -963,9 +966,22 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
 		return;
 	}
 
+	if (unixpw_denied) {
+		rfbLog("unixpw_keystroke: unixpw_denied state: 0x%x\n", (int) keysym);
+		return;
+	}
+	if (keysym <= 0) {
+		rfbLog("unixpw_keystroke: bad keysym1: 0x%x\n", (int) keysym);
+		return;
+	}
 	X_LOCK;
-	sprintf(keystr, "%s", XKeysymToString(keysym));
+	str = XKeysymToString(keysym);
 	X_UNLOCK;
+	if (! str) {
+		rfbLog("unixpw_keystroke: bad keysym2: 0x%x\n", (int) keysym);
+		return;
+	}
+	snprintf(keystr, 100, "%s", str);
 
 	if (db > 2) {
 		fprintf(stderr, "%s / %s  0x%x %s\n", in_login ? "login":"pass ",
@@ -1247,27 +1263,34 @@ void unixpw_deny(void) {
 	int x, y, i;
 	char pd[] = "Permission denied.";
 
-	char_row += 2;
-	char_col = 0;
-	x = char_x + char_col * char_w;
-	y = char_y + char_row * char_h;
+	rfbLog("unixpw_deny: %d, %d\n", unixpw_denied, unixpw_in_progress);
+	if (! unixpw_denied) {
+		unixpw_denied = 1;
 
-	rfbDrawString(screen, &default8x16Font, x, y, pd, white());
-	if (scaling) {
-		mark_rect_as_modified(0, 0, dpy_x, dpy_y, 1);
-	} else {
-		mark_rect_as_modified(0, 0, dpy_x, dpy_y, 0);
+		char_row += 2;
+		char_col = 0;
+		x = char_x + char_col * char_w;
+		y = char_y + char_row * char_h;
+
+		rfbDrawString(screen, &default8x16Font, x, y, pd, white());
+		if (scaling) {
+			mark_rect_as_modified(0, 0, dpy_x, dpy_y, 1);
+		} else {
+			mark_rect_as_modified(0, 0, dpy_x, dpy_y, 0);
+		}
+
+		for (i=0; i<5; i++) {
+			rfbPE(-1);
+			usleep(500 * 1000);
+		}
 	}
 
-	for (i=0; i<5; i++) {
+	if (unixpw_client) {
+		rfbCloseClient(unixpw_client);
+		rfbClientConnectionGone(unixpw_client);
 		rfbPE(-1);
-		usleep(500 * 1000);
 	}
 
-	rfbCloseClient(unixpw_client);
-	rfbClientConnectionGone(unixpw_client);
-	rfbPE(-1);
-
 	unixpw_in_progress = 0;
 	unixpw_client = NULL;
 	copy_screen();
diff --git a/x11vnc/unixpw.h b/x11vnc/unixpw.h
index 277c41a..2283145 100644
--- a/x11vnc/unixpw.h
+++ b/x11vnc/unixpw.h
@@ -12,6 +12,7 @@ extern int su_verify(char *user, char *pass, char *cmd, char *rbuf, int *rbuf_si
 extern int crypt_verify(char *user, char *pass);
 
 extern int unixpw_in_progress;
+extern int unixpw_denied;
 extern int unixpw_in_rfbPE;
 extern int unixpw_login_viewonly;
 extern time_t unixpw_last_try_time;