[gnome-screensaver] Ensure keyboard grab and unlock dialog exist after monitor removal

[Ray Strode <halfline src gnome org>]

commit a5f66339be6719c2b8fc478a1d5fc6545297d950
Author: Ray Strode <rstrode redhat com>
Date:   Mon Feb 8 10:25:10 2010 -0500

    Ensure keyboard grab and unlock dialog exist after monitor removal
    
    gnome-screensaver currently doesn't deal with monitors getting
    removed properly.  If the unlock dialog is on the removed monitor
    then the unlock dialog and its associated keyboard grab are not
    moved to an existing monitor when the monitor removal is processed.
    
    This means that users can gain access to the locked system by placing
    the mouse pointer on an external monitor and then disconnect the
    external monitor.
    
    CVE-2010-0414
    https://bugzilla.gnome.org/show_bug.cgi?id=609337

 src/gs-manager.c    |   13 +++++++++++++
 src/gs-window-x11.c |   17 +++++++++++++++++
 2 files changed, 30 insertions(+), 0 deletions(-)
---
diff --git a/src/gs-manager.c b/src/gs-manager.c
index 1609f83..a8a2262 100644
--- a/src/gs-manager.c
+++ b/src/gs-manager.c
@@ -1495,6 +1495,9 @@ on_screen_monitors_changed (GdkScreen *screen,
                         gs_manager_create_window_for_monitor (manager, screen, i);
                 }
         } else {
+
+                gdk_x11_grab_server ();
+
                 /* remove the extra windows */
                 l = manager->priv->windows;
                 while (l != NULL) {
@@ -1512,6 +1515,16 @@ on_screen_monitors_changed (GdkScreen *screen,
                         }
                         l = next;
                 }
+
+                /* make sure there is a lock dialog on a connected monitor,
+                 * and that the keyboard is still properly grabbed after all
+                 * the windows above got destroyed*/
+                if (n_windows > n_monitors) {
+                        gs_manager_request_unlock (manager);
+                }
+
+                gdk_flush ();
+                gdk_x11_ungrab_server ();
         }
 }
 
diff --git a/src/gs-window-x11.c b/src/gs-window-x11.c
index 64428e3..cea5e77 100644
--- a/src/gs-window-x11.c
+++ b/src/gs-window-x11.c
@@ -45,6 +45,8 @@ static void gs_window_init       (GSWindow      *window);
 static void gs_window_finalize   (GObject       *object);
 
 static gboolean popup_dialog_idle (GSWindow *window);
+static void gs_window_dialog_finish (GSWindow *window);
+static void remove_command_watches (GSWindow *window);
 
 enum {
         DIALOG_RESPONSE_CANCEL,
@@ -1021,6 +1023,21 @@ gs_window_destroy (GSWindow *window)
 {
         g_return_if_fail (GS_IS_WINDOW (window));
 
+        if (window->priv->lock_pid > 0) {
+                gs_window_dialog_finish (window);
+        }
+
+        remove_popup_dialog_idle (window);
+        remove_command_watches (window);
+        remove_watchdog_timer (window);
+
+        if (window->priv->lock_box != NULL) {
+                gtk_container_remove (GTK_CONTAINER (window->priv->vbox), GTK_WIDGET (window->priv->lock_box));
+                window->priv->lock_box = NULL;
+
+                g_signal_emit (window, signals [DIALOG_DOWN], 0);
+        }
+
         gtk_widget_destroy (GTK_WIDGET (window));
 }