author | rohinis |
Tue, 29 Nov 2011 17:32:55 +0000 | |
branch | s11express-2010-11 |
changeset 22234 | c23e64da3e06 |
parent 21473 | 8a5e3434934f |
permissions | -rw-r--r-- |
18027 | 1 |
/* |
21473
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
2 |
* Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved. |
18027 | 3 |
* |
4 |
* Permission is hereby granted, free of charge, to any person obtaining a |
|
18039 | 5 |
* copy of this software and associated documentation files (the "Software"), |
6 |
* to deal in the Software without restriction, including without limitation |
|
7 |
* the rights to use, copy, modify, merge, publish, distribute, sublicense, |
|
8 |
* and/or sell copies of the Software, and to permit persons to whom the |
|
9 |
* Software is furnished to do so, subject to the following conditions: |
|
18027 | 10 |
* |
18039 | 11 |
* The above copyright notice and this permission notice (including the next |
12 |
* paragraph) shall be included in all copies or substantial portions of the |
|
13 |
* Software. |
|
18027 | 14 |
* |
18039 | 15 |
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
16 |
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
17 |
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL |
|
18 |
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
19 |
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
|
20 |
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER |
|
21 |
* DEALINGS IN THE SOFTWARE. |
|
18027 | 22 |
*/ |
23 |
||
24 |
Fixes for bugs: |
|
25 |
5015296, P1, gnome/screensaver - xscreensaver doesn't audit |
|
26 |
6417168, P3, gnome/screensaver - xscreensaver loops while trying to unlock a session for a user whose password was expired |
|
21473
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
27 |
7008058, P3, screensaver continues to accept old password for existing sessions after password changed |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
28 |
--- |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
29 |
driver/Makefile.in | 6 +- |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
30 |
driver/passwd-pam.c | 177 ++++++++++++++++++++++++++++++++++++++++++++++++--- |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
31 |
driver/passwd.c | 4 + |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
32 |
3 files changed, 174 insertions(+), 13 deletions(-) |
18027 | 33 |
|
18039 | 34 |
diff --git xscreensaver-5.11/driver/Makefile.in xscreensaver-5.11/driver/Makefile.in |
35 |
--- xscreensaver-5.11/driver/Makefile.in |
|
36 |
+++ xscreensaver-5.11/driver/Makefile.in |
|
21473
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
37 |
@@ -109,8 +109,8 @@ TRUSTED_LIBS = -lglib-2.0 -lsecdb |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
38 |
TRUSTED_SRCS = trusted-utils.c |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
39 |
TRUSTED_OBJS = trusted-utils.o |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
40 |
|
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
41 |
-PWENT_SRCS = passwd-pwent.c |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
42 |
-PWENT_OBJS = passwd-pwent.o |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
43 |
+PWENT_SRCS = # passwd-pwent.c - Not used in Solaris builds |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
44 |
+PWENT_OBJS = # passwd-pwent.o - Not used in Solaris builds |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
45 |
|
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
46 |
KERBEROS_SRCS = passwd-kerberos.c |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
47 |
KERBEROS_OBJS = passwd-kerberos.o |
18027 | 48 |
@@ -217,7 +217,7 @@ PDF2JPEG_LIBS = -framework Cocoa |
49 |
SAVER_LIBS = $(LIBS) $(X_LIBS) $(XMU_LIBS) @SAVER_LIBS@ \ |
|
50 |
$(XDPMS_LIBS) $(XINERAMA_LIBS) $(GL_LIBS) $(X_PRE_LIBS) \ |
|
51 |
-lXt -lX11 -lXext -lXi $(X_EXTRA_LIBS) \ |
|
52 |
- $(PASSWD_LIBS) |
|
53 |
+ -lbsm $(PASSWD_LIBS) |
|
54 |
||
55 |
CMD_LIBS = $(LIBS) $(X_LIBS) \ |
|
56 |
$(X_PRE_LIBS) -lX11 -lXext $(X_EXTRA_LIBS) |
|
18039 | 57 |
diff --git xscreensaver-5.11/driver/passwd-pam.c xscreensaver-5.11/driver/passwd-pam.c |
58 |
--- xscreensaver-5.11/driver/passwd-pam.c |
|
59 |
+++ xscreensaver-5.11/driver/passwd-pam.c |
|
60 |
@@ -47,6 +47,8 @@ |
|
18027 | 61 |
|
18039 | 62 |
#ifdef __sun |
18027 | 63 |
# include <deflt.h> |
64 |
+# include <bsm/adt.h> |
|
65 |
+# include <bsm/adt_event.h> |
|
66 |
#endif |
|
67 |
||
18044 | 68 |
extern char *blurb(void); |
18124 | 69 |
@@ -81,6 +83,9 @@ extern void unblock_sigchld (void); |
18027 | 70 |
#undef countof |
71 |
#define countof(x) (sizeof((x))/sizeof(*(x))) |
|
72 |
||
73 |
+static struct pam_response *reply = 0; /*making it global so we can free it */ |
|
74 |
+static int replies = 0; |
|
75 |
+ |
|
76 |
/* Some time between Red Hat 4.2 and 7.0, the words were transposed |
|
77 |
in the various PAM_x_CRED macro names. Yay! |
|
78 |
*/ |
|
18124 | 79 |
@@ -178,6 +183,124 @@ Bool pam_priv_init (int argc, char **argv, Bool verbose_p); |
18027 | 80 |
*/ |
81 |
static void *suns_pam_implementation_blows = 0; |
|
82 |
||
18039 | 83 |
+#ifdef __sun |
18027 | 84 |
+#include <syslog.h> |
85 |
+#include <bsm/adt.h> |
|
86 |
+#include <bsm/adt_event.h> |
|
87 |
+ |
|
88 |
+static Bool audit_flag_global = True; |
|
89 |
+ |
|
90 |
+/* |
|
91 |
+ * audit_lock - audit entry to screenlock |
|
92 |
+ * |
|
93 |
+ * Entry Process running with appropriate privilege to generate |
|
94 |
+ * audit records and real uid of the user. |
|
95 |
+ * |
|
96 |
+ * Exit ADT_screenlock audit record written. |
|
97 |
+ */ |
|
98 |
+void |
|
99 |
+audit_lock(void) |
|
100 |
+{ |
|
18061 | 101 |
+ adt_session_data_t *ah; /* audit session handle */ |
102 |
+ adt_event_data_t *event; /* audit event handle */ |
|
18027 | 103 |
+ |
18039 | 104 |
+ /* Audit start of screen lock -- equivalent to logout ;-) */ |
105 |
+ if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) |
|
106 |
+ { |
|
107 |
+ syslog(LOG_AUTH | LOG_ALERT, "adt_start_session: %m"); |
|
108 |
+ return; |
|
109 |
+ } |
|
110 |
+ if ((event = adt_alloc_event(ah, ADT_screenlock)) == NULL) |
|
111 |
+ { |
|
18061 | 112 |
+ syslog(LOG_AUTH | LOG_ALERT, "adt_alloc_event(ADT_screenlock): %m"); |
18039 | 113 |
+ } else { |
114 |
+ if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) |
|
18061 | 115 |
+ { |
116 |
+ syslog(LOG_AUTH | LOG_ALERT, "adt_put_event(ADT_screenlock): %m"); |
|
117 |
+ } |
|
18039 | 118 |
+ adt_free_event(event); |
119 |
+ } |
|
120 |
+ (void) adt_end_session(ah); |
|
18027 | 121 |
+} |
122 |
+ |
|
123 |
+/* |
|
124 |
+ * audit_unlock - audit screen unlock |
|
125 |
+ * |
|
126 |
+ * Entry Process running with appropriate privilege to generate |
|
127 |
+ * audit records and real uid of the user. |
|
128 |
+ * pam_status = PAM error code; reason for failure. |
|
129 |
+ * |
|
130 |
+ * Exit ADT_screenunlock audit record written. |
|
131 |
+ */ |
|
132 |
+static void |
|
133 |
+audit_unlock(int pam_status) |
|
134 |
+{ |
|
18061 | 135 |
+ adt_session_data_t *ah; /* audit session handle */ |
136 |
+ adt_event_data_t *event; /* audit event handle */ |
|
18027 | 137 |
+ |
18039 | 138 |
+ if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) |
139 |
+ { |
|
140 |
+ syslog(LOG_AUTH | LOG_ALERT, |
|
18061 | 141 |
+ "adt_start_session(ADT_screenunlock): %m"); |
18039 | 142 |
+ return; |
143 |
+ } |
|
144 |
+ if ((event = adt_alloc_event(ah, ADT_screenunlock)) == NULL) |
|
145 |
+ { |
|
146 |
+ syslog(LOG_AUTH | LOG_ALERT, |
|
18061 | 147 |
+ "adt_alloc_event(ADT_screenunlock): %m"); |
18039 | 148 |
+ } else { |
149 |
+ if (adt_put_event(event, |
|
18061 | 150 |
+ pam_status == PAM_SUCCESS ? ADT_SUCCESS : ADT_FAILURE, |
151 |
+ pam_status == PAM_SUCCESS ? ADT_SUCCESS |
|
152 |
+ : ADT_FAIL_PAM + pam_status) |
|
153 |
+ != 0) |
|
154 |
+ { |
|
155 |
+ syslog(LOG_AUTH | LOG_ALERT, |
|
156 |
+ "adt_put_event(ADT_screenunlock(%s): %m", |
|
157 |
+ pam_strerror(NULL, pam_status)); |
|
158 |
+ } |
|
18039 | 159 |
+ adt_free_event(event); |
160 |
+ } |
|
161 |
+ (void) adt_end_session(ah); |
|
18027 | 162 |
+} |
163 |
+ |
|
164 |
+/* |
|
165 |
+ * audit_passwd - audit password change |
|
166 |
+ * Entry Process running with appropriate privilege to generate |
|
167 |
+ * audit records and real uid of the user. |
|
168 |
+ * pam_status = PAM error code; reason for failure. |
|
169 |
+ * |
|
170 |
+ * Exit ADT_passwd audit record written. |
|
171 |
+ */ |
|
172 |
+static void |
|
173 |
+audit_passwd(int pam_status) |
|
174 |
+{ |
|
18061 | 175 |
+ adt_session_data_t *ah; /* audit session handle */ |
176 |
+ adt_event_data_t *event; /* audit event handle */ |
|
18027 | 177 |
+ |
18039 | 178 |
+ if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) |
179 |
+ { |
|
18061 | 180 |
+ syslog(LOG_AUTH | LOG_ALERT, "adt_start_session(ADT_passwd): %m"); |
18039 | 181 |
+ return; |
182 |
+ } |
|
183 |
+ if ((event = adt_alloc_event(ah, ADT_passwd)) == NULL) |
|
184 |
+ { |
|
18061 | 185 |
+ syslog(LOG_AUTH | LOG_ALERT, "adt_alloc_event(ADT_passwd): %m"); |
18039 | 186 |
+ } else { |
187 |
+ if (adt_put_event(event, |
|
18061 | 188 |
+ pam_status == PAM_SUCCESS ? ADT_SUCCESS : ADT_FAILURE, |
189 |
+ pam_status == PAM_SUCCESS ? ADT_SUCCESS |
|
190 |
+ : ADT_FAIL_PAM + pam_status) |
|
191 |
+ != 0) |
|
192 |
+ { |
|
193 |
+ syslog(LOG_AUTH | LOG_ALERT, "adt_put_event(ADT_passwd(%s): %m", |
|
194 |
+ pam_strerror(NULL, pam_status)); |
|
195 |
+ } |
|
18039 | 196 |
+ adt_free_event(event); |
197 |
+ } |
|
198 |
+ (void) adt_end_session(ah); |
|
18027 | 199 |
+} |
200 |
+#endif /* sun */ |
|
201 |
||
202 |
/** |
|
203 |
* This function is the PAM conversation driver. It conducts a full |
|
18124 | 204 |
@@ -231,6 +354,12 @@ pam_try_unlock(saver_info *si, Bool verbose_p, |
18027 | 205 |
fprintf (stderr, "%s: pam_start (\"%s\", \"%s\", ...) ==> %d (%s)\n", |
206 |
blurb(), service, si->user, |
|
207 |
status, PAM_STRERROR (pamh, status)); |
|
208 |
+ |
|
209 |
+#ifdef __sun |
|
210 |
+ if (audit_flag_global) /* We want one audit lock log per lock */ |
|
211 |
+ audit_lock (); |
|
212 |
+#endif /**sun*/ |
|
213 |
+ |
|
214 |
if (status != PAM_SUCCESS) goto DONE; |
|
215 |
||
18124 | 216 |
#ifdef __sun |
21473
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
217 |
@@ -307,22 +436,27 @@ pam_try_unlock(saver_info *si, Bool verbose_p, |
18027 | 218 |
# endif /* HAVE_SIGTIMEDWAIT */ |
219 |
unblock_sigchld(); |
|
220 |
||
18039 | 221 |
+#ifdef __sun |
18027 | 222 |
+ audit_unlock(pam_auth_status); |
18039 | 223 |
+ if (pam_auth_status == PAM_SUCCESS) |
224 |
+ audit_flag_global = True; |
|
225 |
+ else |
|
226 |
+ audit_flag_global = False; |
|
18027 | 227 |
+#endif /*sun*/ |
228 |
+ |
|
18061 | 229 |
#ifdef HAVE_XSCREENSAVER_LOCK |
230 |
/* Send status message to unlock dialog */ |
|
18027 | 231 |
if (pam_auth_status == PAM_SUCCESS) |
21473
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
232 |
{ |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
233 |
- write_to_child (si, "ul_ok", PAM_STRERROR (pamh, pam_auth_status)); |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
234 |
if (verbose_p) |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
235 |
- sleep (1); |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
236 |
+ write_to_child (si, "ul_ok", PAM_STRERROR (pamh, pam_auth_status)); |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
237 |
} |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
238 |
else if (si->unlock_state != ul_cancel && si->unlock_state != ul_time) |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
239 |
{ |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
240 |
write_to_child (si, "ul_fail", PAM_STRERROR (pamh, pam_auth_status)); |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
241 |
- if (verbose_p) |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
242 |
- sleep (1); |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
243 |
- else |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
244 |
- usleep (500000); /* sleep for 1/2 of sec */ |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
245 |
} |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
246 |
+ if (verbose_p) |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
247 |
+ sleep (1); |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
248 |
#endif |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
249 |
|
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
250 |
if (verbose_p) |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
251 |
@@ -352,9 +486,19 @@ pam_try_unlock(saver_info *si, Bool verbose_p, |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
252 |
#ifdef HAVE_XSCREENSAVER_LOCK |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
253 |
/* Send status message to unlock dialog ***/ |
18061 | 254 |
if (acct_rc == PAM_SUCCESS) |
21473
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
255 |
- write_to_child (si, "ul_acct_ok", PAM_STRERROR(pamh, acct_rc)); |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
256 |
+ { |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
257 |
+ if (verbose_p) |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
258 |
+ write_to_child (si, "ul_acct_ok", PAM_STRERROR(pamh, acct_rc)); |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
259 |
+ } |
18027 | 260 |
else |
18061 | 261 |
- write_to_child (si, "ul_acct_fail", PAM_STRERROR(pamh, acct_rc)); |
262 |
+ { |
|
18027 | 263 |
+#ifdef __sun |
264 |
+ /* Only in failure of pam_acct_mgmt case we call audit */ |
|
265 |
+ audit_unlock (acct_rc); |
|
266 |
+#endif /*sun*/ |
|
267 |
+ |
|
18061 | 268 |
+ write_to_child (si, "ul_acct_fail", PAM_STRERROR(pamh, acct_rc)); |
269 |
+ } |
|
270 |
if (verbose_p) |
|
271 |
sleep (1); |
|
272 |
#endif |
|
18124 | 273 |
@@ -383,6 +527,10 @@ pam_try_unlock(saver_info *si, Bool verbose_p, |
18061 | 274 |
fprintf (stderr, "%s: pam_chauthtok (...) ==> %d (%s)\n", |
18027 | 275 |
blurb(), chauth_rc, PAM_STRERROR(pamh, chauth_rc)); |
276 |
||
277 |
+#ifdef __sun |
|
278 |
+ audit_passwd (chauth_rc); |
|
279 |
+#endif /* sun */ |
|
280 |
+ |
|
281 |
if (chauth_rc != PAM_SUCCESS) |
|
282 |
{ |
|
283 |
pam_auth_status = chauth_rc; |
|
21473
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
284 |
@@ -414,9 +562,18 @@ pam_try_unlock(saver_info *si, Bool verbose_p, |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
285 |
#ifdef HAVE_XSCREENSAVER_LOCK |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
286 |
/* Send status message to unlock dialog ***/ |
18061 | 287 |
if (setcred_rc == PAM_SUCCESS) |
21473
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
288 |
- write_to_child (si, "ul_setcred_ok", PAM_STRERROR(pamh, setcred_rc)); |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
289 |
+ { |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
290 |
+ if (verbose_p) |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
291 |
+ write_to_child (si, "ul_setcred_ok", PAM_STRERROR(pamh, setcred_rc)); |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
292 |
+ } |
18027 | 293 |
else |
18061 | 294 |
- write_to_child (si, "ul_setcred_fail", PAM_STRERROR(pamh, setcred_rc)); |
295 |
+ { |
|
18027 | 296 |
+#ifdef __sun |
297 |
+ /* Only in failure of pam_setcred() case we call audit. */ |
|
298 |
+ audit_unlock (setcred_rc); |
|
299 |
+#endif /*sun*/ |
|
18061 | 300 |
+ write_to_child (si, "ul_setcred_fail", PAM_STRERROR(pamh, setcred_rc)); |
301 |
+ } |
|
302 |
if (verbose_p) |
|
303 |
sleep (1); |
|
304 |
#endif |
|
21473
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
305 |
diff --git xscreensaver-5.11/driver/passwd.c xscreensaver-5.11/driver/passwd.c |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
306 |
--- xscreensaver-5.11/driver/passwd.c |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
307 |
+++ xscreensaver-5.11/driver/passwd.c |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
308 |
@@ -79,9 +79,11 @@ extern void pam_try_unlock (saver_info *si, Bool verbose_p, |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
309 |
extern Bool ext_priv_init (int argc, char **argv, Bool verbose_p); |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
310 |
extern Bool ext_passwd_valid_p (const char *typed_passwd, Bool verbose_p); |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
311 |
#endif |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
312 |
+#ifndef __sun /* Only use PAM on Solaris, not direct getpwent */ |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
313 |
extern Bool pwent_lock_init (int argc, char **argv, Bool verbose_p); |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
314 |
extern Bool pwent_priv_init (int argc, char **argv, Bool verbose_p); |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
315 |
extern Bool pwent_passwd_valid_p (const char *typed_passwd, Bool verbose_p); |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
316 |
+#endif |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
317 |
|
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
318 |
Bool lock_priv_init (int argc, char **argv, Bool verbose_p); |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
319 |
Bool lock_init (int argc, char **argv, Bool verbose_p); |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
320 |
@@ -105,8 +107,10 @@ struct auth_methods methods[] = { |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
321 |
{ "external", 0, ext_priv_init, ext_passwd_valid_p, 0, |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
322 |
False, False }, |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
323 |
# endif |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
324 |
+# ifndef __sun /* Only use PAM on Solaris, not direct getpwent */ |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
325 |
{ "normal", pwent_lock_init, pwent_priv_init, pwent_passwd_valid_p, 0, |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
326 |
False, False } |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
327 |
+# endif |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
328 |
}; |
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
329 |
|
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
330 |
|
8a5e3434934f
Updated xscreensaver-14-pam_audit.diff to fix bug screensaver continues to accept old password. Bug 7008058
akumrao
parents:
18124
diff
changeset
|
331 |
1.7.3.2 |
18061 | 332 |