--- a/patches/xscreensaver-14-pam_audit.diff	Wed Jun 02 03:23:43 2010 +0000
+++ b/patches/xscreensaver-14-pam_audit.diff	Wed Jun 02 03:25:58 2010 +0000
@@ -59,7 +59,7 @@
  /* Some time between Red Hat 4.2 and 7.0, the words were transposed 
     in the various PAM_x_CRED macro names.  Yay!
   */
-@@ -183,6 +188,129 @@ Bool pam_priv_init (int argc, char **argv, Bool verbose_p);
+@@ -186,6 +191,124 @@ Bool pam_priv_init (int argc, char **argv, Bool verbose_p);
   */
  static void *suns_pam_implementation_blows = 0;
  
@@ -81,8 +81,8 @@
 +void
 +audit_lock(void)
 +{
-+  adt_session_data_t      *ah;  	/* audit session handle */
-+  adt_event_data_t        *event;	/* audit event handle */
++  adt_session_data_t      *ah;          /* audit session handle */
++  adt_event_data_t        *event;       /* audit event handle */
 +
 +  /* Audit start of screen lock -- equivalent to logout ;-) */
 +  if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0)
@@ -92,14 +92,12 @@
 +    }
 +  if ((event = adt_alloc_event(ah, ADT_screenlock)) == NULL)
 +    {
-+      syslog(LOG_AUTH | LOG_ALERT,
-+	     "adt_alloc_event(ADT_screenlock): %m");
++      syslog(LOG_AUTH | LOG_ALERT, "adt_alloc_event(ADT_screenlock): %m");
 +    } else {
 +      if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0)
-+	{
-+	  syslog(LOG_AUTH | LOG_ALERT,
-+		 "adt_put_event(ADT_screenlock): %m");
-+	}
++        {
++          syslog(LOG_AUTH | LOG_ALERT, "adt_put_event(ADT_screenlock): %m");
++        }
 +      adt_free_event(event);
 +    }
 +  (void) adt_end_session(ah);
@@ -117,30 +115,30 @@
 +static void
 +audit_unlock(int pam_status)
 +{
-+  adt_session_data_t      *ah;  	/* audit session handle */
-+  adt_event_data_t        *event;	/* audit event handle */
++  adt_session_data_t      *ah;          /* audit session handle */
++  adt_event_data_t        *event;       /* audit event handle */
 +
 +  if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0)
 +    {
 +      syslog(LOG_AUTH | LOG_ALERT,
-+	     "adt_start_session(ADT_screenunlock): %m");
++             "adt_start_session(ADT_screenunlock): %m");
 +      return;
 +    }
 +  if ((event = adt_alloc_event(ah, ADT_screenunlock)) == NULL)
 +    {
 +      syslog(LOG_AUTH | LOG_ALERT,
-+	     "adt_alloc_event(ADT_screenunlock): %m");
++             "adt_alloc_event(ADT_screenunlock): %m");
 +    } else {
 +      if (adt_put_event(event,
-+			pam_status == PAM_SUCCESS ? ADT_SUCCESS : ADT_FAILURE,
-+			pam_status == PAM_SUCCESS ? ADT_SUCCESS
-+						  : ADT_FAIL_PAM + pam_status)
-+	  != 0)
-+	{
-+	  syslog(LOG_AUTH | LOG_ALERT,
-+		 "adt_put_event(ADT_screenunlock(%s): %m",
-+		 pam_strerror(NULL, pam_status));
-+	}
++                        pam_status == PAM_SUCCESS ? ADT_SUCCESS : ADT_FAILURE,
++                        pam_status == PAM_SUCCESS ? ADT_SUCCESS
++                                                  : ADT_FAIL_PAM + pam_status)
++          != 0)
++        {
++          syslog(LOG_AUTH | LOG_ALERT,
++                 "adt_put_event(ADT_screenunlock(%s): %m",
++                 pam_strerror(NULL, pam_status));
++        }
 +      adt_free_event(event);
 +    }
 +  (void) adt_end_session(ah);
@@ -157,30 +155,27 @@
 +static void
 +audit_passwd(int pam_status)
 +{
-+  adt_session_data_t      *ah;		/* audit session handle */
-+  adt_event_data_t        *event;	/* audit event handle */
++  adt_session_data_t      *ah;          /* audit session handle */
++  adt_event_data_t        *event;       /* audit event handle */
 +
 +  if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0)
 +    {
-+      syslog(LOG_AUTH | LOG_ALERT,
-+	     "adt_start_session(ADT_passwd): %m");
++      syslog(LOG_AUTH | LOG_ALERT, "adt_start_session(ADT_passwd): %m");
 +      return;
 +    }
 +  if ((event = adt_alloc_event(ah, ADT_passwd)) == NULL)
 +    {
-+      syslog(LOG_AUTH | LOG_ALERT,
-+	     "adt_alloc_event(ADT_passwd): %m");
++      syslog(LOG_AUTH | LOG_ALERT, "adt_alloc_event(ADT_passwd): %m");
 +    } else {
 +      if (adt_put_event(event,
-+			pam_status == PAM_SUCCESS ? ADT_SUCCESS : ADT_FAILURE,
-+			pam_status == PAM_SUCCESS ? ADT_SUCCESS
-+						  : ADT_FAIL_PAM + pam_status)
-+	  != 0)
-+	{
-+	  syslog(LOG_AUTH | LOG_ALERT,
-+		 "adt_put_event(ADT_passwd(%s): %m",
-+		 pam_strerror(NULL, pam_status));
-+	}
++                        pam_status == PAM_SUCCESS ? ADT_SUCCESS : ADT_FAILURE,
++                        pam_status == PAM_SUCCESS ? ADT_SUCCESS
++                                                  : ADT_FAIL_PAM + pam_status)
++          != 0)
++        {
++          syslog(LOG_AUTH | LOG_ALERT, "adt_put_event(ADT_passwd(%s): %m",
++                 pam_strerror(NULL, pam_status));
++        }
 +      adt_free_event(event);
 +    }
 +  (void) adt_end_session(ah);
@@ -189,7 +184,7 @@
  
  /**
   * This function is the PAM conversation driver. It conducts a full
-@@ -235,6 +363,12 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
+@@ -239,6 +362,12 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
      fprintf (stderr, "%s: pam_start (\"%s\", \"%s\", ...) ==> %d (%s)\n",
               blurb(), service, si->user,
               status, PAM_STRERROR (pamh, status));
@@ -202,7 +197,7 @@
    if (status != PAM_SUCCESS) goto DONE;
  
  /* copying from xlock */
-@@ -311,6 +445,14 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
+@@ -315,6 +444,14 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
  # endif /* HAVE_SIGTIMEDWAIT */
    unblock_sigchld();
  
@@ -214,23 +209,27 @@
 +    audit_flag_global = False;
 +#endif /*sun*/
 +
-   /* Send status message to unlock dialog ***/
+ #ifdef HAVE_XSCREENSAVER_LOCK
+   /* Send status message to unlock dialog */
    if (pam_auth_status == PAM_SUCCESS)
-     {
-@@ -370,6 +512,11 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
-         }
+@@ -367,7 +504,14 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
+       if (acct_rc == PAM_SUCCESS)
+         write_to_child (si, "ul_acct_ok", PAM_STRERROR(pamh, acct_rc));
        else
-         {
+-        write_to_child (si, "ul_acct_fail", PAM_STRERROR(pamh, acct_rc));
++        {
 +#ifdef __sun
 +          /* Only in failure of pam_acct_mgmt case we call audit */
 +          audit_unlock (acct_rc);
 +#endif /*sun*/
 +
-           write_to_child (si, "ul_acct_fail");
-           tmp_buf = (char*)PAM_STRERROR(pamh, acct_rc);
-           write_to_child (si, tmp_buf);
-@@ -401,6 +548,10 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
-             fprintf (stderr, "%s:   pam_chauthtok (...) ==> %d (%s)\n",
++          write_to_child (si, "ul_acct_fail", PAM_STRERROR(pamh, acct_rc));
++        }
+       if (verbose_p)
+         sleep (1);
+ #endif
+@@ -396,6 +540,10 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
+             fprintf (stderr, "%s: pam_chauthtok (...) ==> %d (%s)\n",
                       blurb(), chauth_rc, PAM_STRERROR(pamh, chauth_rc));
  
 +#ifdef __sun
@@ -240,19 +239,22 @@
            if (chauth_rc != PAM_SUCCESS)
              {
                pam_auth_status = chauth_rc;
-@@ -442,6 +593,11 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
-         }
+@@ -429,7 +577,13 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
+       if (setcred_rc == PAM_SUCCESS)
+         write_to_child (si, "ul_setcred_ok", PAM_STRERROR(pamh, setcred_rc));
        else
-         {
+-        write_to_child (si, "ul_setcred_fail", PAM_STRERROR(pamh, setcred_rc));
++        {
 +#ifdef __sun
 +          /* Only in failure of pam_setcred() case we call audit. */
 +          audit_unlock (setcred_rc);
 +#endif /*sun*/
-+
-           write_to_child (si, "ul_setcred_fail");
-           tmp_buf = (char*)PAM_STRERROR(pamh, setcred_rc);
-           write_to_child (si, tmp_buf);
-@@ -739,6 +895,11 @@ pam_conversation (int nmsgs,
++          write_to_child (si, "ul_setcred_fail", PAM_STRERROR(pamh, setcred_rc));
++        }
+       if (verbose_p)
+         sleep (1);
+ #endif
+@@ -714,6 +868,11 @@ pam_conversation (int nmsgs,
  
          default:
              ret = -1;
@@ -264,3 +266,4 @@
              goto end;
        } /* end switch */
      }
+