Mercurial Mercurial > upstream > oracle > spec-files / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patches/xscreensaver-14-pam_audit.diff
branchs11express-2010-11
changeset 21473 8a5e3434934f
parent 18124 ac2b6be91df8 
--- a/patches/xscreensaver-14-pam_audit.diff	Fri Feb 18 04:54:24 2011 +0000
+++ b/patches/xscreensaver-14-pam_audit.diff	Tue Feb 22 07:43:39 2011 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
  * copy of this software and associated documentation files (the "Software"),
@@ -24,10 +24,27 @@
 Fixes for bugs:
 5015296, P1, gnome/screensaver - xscreensaver doesn't audit
 6417168, P3, gnome/screensaver - xscreensaver loops while trying to unlock a session for a user whose password was expired
+7008058, P3, screensaver continues to accept old password for existing sessions after password changed
+---
+ driver/Makefile.in  |    6 +-
+ driver/passwd-pam.c |  177 ++++++++++++++++++++++++++++++++++++++++++++++++---
+ driver/passwd.c     |    4 +
+ 3 files changed, 174 insertions(+), 13 deletions(-)
 
 diff --git xscreensaver-5.11/driver/Makefile.in xscreensaver-5.11/driver/Makefile.in
 --- xscreensaver-5.11/driver/Makefile.in
 +++ xscreensaver-5.11/driver/Makefile.in
+@@ -109,8 +109,8 @@ TRUSTED_LIBS	= -lglib-2.0 -lsecdb
+ TRUSTED_SRCS	= trusted-utils.c
+ TRUSTED_OBJS	= trusted-utils.o
+ 
+-PWENT_SRCS	= passwd-pwent.c
+-PWENT_OBJS	= passwd-pwent.o
++PWENT_SRCS	= # passwd-pwent.c - Not used in Solaris builds
++PWENT_OBJS	= # passwd-pwent.o - Not used in Solaris builds
+ 
+ KERBEROS_SRCS	= passwd-kerberos.c
+ KERBEROS_OBJS	= passwd-kerberos.o
 @@ -217,7 +217,7 @@ PDF2JPEG_LIBS	= -framework Cocoa
  SAVER_LIBS	= $(LIBS) $(X_LIBS) $(XMU_LIBS) @SAVER_LIBS@ \
  		  $(XDPMS_LIBS) $(XINERAMA_LIBS) $(GL_LIBS) $(X_PRE_LIBS) \
@@ -197,7 +214,7 @@
    if (status != PAM_SUCCESS) goto DONE;
  
  #ifdef __sun
-@@ -307,6 +436,14 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
+@@ -307,22 +436,27 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
  # endif /* HAVE_SIGTIMEDWAIT */
    unblock_sigchld();
  
@@ -212,9 +229,34 @@
  #ifdef HAVE_XSCREENSAVER_LOCK
    /* Send status message to unlock dialog */
    if (pam_auth_status == PAM_SUCCESS)
-@@ -354,7 +491,14 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
+     {
+-      write_to_child (si, "ul_ok", PAM_STRERROR (pamh, pam_auth_status));
+       if (verbose_p)
+-        sleep (1);
++        write_to_child (si, "ul_ok", PAM_STRERROR (pamh, pam_auth_status));
+     }
+   else if (si->unlock_state != ul_cancel && si->unlock_state != ul_time)
+     {
+       write_to_child (si, "ul_fail", PAM_STRERROR (pamh, pam_auth_status));
+-      if (verbose_p)
+-        sleep (1);
+-      else
+-        usleep (500000); /* sleep for 1/2 of sec */
+     }
++  if (verbose_p)
++    sleep (1);
+ #endif
+ 
+   if (verbose_p)
+@@ -352,9 +486,19 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
+ #ifdef HAVE_XSCREENSAVER_LOCK
+       /* Send status message to unlock dialog ***/
        if (acct_rc == PAM_SUCCESS)
-         write_to_child (si, "ul_acct_ok", PAM_STRERROR(pamh, acct_rc));
+-        write_to_child (si, "ul_acct_ok", PAM_STRERROR(pamh, acct_rc));
++        {
++          if (verbose_p)
++            write_to_child (si, "ul_acct_ok", PAM_STRERROR(pamh, acct_rc));
++        }
        else
 -        write_to_child (si, "ul_acct_fail", PAM_STRERROR(pamh, acct_rc));
 +        {
@@ -239,9 +281,15 @@
            if (chauth_rc != PAM_SUCCESS)
              {
                pam_auth_status = chauth_rc;
-@@ -416,7 +564,13 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
+@@ -414,9 +562,18 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
+ #ifdef HAVE_XSCREENSAVER_LOCK
+       /* Send status message to unlock dialog ***/
        if (setcred_rc == PAM_SUCCESS)
-         write_to_child (si, "ul_setcred_ok", PAM_STRERROR(pamh, setcred_rc));
+-        write_to_child (si, "ul_setcred_ok", PAM_STRERROR(pamh, setcred_rc));
++        {
++          if (verbose_p)
++            write_to_child (si, "ul_setcred_ok", PAM_STRERROR(pamh, setcred_rc));
++        }
        else
 -        write_to_child (si, "ul_setcred_fail", PAM_STRERROR(pamh, setcred_rc));
 +        {
@@ -254,4 +302,31 @@
        if (verbose_p)
          sleep (1);
  #endif
+diff --git xscreensaver-5.11/driver/passwd.c xscreensaver-5.11/driver/passwd.c
+--- xscreensaver-5.11/driver/passwd.c
++++ xscreensaver-5.11/driver/passwd.c
+@@ -79,9 +79,11 @@ extern void pam_try_unlock (saver_info *si, Bool verbose_p,
+ extern Bool ext_priv_init (int argc, char **argv, Bool verbose_p);
+ extern Bool ext_passwd_valid_p (const char *typed_passwd, Bool verbose_p);
+ #endif
++#ifndef __sun /* Only use PAM on Solaris, not direct getpwent */
+ extern Bool pwent_lock_init (int argc, char **argv, Bool verbose_p);
+ extern Bool pwent_priv_init (int argc, char **argv, Bool verbose_p);
+ extern Bool pwent_passwd_valid_p (const char *typed_passwd, Bool verbose_p);
++#endif
+ 
+ Bool lock_priv_init (int argc, char **argv, Bool verbose_p);
+ Bool lock_init (int argc, char **argv, Bool verbose_p);
+@@ -105,8 +107,10 @@ struct auth_methods methods[] = {
+   { "external",		0, ext_priv_init, ext_passwd_valid_p, 0,
+   			False, False },
+ # endif
++# ifndef __sun /* Only use PAM on Solaris, not direct getpwent */
+   { "normal",           pwent_lock_init, pwent_priv_init, pwent_passwd_valid_p, 0,
+                         False, False }
++# endif
+ };
+ 
+ 
+1.7.3.2
upstream/oracle/spec-files