--- a/patches/xscreensaver-14-pam_audit.diff Fri Feb 18 04:54:24 2011 +0000
+++ b/patches/xscreensaver-14-pam_audit.diff Tue Feb 22 07:43:39 2011 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
@@ -24,10 +24,27 @@
Fixes for bugs:
5015296, P1, gnome/screensaver - xscreensaver doesn't audit
6417168, P3, gnome/screensaver - xscreensaver loops while trying to unlock a session for a user whose password was expired
+7008058, P3, screensaver continues to accept old password for existing sessions after password changed
+---
+ driver/Makefile.in | 6 +-
+ driver/passwd-pam.c | 177 ++++++++++++++++++++++++++++++++++++++++++++++++---
+ driver/passwd.c | 4 +
+ 3 files changed, 174 insertions(+), 13 deletions(-)
diff --git xscreensaver-5.11/driver/Makefile.in xscreensaver-5.11/driver/Makefile.in
--- xscreensaver-5.11/driver/Makefile.in
+++ xscreensaver-5.11/driver/Makefile.in
+@@ -109,8 +109,8 @@ TRUSTED_LIBS = -lglib-2.0 -lsecdb
+ TRUSTED_SRCS = trusted-utils.c
+ TRUSTED_OBJS = trusted-utils.o
+
+-PWENT_SRCS = passwd-pwent.c
+-PWENT_OBJS = passwd-pwent.o
++PWENT_SRCS = # passwd-pwent.c - Not used in Solaris builds
++PWENT_OBJS = # passwd-pwent.o - Not used in Solaris builds
+
+ KERBEROS_SRCS = passwd-kerberos.c
+ KERBEROS_OBJS = passwd-kerberos.o
@@ -217,7 +217,7 @@ PDF2JPEG_LIBS = -framework Cocoa
SAVER_LIBS = $(LIBS) $(X_LIBS) $(XMU_LIBS) @SAVER_LIBS@ \
$(XDPMS_LIBS) $(XINERAMA_LIBS) $(GL_LIBS) $(X_PRE_LIBS) \
@@ -197,7 +214,7 @@
if (status != PAM_SUCCESS) goto DONE;
#ifdef __sun
-@@ -307,6 +436,14 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
+@@ -307,22 +436,27 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
# endif /* HAVE_SIGTIMEDWAIT */
unblock_sigchld();
@@ -212,9 +229,34 @@
#ifdef HAVE_XSCREENSAVER_LOCK
/* Send status message to unlock dialog */
if (pam_auth_status == PAM_SUCCESS)
-@@ -354,7 +491,14 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
+ {
+- write_to_child (si, "ul_ok", PAM_STRERROR (pamh, pam_auth_status));
+ if (verbose_p)
+- sleep (1);
++ write_to_child (si, "ul_ok", PAM_STRERROR (pamh, pam_auth_status));
+ }
+ else if (si->unlock_state != ul_cancel && si->unlock_state != ul_time)
+ {
+ write_to_child (si, "ul_fail", PAM_STRERROR (pamh, pam_auth_status));
+- if (verbose_p)
+- sleep (1);
+- else
+- usleep (500000); /* sleep for 1/2 of sec */
+ }
++ if (verbose_p)
++ sleep (1);
+ #endif
+
+ if (verbose_p)
+@@ -352,9 +486,19 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
+ #ifdef HAVE_XSCREENSAVER_LOCK
+ /* Send status message to unlock dialog ***/
if (acct_rc == PAM_SUCCESS)
- write_to_child (si, "ul_acct_ok", PAM_STRERROR(pamh, acct_rc));
+- write_to_child (si, "ul_acct_ok", PAM_STRERROR(pamh, acct_rc));
++ {
++ if (verbose_p)
++ write_to_child (si, "ul_acct_ok", PAM_STRERROR(pamh, acct_rc));
++ }
else
- write_to_child (si, "ul_acct_fail", PAM_STRERROR(pamh, acct_rc));
+ {
@@ -239,9 +281,15 @@
if (chauth_rc != PAM_SUCCESS)
{
pam_auth_status = chauth_rc;
-@@ -416,7 +564,13 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
+@@ -414,9 +562,18 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
+ #ifdef HAVE_XSCREENSAVER_LOCK
+ /* Send status message to unlock dialog ***/
if (setcred_rc == PAM_SUCCESS)
- write_to_child (si, "ul_setcred_ok", PAM_STRERROR(pamh, setcred_rc));
+- write_to_child (si, "ul_setcred_ok", PAM_STRERROR(pamh, setcred_rc));
++ {
++ if (verbose_p)
++ write_to_child (si, "ul_setcred_ok", PAM_STRERROR(pamh, setcred_rc));
++ }
else
- write_to_child (si, "ul_setcred_fail", PAM_STRERROR(pamh, setcred_rc));
+ {
@@ -254,4 +302,31 @@
if (verbose_p)
sleep (1);
#endif
+diff --git xscreensaver-5.11/driver/passwd.c xscreensaver-5.11/driver/passwd.c
+--- xscreensaver-5.11/driver/passwd.c
++++ xscreensaver-5.11/driver/passwd.c
+@@ -79,9 +79,11 @@ extern void pam_try_unlock (saver_info *si, Bool verbose_p,
+ extern Bool ext_priv_init (int argc, char **argv, Bool verbose_p);
+ extern Bool ext_passwd_valid_p (const char *typed_passwd, Bool verbose_p);
+ #endif
++#ifndef __sun /* Only use PAM on Solaris, not direct getpwent */
+ extern Bool pwent_lock_init (int argc, char **argv, Bool verbose_p);
+ extern Bool pwent_priv_init (int argc, char **argv, Bool verbose_p);
+ extern Bool pwent_passwd_valid_p (const char *typed_passwd, Bool verbose_p);
++#endif
+
+ Bool lock_priv_init (int argc, char **argv, Bool verbose_p);
+ Bool lock_init (int argc, char **argv, Bool verbose_p);
+@@ -105,8 +107,10 @@ struct auth_methods methods[] = {
+ { "external", 0, ext_priv_init, ext_passwd_valid_p, 0,
+ False, False },
+ # endif
++# ifndef __sun /* Only use PAM on Solaris, not direct getpwent */
+ { "normal", pwent_lock_init, pwent_priv_init, pwent_passwd_valid_p, 0,
+ False, False }
++# endif
+ };
+
+
+1.7.3.2