--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/xscreensaver-13-trusted.diff Tue May 25 22:54:51 2010 +0000
@@ -0,0 +1,676 @@
+/*
+ * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, and/or sell copies of the Software, and to permit persons
+ * to whom the Software is furnished to do so, provided that the above
+ * copyright notice(s) and this permission notice appear in all copies of
+ * the Software and that both the above copyright notice(s) and this
+ * permission notice appear in supporting documentation.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+ * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
+ * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Except as contained in this notice, the name of a copyright holder
+ * shall not be used in advertising or otherwise to promote the sale, use
+ * or other dealings in this Software without prior written authorization
+ * of the copyright holder.
+ *
+ */
+
+Support needed for Solaris Trusted Extensions / Trusted GNOME.
+
+diff -Nurp -x '*~' -x '*.orig' xscreensaver-5.11/driver/Makefile.in xscreensaver-5.11/driver/Makefile.in
+--- xscreensaver-5.11/driver/Makefile.in 2009-05-27 17:19:52.672265000 -0700
++++ xscreensaver-5.11/driver/Makefile.in 2009-05-27 17:20:09.588024000 -0700
+@@ -105,6 +105,10 @@ GTK_OBJS = demo-Gtk.o demo-Gtk-conf.o @G
+ GTK_LOCK_SRCS = lock-Gtk.c remote.c
+ GTK_LOCK_OBJS = lock-Gtk.o remote.o
+
++TRUSTED_LIBS = -lglib-2.0 -lsecdb
++TRUSTED_SRCS = trusted-utils.c
++TRUSTED_OBJS = trusted-utils.o
++
+ PWENT_SRCS = passwd-pwent.c
+ PWENT_OBJS = passwd-pwent.o
+
+@@ -794,8 +798,9 @@ XScreenSaver_Xm_ad.h: XScreenSaver-Xm.ad
+
+ # The executables linked in this directory.
+ #
+-xscreensaver: $(SAVER_OBJS)
+- $(CC) $(LDFLAGS) -o $@ $(SAVER_OBJS) $(SAVER_LIBS)
++xscreensaver: $(SAVER_OBJS) $(TRUSTED_OBJS)
++ $(CC) $(LDFLAGS) -o $@ $(SAVER_OBJS) $(TRUSTED_OBJS) \
++ $(TRUSTED_LIBS) $(SAVER_LIBS)
+
+ xscreensaver-command: $(CMD_OBJS)
+ $(CC) $(LDFLAGS) -o $@ $(CMD_OBJS) $(CMD_LIBS)
+@@ -814,8 +819,9 @@ xscreensaver-demo: @PREFERRED_DEMO_PROGR
+ xscreensaver-lock: @PREFERRED_LOCK_PROGRAM@
+ $(INSTALL_PROGRAM) @PREFERRED_LOCK_PROGRAM@ $@
+
+-xscreensaver-lock-Gtk: $(GTK_LOCK_OBJS)
++xscreensaver-lock-Gtk: $(GTK_LOCK_OBJS) $(TRUSTED_OBJS)
+ $(CC) $(LDFLAGS) -o $@ $(GTK_LOCK_OBJS) $(LIBS) $(X_LIBS) \
++ $(TRUSTED_OBJS) $(TRUSTED_LIBS) \
+ $(GTK_LIBS) $(XML_LIBS) $(X_PRE_LIBS) -lXt -lX11 \
+ $(XDPMS_LIBS) -lXext \
+ $(X_EXTRA_LIBS)
+@@ -825,9 +831,9 @@ xscreensaver-demo-Xm: $(DEMO_OBJS) $(MOT
+ $(MOTIF_LIBS) $(INTL_LIBS) $(X_PRE_LIBS) -lXt -lX11 \
+ $(XDPMS_LIBS) $(XINERAMA_LIBS) -lXext $(X_EXTRA_LIBS)
+
+-xscreensaver-demo-Gtk: $(DEMO_OBJS) $(GTK_OBJS)
+- $(CC) $(LDFLAGS) -o $@ $(DEMO_OBJS) $(GTK_OBJS) $(LIBS) $(X_LIBS) \
+- $(GTK_LIBS) $(XPM_LIBS) $(XML_LIBS) $(INTL_LIBS) $(X_PRE_LIBS) \
++xscreensaver-demo-Gtk: $(DEMO_OBJS) $(GTK_OBJS) $(TRUSTED_OBJS)
++ $(CC) $(LDFLAGS) -o $@ $(DEMO_OBJS) $(GTK_OBJS) $(TRUSTED_OBJS) $(LIBS) $(X_LIBS) \
++ $(GTK_LIBS) $(XPM_LIBS) $(XML_LIBS) $(INTL_LIBS) $(TRUSTED_LIBS) $(X_PRE_LIBS) \
+ -lXt -lX11 $(XDPMS_LIBS) $(XINERAMA_LIBS) -lXext $(X_EXTRA_LIBS)
+
+ demo-Gtk.o: XScreenSaver_ad.h
+@@ -836,7 +842,7 @@ xscreensaver.o: XScreenSaver_ad.h
+ xscreensaver-getimage.o: XScreenSaver_ad.h
+
+ xscreensaver-getimage: $(GETIMG_OBJS)
+- $(CC) $(LDFLAGS) -o $@ $(GETIMG_OBJS) $(GETIMG_LIBS) -lm
++ $(CC) $(LDFLAGS) -o $@ $(GETIMG_OBJS) $(TRUSTED_OBJS) $(GETIMG_LIBS) $(TRUSTED_LIBS) -lm
+
+ pdf2jpeg: $(PDF2JPEG_OBJS)
+ $(OBJCC) $(LDFLAGS) -o $@ $(PDF2JPEG_OBJS) $(PDF2JPEG_LIBS) -lm
+diff -Nurp -x '*~' -x '*.orig' xscreensaver-5.11/driver/demo-Gtk.c xscreensaver-5.11/driver/demo-Gtk.c
+--- xscreensaver-5.11/driver/demo-Gtk.c 2009-05-27 17:19:52.762320000 -0700
++++ xscreensaver-5.11/driver/demo-Gtk.c 2009-05-27 17:20:09.590543000 -0700
+@@ -136,6 +136,14 @@
+ #include <string.h>
+ #include <ctype.h>
+
++#include <user_attr.h>
++
++void XTSOLgetWorkstationOwner(Display *, uid_t *);
++char *getusrattrval(userattr_t *, char *);
++gboolean tsol_is_multi_label_session (void);
++static gboolean tsol_hack_initialized = False;
++static gboolean tsol_multi_label_session = False;
++
+ #ifdef HAVE_GTK2
+ enum {
+ COL_ENABLED,
+@@ -153,6 +161,7 @@ static void hack_subproc_environment (Wi
+ #undef countof
+ #define countof(x) (sizeof((x))/sizeof((*x)))
+
++extern Display *global_dpy;
+
+ /* You might think that to read an array of 32-bit quantities out of a
+ server-side property, you would pass an array of 32-bit data quantities
+@@ -909,8 +918,9 @@ about_menu_cb (GtkMenuItem *menuitem, gp
+ G_MODULE_EXPORT void
+ doc_menu_cb (GtkMenuItem *menuitem, gpointer user_data)
+ {
+-
+- const char *sun_help_command = "xterm -T 'Screensaver Help' -e /bin/sh -c 'man xscreensaver || read foo' &";
++if ( ! tsol_multi_label_session )
++{
++ const char *sun_help_command = "/usr/openwin/bin/xterm -T 'Screensaver Help' -e /bin/ksh -c 'export SHELL=\"/dev/null\"; /usr/bin/man xscreensaver || /usr/bin/read foo' &";
+
+ #ifdef JWZ_HELP /* We do not want to point to jwz website for help instead open man page in xterm window */
+ state *s = global_state_kludge; /* I hate C so much... */
+@@ -939,7 +949,7 @@ doc_menu_cb (GtkMenuItem *menuitem, gpoi
+
+ system (sun_help_command);
+ }
+-
++}
+
+ G_MODULE_EXPORT void
+ file_menu_cb (GtkMenuItem *menuitem, gpointer user_data)
+@@ -2718,7 +2728,6 @@ update_list_sensitivity (state *s)
+ #endif /* !HAVE_GTK2 */
+ }
+
+-
+ static void
+ populate_prefs_page (state *s)
+ {
+@@ -2885,10 +2894,69 @@ populate_prefs_page (state *s)
+ SENSITIZE ("pwd_spinbutton", p->pwd_p);
+ SENSITIZE ("pwd_mlabel", p->pwd_p);
+
++ tsol_multi_label_session = tsol_is_multi_label_session ();
++ if (! tsol_hack_initialized && tsol_multi_label_session)
++ {
++ GtkWidget *doc_menu = name_to_widget (s, "doc_menu");
++ GtkWidget *restart_menu = name_to_widget (s, "restart");
++ GtkWidget *kill_menu = name_to_widget (s, "kill_menu");
++ GtkWidget *lock_spinbutton = name_to_widget (s, "lock_spinbutton");
++ GtkWidget *lock_container = name_to_widget (s, "blanking_table");
++ GtkWidget *lock_button_eventbox = name_to_widget (s, "lock_button_eventbox");
++ Widget *newlabel = g_object_new (GTK_TYPE_LABEL, "label",
++ _("_Lock Screen After"),
++ "use-underline", TRUE,
++ "mnemonic-widget", lock_spinbutton,
++ NULL);
++ GValue *gv = g_new0 (GValue, 1);
++ GtkAdjustment *adj;
++ userattr_t *uent;
++ int idletime;
++ char *value = NULL;
++ uid_t WorkstationOwner;
++ Display *dpy = GDK_DISPLAY ();
++
++ gtk_widget_hide (doc_menu);
++ gtk_widget_set_sensitive (restart_menu, FALSE);
++ gtk_widget_set_sensitive (kill_menu, FALSE);
++
++ adj = gtk_spin_button_get_adjustment ((GtkSpinButton *)lock_spinbutton);
++
++ XTSOLgetWorkstationOwner (dpy, &WorkstationOwner);
++ uent = getuseruid (WorkstationOwner);
++ value = getusrattrval (uent, USERATTR_IDLETIME_KW);
++ if (value != NULL && *value != '\0')
++ idletime = atoi (value);
++ adj->upper = (gdouble)idletime;
++ if (adj->value > adj->upper)
++ adj->value = adj->upper;
++
++ gtk_spin_button_set_adjustment ((GtkSpinButton *)lock_spinbutton, adj);
++
++ gtk_container_add (GTK_CONTAINER (lock_container), GTK_WIDGET (newlabel));
++ g_value_init (gv, G_TYPE_INT);
++ g_value_set_int (gv, 2);
++ gtk_container_child_set_property (GTK_CONTAINER (lock_container), GTK_WIDGET (newlabel), "top_attach", gv);
++ g_value_set_int (gv, 1);
++ gtk_container_child_set_property (GTK_CONTAINER (lock_container), GTK_WIDGET (newlabel), "left_attach", gv);
++ gtk_widget_show (GTK_WIDGET (newlabel));
++ gtk_widget_hide (GTK_WIDGET (lock_button_eventbox));
++ g_object_set (lock_button_eventbox, "active", TRUE, NULL);
++
++ SENSITIZE ("lock_button", 1);
++ }
++
++ if (tsol_multi_label_session)
++ {
++ SENSITIZE ("lock_spinbutton", 1);
++ SENSITIZE ("lock_mlabel", 1);
++ }
++ else
++ {
+ SENSITIZE ("lock_button", can_lock_p);
+ SENSITIZE ("lock_spinbutton", can_lock_p && p->lock_p);
+ SENSITIZE ("lock_mlabel", can_lock_p && p->lock_p);
+-
++ }
+ /* DPMS
+ */
+ SENSITIZE ("dpms_frame", dpms_supported);
+@@ -2917,6 +2985,7 @@ populate_prefs_page (state *s)
+
+ # undef SENSITIZE
+ }
++ tsol_hack_initialized = True;
+ }
+
+
+@@ -3002,6 +3071,9 @@ sensitize_menu_items (state *s, Bool for
+
+ for (i = 0; i < countof(names); i++)
+ {
++ if (tsol_is_multi_label_session() && 2==i)
++ continue;
++
+ GtkWidget *w = name_to_widget (s, names[i]);
+ gtk_widget_set_sensitive (GTK_WIDGET(w), running_p);
+ }
+@@ -4979,7 +5051,7 @@ main (int argc, char **argv)
+ applicationShellWidgetClass,
+ dpy, 0, 0);
+
+- dpy = XtDisplay (toplevel_shell);
++ global_dpy = dpy = XtDisplay (toplevel_shell);
+ db = XtDatabase (dpy);
+ XtGetApplicationNameAndClass (dpy, &progname, &progclass);
+ XSetErrorHandler (demo_ehandler);
+diff -Nurp -x '*~' -x '*.orig' xscreensaver-5.11/driver/lock-Gtk.c xscreensaver-5.11/driver/lock-Gtk.c
+--- xscreensaver-5.11/driver/lock-Gtk.c 2009-05-27 17:19:52.432591000 -0700
++++ xscreensaver-5.11/driver/lock-Gtk.c 2009-05-27 17:20:09.612695000 -0700
+@@ -77,6 +77,7 @@
+ #include <atk/atkobject.h>
+
+ #include "remote.h"
++#include "trusted-utils.h"
+
+ /* AT-enabled */
+ void write_null(int n);
+@@ -181,7 +182,10 @@ load_unlock_logo_image(void)
+ const char *logofile;
+ struct stat statbuf;
+
+- logofile = DEFAULT_ICONDIR "/unlock-logo.png";
++ if (tsol_is_multi_label_session())
++ logofile = DEFAULT_ICONDIR "/trusted-logo.png";
++ else
++ logofile = DEFAULT_ICONDIR "/unlock-logo.png";
+
+ if (stat(logofile, &statbuf) != 0) {
+ logofile = DEFAULT_ICONDIR "/logo-180.gif"; /* fallback */
+diff -Nurp -x '*~' -x '*.orig' xscreensaver-5.11/driver/prefs.c xscreensaver-5.11/driver/prefs.c
+--- xscreensaver-5.11/driver/prefs.c 2009-05-27 17:19:52.718330000 -0700
++++ xscreensaver-5.11/driver/prefs.c 2009-05-27 17:20:09.613771000 -0700
+@@ -37,6 +37,7 @@
+ # include "vms-pwd.h"
+ #endif /* VMS */
+
++#include <user_attr.h>
+
+ /* This file doesn't need the Xt headers, so stub these types out... */
+ #undef XtPointer
+@@ -66,6 +67,7 @@
+
+ #include "prefs.h"
+ #include "resources.h"
++#include "trusted-utils.h"
+
+ /* don't use realpath() on fedora system */
+ #ifdef _FORTIFY_SOURCE
+@@ -77,6 +79,7 @@ extern char *progname;
+ extern char *progclass;
+ extern const char *blurb (void);
+
++Display *global_dpy;
+
+
+ static void get_screenhacks (Display *, saver_preferences *);
+@@ -1011,6 +1014,9 @@ free_screenhack_list (screenhack **list,
+ free (list);
+ }
+
++void XTSOLgetWorkstationOwner(Display *, uid_t *);
++char *getusrattrval(userattr_t *, char *);
++int tsol_is_multi_label_session (void);
+
+
+ /* Populate `saver_preferences' with the contents of the resource database.
+@@ -1051,7 +1057,10 @@ load_init_file (Display *dpy, saver_pref
+ p->xsync_p = get_boolean_resource (dpy, "synchronous", "Synchronous");
+ p->verbose_p = get_boolean_resource (dpy, "verbose", "Boolean");
+ p->timestamp_p = get_boolean_resource (dpy, "timestamp", "Boolean");
+- p->lock_p = get_boolean_resource (dpy, "lock", "Boolean");
++ if (tsol_is_multi_label_session())
++ p->lock_p = True; /* always lock in a Multi Label Session */
++ else
++ p->lock_p = get_boolean_resource (dpy, "lock", "Boolean");
+ p->fade_p = get_boolean_resource (dpy, "fade", "Boolean");
+ p->unfade_p = get_boolean_resource (dpy, "unfade", "Boolean");
+ p->fade_seconds = 1000 * get_seconds_resource (dpy, "fadeSeconds", "Time");
+@@ -1075,6 +1084,27 @@ load_init_file (Display *dpy, saver_pref
+ p->lock_timeout = 1000 * get_minutes_resource (dpy, "lockTimeout", "Time");
+ p->cycle = 1000 * get_minutes_resource (dpy, "cycle", "Time");
+ p->passwd_timeout = 1000 * get_seconds_resource (dpy, "passwdTimeout", "Time");
++ if (tsol_is_multi_label_session())
++ {
++ userattr_t *uent;
++ int idletime;
++ char *value = NULL;
++ uid_t WorkstationOwner;
++
++ XTSOLgetWorkstationOwner (global_dpy, &WorkstationOwner);
++ uent = getuseruid (WorkstationOwner);
++ value = getusrattrval (uent, USERATTR_IDLETIME_KW);
++ if (value != NULL && *value != '\0')
++ idletime = atoi(value) * 1000;
++ if (p->passwd_timeout > idletime)
++ p->passwd_timeout = idletime;
++
++ value = getusrattrval (uent, USERATTR_IDLECMD_KW);
++ if (value && strcmp(value, USERATTR_IDLECMD_LOGOUT_KW) == 0)
++ p->lock_cmd = LOGOUT_CMD;
++ else
++ p->lock_cmd = LOCK_CMD;
++ }
+ /* *bugid 5077981 pwd timeout */
+ p->pwd_p = get_boolean_resource (dpy, "passwdTimeoutEnabled", "Boolean");
+ p->pointer_timeout = 1000 * get_seconds_resource (dpy, "pointerPollTime", "Time");
+--- xscreensaver-5.11/driver/types.h-orig 2010-05-07 15:19:33.782722502 -0500
++++ xscreensaver-5.11/driver/types.h 2010-05-07 16:32:09.483800624 -0500
+@@ -105,6 +105,8 @@ struct saver_preferences {
+ Time initial_delay; /* how long to sleep after launch */
+ Time splash_duration; /* how long the splash screen stays up */
+ Time timeout; /* how much idle time before activation */
++ int lock_cmd; /* tsol only - whether to lock or logout */
++
+ Time lock_timeout; /* how long after activation locking starts */
+ Time cycle; /* how long each hack should run */
+ Time passwd_timeout; /* how much time before pw dialog goes down */
+diff -Nurp -x '*~' -x '*.orig' xscreensaver-5.11/driver/subprocs.c xscreensaver-5.11/driver/subprocs.c
+--- xscreensaver-5.11/driver/subprocs.c 2009-05-27 17:19:52.748014000 -0700
++++ xscreensaver-5.11/driver/subprocs.c 2009-05-27 17:20:09.673584000 -0700
+@@ -70,6 +70,7 @@ extern int kill (pid_t, int); /* signal
+ #include "exec.h"
+ #include "yarandom.h"
+ #include "visual.h" /* for id_to_visual() */
++#include "trusted-utils.h"
+
+ extern saver_info *global_si_kludge; /* I hate C so much... */
+
+@@ -1076,6 +1077,13 @@ spawn_screenhack (saver_screen_info *ssi
+ strlen (HACK_PATH));
+ sprintf(complete_hack_command, HACK_PATH"/%s", hack->command);
+
++ if (tsol_is_multi_label_session())
++ if (p->lock_cmd == LOGOUT_CMD)
++ {
++ free (complete_hack_command);
++ exec_command (p->shell, "/usr/bin/pkill gnome-session", 0);
++ exit(1);
++ }
+
+ forked = fork_and_exec (ssi, complete_hack_command);
+ free (complete_hack_command);
+diff -Nurp -x '*~' -x '*.orig' xscreensaver-5.11/driver/trusted-utils.c xscreensaver-5.11/driver/trusted-utils.c
+--- xscreensaver-5.11/driver/trusted-utils.c 1969-12-31 16:00:00.000000000 -0800
++++ xscreensaver-5.11/driver/trusted-utils.c 2009-05-27 17:20:09.674005000 -0700
+@@ -0,0 +1,170 @@
++/*
++ * Trusted xscreensaver
++ *
++ * Copyright 2008, 2010, Oracle and/or its affiliates. All rights reserved.
++ *
++ * Permission is hereby granted, free of charge, to any person obtaining a
++ * copy of this software and associated documentation files (the
++ * "Software"), to deal in the Software without restriction, including
++ * without limitation the rights to use, copy, modify, merge, publish,
++ * distribute, and/or sell copies of the Software, and to permit persons
++ * to whom the Software is furnished to do so, provided that the above
++ * copyright notice(s) and this permission notice appear in all copies of
++ * the Software and that both the above copyright notice(s) and this
++ * permission notice appear in supporting documentation.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
++ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
++ * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
++ * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
++ * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
++ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
++ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
++ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ *
++ * Except as contained in this notice, the name of a copyright holder
++ * shall not be used in advertising or otherwise to promote the sale, use
++ * or other dealings in this Software without prior written authorization
++ * of the copyright holder.
++ *
++ *
++ *
++ * Based on work by Erwann Chenede, Ghee Teo
++ *
++ * Used to check if we are in a multilabel session and to load
++ * additional functionality within the multilabel session.
++ */
++#include <dlfcn.h>
++#include <link.h>
++#include <stdlib.h>
++#include <user_attr.h>
++#include <sys/types.h>
++#include <unistd.h>
++#include <strings.h>
++#include <stdio.h>
++#include "trusted-utils.h"
++
++/*
++ * Checks for Multi label session
++ */
++gboolean
++tsol_is_multi_label_session (void)
++{
++ static char *session = NULL;
++
++ if (!session)
++ session = (char *)getenv("TRUSTED_SESSION");
++
++ if (!session)
++ return FALSE;
++
++ return TRUE;
++}
++
++/*
++ * dynamicly load the libxtsol library
++ */
++static
++void * dlopen_xtsol (void)
++{
++ void *handle = NULL;
++
++ if ((handle = dlopen ("/usr/lib/libXtsol.so.1", RTLD_LAZY)) != NULL)
++ return handle;
++ if ((handle = dlopen ("/usr/openwin/lib/libXtsol.so.1", RTLD_LAZY)) != NULL)
++ return handle;
++
++ return handle;
++}
++
++/*
++ * dynamicly load the libDtTsol library
++ */
++static
++void * dlopen_gnometsol (void)
++{
++ void *handle = NULL;
++
++ if ((handle = dlopen ("/usr/lib/libgnometsol.so.1", RTLD_LAZY)) != NULL)
++ return handle;
++
++ return handle;
++}
++
++xtsol_XTSOLgetWorkstationOwner libxtsol_XTSOLgetWorkstationOwner = NULL;
++
++void
++XTSOLgetWorkstationOwner(Display *dpy, uid_t *WorkstationOwner)
++{
++ static gpointer xtsol_handle = NULL;
++ static gboolean _xtsol_initialized = FALSE;
++
++ if ( ! _xtsol_initialized ) {
++ _xtsol_initialized = TRUE;
++ xtsol_handle = dlopen_xtsol ();
++ if (xtsol_handle != NULL)
++ libxtsol_XTSOLgetWorkstationOwner = (xtsol_XTSOLgetWorkstationOwner) dlsym(xtsol_handle,
++ "XTSOLgetWorkstationOwner");
++ }
++
++ if (libxtsol_XTSOLgetWorkstationOwner == NULL) {
++ *WorkstationOwner = getuid();
++ } else
++ libxtsol_XTSOLgetWorkstationOwner(dpy, WorkstationOwner);
++}
++
++xtsol_XTSOLMakeTPWindow libxtsol_XTSOLMakeTPWindow = NULL;
++
++void
++XTSOLMakeTPWindow(Display *dpy, Window w)
++{
++ static gpointer xtsol_handle = NULL;
++ static gboolean _xtsol_initialized = FALSE;
++
++ if ( ! _xtsol_initialized ) {
++ _xtsol_initialized = TRUE;
++ xtsol_handle = dlopen_xtsol ();
++ if (xtsol_handle != NULL)
++ libxtsol_XTSOLMakeTPWindow = (xtsol_XTSOLMakeTPWindow) dlsym(xtsol_handle,
++ "XTSOLMakeTPWindow");
++ }
++
++ if (libxtsol_XTSOLMakeTPWindow) {
++ libxtsol_XTSOLMakeTPWindow(dpy, w);
++ }
++}
++
++gnome_tsol_get_usrattr_val libgnome_tsol_get_usrattr_val = NULL;
++
++/*
++ * Returns a value from uattr for the given key.
++ * If there is no value in user_attr, then it returns the
++ * system wide default from policy.conf or labelencodings
++ * as appropriate.
++ */
++char *
++getusrattrval(userattr_t *uattr, char *keywd)
++{
++ static gpointer gnometsol_handle = NULL;
++ static gboolean _gnometsol_initialized = FALSE;
++ char *value;
++
++ if ( ! _gnometsol_initialized ) {
++ _gnometsol_initialized = TRUE;
++ gnometsol_handle = dlopen_gnometsol ();
++ if (gnometsol_handle != NULL)
++ libgnome_tsol_get_usrattr_val = (gnome_tsol_get_usrattr_val) dlsym(gnometsol_handle,
++ "gnome_tsol_get_usrattr_val");
++ }
++
++ if (libgnome_tsol_get_usrattr_val == NULL) {
++ if (strcmp(keywd, USERATTR_IDLETIME_KW) == 0)
++ value = strdup("15");
++ else if (strcmp(keywd, USERATTR_IDLECMD_KW) == 0)
++ value = strdup(USERATTR_IDLECMD_LOCK_KW);
++ } else
++ value = libgnome_tsol_get_usrattr_val(uattr, keywd);
++
++ return ( value );
++}
+diff -Nurp -x '*~' -x '*.orig' xscreensaver-5.11/driver/trusted-utils.h xscreensaver-5.11/driver/trusted-utils.h
+--- xscreensaver-5.11/driver/trusted-utils.h 1969-12-31 16:00:00.000000000 -0800
++++ xscreensaver-5.11/driver/trusted-utils.h 2009-05-27 17:20:09.674292000 -0700
+@@ -0,0 +1,61 @@
++/*
++ * Trusted xscreensaver
++ *
++ * Copyright 2006, 2010, Oracle and/or its affiliates. All rights reserved.
++ *
++ * Permission is hereby granted, free of charge, to any person obtaining a
++ * copy of this software and associated documentation files (the
++ * "Software"), to deal in the Software without restriction, including
++ * without limitation the rights to use, copy, modify, merge, publish,
++ * distribute, and/or sell copies of the Software, and to permit persons
++ * to whom the Software is furnished to do so, provided that the above
++ * copyright notice(s) and this permission notice appear in all copies of
++ * the Software and that both the above copyright notice(s) and this
++ * permission notice appear in supporting documentation.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
++ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
++ * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
++ * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
++ * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
++ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
++ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
++ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ *
++ * Except as contained in this notice, the name of a copyright holder
++ * shall not be used in advertising or otherwise to promote the sale, use
++ * or other dealings in this Software without prior written authorization
++ * of the copyright holder.
++ *
++ *
++ * Based on work by Erwann Chenede, Ghee Teo
++ *
++ * Definitions for the trusted functions.
++ */
++#ifndef TRUSTED_XSCREENSAVER_H
++#define TRUSTED_XSCREENSAVER_H
++
++#ifdef HAVE_XTSOL
++#include <X11/extensions/Xtsol.h>
++#endif /* HAVE_XTSOL */
++#include <user_attr.h>
++#include <glib.h>
++#include <X11/Xlib.h>
++#include <sys/types.h>
++#include <unistd.h>
++
++extern gboolean tsol_is_multi_label_session (void);
++extern char *getusrattrval(userattr_t *, char *);
++extern void XTSOLgetWorkstationOwner(Display *, uid_t *);
++
++typedef void (*xtsol_XTSOLgetWorkstationOwner) (Display *, uid_t *);
++extern void XTSOLMakeTPWindow(Display *, Window);
++typedef void (*xtsol_XTSOLMakeTPWindow) (Display *, Window);
++typedef char *(*gnome_tsol_get_usrattr_val) (userattr_t *, char *);
++
++enum {
++ LOCK_CMD = 0,
++ LOGOUT_CMD
++};
++#endif /* TRUSTED_XSCREENSAVER_H */
+diff -Nurp -x '*~' -x '*.orig' xscreensaver-5.11/driver/xscreensaver-getimage.c xscreensaver-5.11/driver/xscreensaver-getimage.c
+--- xscreensaver-5.11/driver/xscreensaver-getimage.c 2006-09-17 18:03:58.000000000 -0700
++++ xscreensaver-5.11/driver/xscreensaver-getimage.c 2009-05-27 17:20:09.675170000 -0700
+@@ -83,6 +83,7 @@ static char *defaults[] = {
+ 0
+ };
+
++extern Display *global_dpy;
+
+
+ char *progname = 0;
+@@ -1797,7 +1798,7 @@ main (int argc, char **argv)
+
+ toplevel = XtAppInitialize (&app, progclass, 0, 0, &argc, argv,
+ defaults, 0, 0);
+- dpy = XtDisplay (toplevel);
++ global_dpy = dpy = XtDisplay (toplevel);
+ screen = XtScreen (toplevel);
+ db = XtDatabase (dpy);
+ XtGetApplicationNameAndClass (dpy, &s, &progclass);
+diff -Nurp -x '*~' -x '*.orig' xscreensaver-5.11/driver/xscreensaver.c xscreensaver-5.11/driver/xscreensaver.c
+--- xscreensaver-5.11/driver/xscreensaver.c 2009-05-27 17:19:52.862425000 -0700
++++ xscreensaver-5.11/driver/xscreensaver.c 2009-05-27 17:20:09.705829000 -0700
+@@ -142,6 +142,7 @@
+
+ #include <stdio.h>
+ #include <ctype.h>
++#include <zone.h>
+ #include <X11/Xlib.h>
+
+ #include <locale.h>
+@@ -240,6 +241,7 @@ passwd_dialog_data *ptr_mygtkpwd = &mygt
+ char *progname = 0;
+ char *progclass = 0;
+ XrmDatabase db = 0;
++extern Display *global_dpy;
+
+
+ static Atom XA_SCREENSAVER_RESPONSE;
+@@ -1446,6 +1448,9 @@ main (int argc, char **argv)
+ struct passwd *spasswd;
+ int i;
+
++ if (tsol_is_multi_label_session () && (getzoneid () != 0))
++ exit (1);
++
+ #ifdef ENABLE_NLS
+ if (!setlocale (LC_ALL, ""))
+ fprintf (stderr, "locale not supported by C library\n");
+@@ -1488,6 +1493,7 @@ main (int argc, char **argv)
+ # endif /* !NO_LOCKING */
+
+ shell = connect_to_server (si, &argc, argv);
++ global_dpy = XtDisplay(shell);
+ process_command_line (si, &argc, argv);
+ stderr_log_file (si);
+ print_banner (si);