--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/open-src/app/xscreensaver/allowRootByPassFlag.patch Wed Sep 13 13:48:54 2006 -0700
@@ -0,0 +1,154 @@
+/*
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, and/or sell copies of the Software, and to permit persons
+ * to whom the Software is furnished to do so, provided that the above
+ * copyright notice(s) and this permission notice appear in all copies of
+ * the Software and that both the above copyright notice(s) and this
+ * permission notice appear in supporting documentation.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+ * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
+ * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Except as contained in this notice, the name of a copyright holder
+ * shall not be used in advertising or otherwise to promote the sale, use
+ * or other dealings in this Software without prior written authorization
+ * of the copyright holder.
+ *
+ */
+
+Fix for CR 6448236 xscreensaver should have option to control allowing root to unlock screen. Added allowRoot flag in XScreenSaver_ad.in which gets written to ~/.xscreensaver file through which you can allow if root has permission to break into a users locked screen, by typing in the root password.
+
+--- driver/XScreenSaver.ad.in Wed Sep 13 11:45:13 2006
++++ driver/XScreenSaver.ad.in Mon Sep 11 17:48:29 2006
+@@ -35,6 +35,7 @@
+ *lockTimeout: 0:30:00
+ *passwdTimeout: 0:02:00
+ *passwdTimeoutEnabled: True
++*allowRoot: False
+ *dpmsEnabled: True
+ *dpmsStandby: 0:24:00
+ *dpmsSuspend: 0:27:00
+--- driver/passwd-pam.c Tue Sep 12 16:22:28 2006
++++ driver/passwd-pam.c Wed Sep 13 11:35:51 2006
+@@ -646,32 +646,40 @@
+ cannot delete it and is user function spec.
+ */
+
+- /* If that didn't work, set the user to root, and try to authenticate again.
+- */
+- if (user) free (user);
+- user = strdup ("root");
+- c.user = user;
++ if (si->prefs.verbose_p)
++ fprintf(stderr,"\n\nRoot has permission to unlock screen?:%d\n\n",
++ si->prefs.allowRoot);
++
++ /* If allowRoot pref in ~/.xscreensaver is false,
++ * allow root to unlock a users session.
++ */
++ if (si->prefs.allowRoot)
++ {
++ /* Set the user to root, and try to authenticate again. */
++ if (user) free (user);
++ user = strdup ("root");
++ c.user = user;
+
+- not_a_failover_case = True; /* Set this so user is not prompted for root
++ not_a_failover_case = True;/* Set this so user is not prompted for root
+ * passwd instead the cached passwd from above
+ * call to pam_authenticate() is used.
+ */
+
+- status = pam_set_item (pamh, PAM_USER, c.user);
+- if (verbose_p)
++ status = pam_set_item (pamh, PAM_USER, c.user);
++ if (verbose_p)
+ fprintf (stderr, "%s: pam_set_item(p, PAM_USER, \"%s\") ==> %d (%s)\n",
+ blurb(), c.user, status, PAM_STRERROR(pamh, status));
+- if (status != PAM_SUCCESS) goto DONE;
++ if (status != PAM_SUCCESS) goto DONE;
+
+- PAM_NO_DELAY(pamh);
++ PAM_NO_DELAY(pamh);
+
+- set = block_sigchld();
+- pam_auth_status = pam_authenticate (pamh, 0);
+- sigtimedwait(&set, NULL, &timeout);
+- unblock_sigchld();
++ set = block_sigchld();
++ pam_auth_status = pam_authenticate (pamh, 0);
++ sigtimedwait(&set, NULL, &timeout);
++ unblock_sigchld();
+
+- /* Send status message to unlock dialog ***/
+- if (pam_auth_status == PAM_SUCCESS)
++ /* Send status message to unlock dialog ***/
++ if (pam_auth_status == PAM_SUCCESS)
+ {
+ write_to_child (si, "pw_ok");
+ tmp_buf = strdup (_("Letting you in as ROOT!!"));
+@@ -682,12 +690,13 @@
+ sleep (1);
+ }
+
+- /* PAM_SUCCESS defined to be 0 in /usr/include/security/pam_appl.h */
+- si->pw_data->state = (pam_auth_status == PAM_SUCCESS ? pw_ok : pw_fail);
++ /* PAM_SUCCESS defined to be 0 in /usr/include/security/pam_appl.h */
++ si->pw_data->state = (pam_auth_status == PAM_SUCCESS ? pw_ok : pw_fail);
+
+- if (verbose_p)
++ if (verbose_p)
+ fprintf (stderr, "%s: pam_authenticate as root user (...) ==> %d (%s)\n",
+ blurb(), pam_auth_status, PAM_STRERROR(pamh, pam_auth_status));
++ } /* if prefs.allowRoot is True */
+
+ DONE:
+ if (user) free (user);
+--- driver/prefs.c Tue Sep 12 16:22:29 2006
++++ driver/prefs.c Mon Sep 11 17:48:29 2006
+@@ -256,6 +256,7 @@
+ "lockTimeout",
+ "passwdTimeout",
+ "passwdTimeoutEnabled",
++ "allowRoot",
+ "visualID",
+ "installColormap",
+ "verbose",
+@@ -799,6 +800,7 @@
+ CHECK("lockVTs") continue; /* don't save, unused */
+ CHECK("lockTimeout") type = pref_time, t = p->lock_timeout;
+ CHECK("passwdTimeout") type = pref_time, t = p->passwd_timeout;
++ CHECK("allowRoot") type = pref_bool, b = p->allowRoot;
+
+ /* *bugid 5077981 pwd timeout */
+ CHECK("passwdTimeoutEnabled") type = pref_bool, b = p->pwd_p;
+@@ -1117,6 +1119,7 @@
+ }
+ /* *bugid 5077981 pwd timeout */
+ p->pwd_p = get_boolean_resource (dpy, "passwdTimeoutEnabled", "Boolean");
++ p->allowRoot = get_boolean_resource (dpy, "allowRoot", "Boolean");
+ p->pointer_timeout = 1000 * get_seconds_resource (dpy, "pointerPollTime", "Time");
+ p->pointer_hysteresis = get_integer_resource (dpy, "pointerHysteresis","Integer");
+ p->notice_events_timeout = 1000*get_seconds_resource(dpy,
+--- driver/prefs.h Wed Sep 13 12:31:07 2006
++++ driver/prefs.h Mon Sep 11 17:48:29 2006
+@@ -55,6 +55,7 @@
+ Bool lock_p; /* whether to lock as well as save */
+ Bool pwd_p; /* whether to disable/enable pwd timeout */
+ /* bugid 5077981 */
++ Bool allowRoot; /* whether to allow root to unlock a users session */
+
+ Bool fade_p; /* whether to fade to black, if possible */
+ Bool unfade_p; /* whether to fade from black, if possible */