Mercurial Mercurial > upstream > oracle > x-cons > x-s11-update-clone / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6448236 xscreensaver should have option to control allowing root to unlock screen nv_49
authorMahmood Ali <Mahmood.Ali@Sun.COM>
Wed, 13 Sep 2006 13:48:54 -0700
changeset 59 40bfdd07965d
parent 58 dc0147732971
child 60 4185b90bac15
6448236 xscreensaver should have option to control allowing root to unlock screen
open-src/app/xscreensaver/Makefile file | annotate | diff | comparison | revisions
open-src/app/xscreensaver/allowRootByPassFlag.patch file | annotate | diff | comparison | revisions 
--- a/open-src/app/xscreensaver/Makefile	Fri Sep 01 17:45:56 2006 -0700
+++ b/open-src/app/xscreensaver/Makefile	Wed Sep 13 13:48:54 2006 -0700
@@ -30,7 +30,7 @@
 # or other dealings in this Software without prior written authorization
 # of the copyright holder.
 #
-# @(#)Makefile	1.66	06/08/09
+# @(#)Makefile	1.67	06/09/13
 #
 
 PWD:sh=pwd
@@ -71,7 +71,8 @@
 	starfish.patch \
 	glsnake.patch \
 	apple2.patch \
-	topblock.patch
+	topblock.patch \
+        allowRootByPassFlag.patch
 
 # Directory created by unpacking source
 SOURCE_DIR=$(BUILD_DIR)/xscreensaver-$(XSCREENSAVER_VERS)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/open-src/app/xscreensaver/allowRootByPassFlag.patch	Wed Sep 13 13:48:54 2006 -0700
@@ -0,0 +1,154 @@
+/*
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, and/or sell copies of the Software, and to permit persons
+ * to whom the Software is furnished to do so, provided that the above
+ * copyright notice(s) and this permission notice appear in all copies of
+ * the Software and that both the above copyright notice(s) and this
+ * permission notice appear in supporting documentation.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+ * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
+ * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Except as contained in this notice, the name of a copyright holder
+ * shall not be used in advertising or otherwise to promote the sale, use
+ * or other dealings in this Software without prior written authorization
+ * of the copyright holder.
+ *
+ */
+
+Fix for CR 6448236 xscreensaver should have option to control allowing root to unlock screen. Added allowRoot flag in XScreenSaver_ad.in which gets written to ~/.xscreensaver file through which you can allow if root has permission to break into a users locked screen, by typing in the root password.
+
+--- driver/XScreenSaver.ad.in	Wed Sep 13 11:45:13 2006
++++ driver/XScreenSaver.ad.in	Mon Sep 11 17:48:29 2006
+@@ -35,6 +35,7 @@
+ *lockTimeout:		0:30:00
+ *passwdTimeout:		0:02:00
+ *passwdTimeoutEnabled:	True
++*allowRoot:		False
+ *dpmsEnabled:		True
+ *dpmsStandby:		0:24:00
+ *dpmsSuspend:		0:27:00
+--- driver/passwd-pam.c	Tue Sep 12 16:22:28 2006
++++ driver/passwd-pam.c	Wed Sep 13 11:35:51 2006
+@@ -646,32 +646,40 @@
+    cannot delete it and is user function spec.
+ */
+ 
+-  /* If that didn't work, set the user to root, and try to authenticate again.
+-   */
+-  if (user) free (user);
+-  user = strdup ("root");
+-  c.user = user;
++ if (si->prefs.verbose_p)
++  fprintf(stderr,"\n\nRoot has permission to unlock screen?:%d\n\n", 
++			si->prefs.allowRoot);
++
++ /* If allowRoot pref in ~/.xscreensaver is false, 
++  * allow root to unlock a users session. 
++  */
++ if (si->prefs.allowRoot)
++  {
++   /* Set the user to root, and try to authenticate again.  */
++   if (user) free (user);
++   user = strdup ("root");
++   c.user = user;
+  
+-  not_a_failover_case = True; /* Set this so user is not prompted for root
++   not_a_failover_case = True;/* Set this so user is not prompted for root
+                                * passwd instead the cached passwd from above
+                                * call to pam_authenticate() is used. 
+                                */
+ 
+-  status = pam_set_item (pamh, PAM_USER, c.user);
+-  if (verbose_p)
++   status = pam_set_item (pamh, PAM_USER, c.user);
++   if (verbose_p)
+     fprintf (stderr, "%s:   pam_set_item(p, PAM_USER, \"%s\") ==> %d (%s)\n",
+              blurb(), c.user, status, PAM_STRERROR(pamh, status));
+-  if (status != PAM_SUCCESS) goto DONE;
++   if (status != PAM_SUCCESS) goto DONE;
+ 
+-  PAM_NO_DELAY(pamh);
++   PAM_NO_DELAY(pamh);
+ 
+-  set = block_sigchld();
+-  pam_auth_status = pam_authenticate (pamh, 0);
+-  sigtimedwait(&set, NULL, &timeout);
+-  unblock_sigchld();
++   set = block_sigchld();
++   pam_auth_status = pam_authenticate (pamh, 0);
++   sigtimedwait(&set, NULL, &timeout);
++   unblock_sigchld();
+ 
+-  /* Send status message to unlock dialog ***/
+-  if (pam_auth_status == PAM_SUCCESS)
++   /* Send status message to unlock dialog ***/
++   if (pam_auth_status == PAM_SUCCESS)
+     {
+       write_to_child (si, "pw_ok");
+       tmp_buf = strdup (_("Letting you in as ROOT!!"));
+@@ -682,12 +690,13 @@
+ 	sleep (1);
+     }
+ 
+-  /* PAM_SUCCESS defined to be 0 in /usr/include/security/pam_appl.h */
+-  si->pw_data->state = (pam_auth_status == PAM_SUCCESS ? pw_ok : pw_fail);
++   /* PAM_SUCCESS defined to be 0 in /usr/include/security/pam_appl.h */
++   si->pw_data->state = (pam_auth_status == PAM_SUCCESS ? pw_ok : pw_fail);
+   
+-  if (verbose_p)
++   if (verbose_p)
+     fprintf (stderr, "%s:   pam_authenticate as root user (...) ==> %d (%s)\n",
+              blurb(), pam_auth_status, PAM_STRERROR(pamh, pam_auth_status));
++ } /* if prefs.allowRoot is True */
+ 
+  DONE:
+   if (user) free (user);
+--- driver/prefs.c	Tue Sep 12 16:22:29 2006
++++ driver/prefs.c	Mon Sep 11 17:48:29 2006
+@@ -256,6 +256,7 @@
+   "lockTimeout",
+   "passwdTimeout",
+   "passwdTimeoutEnabled",
++  "allowRoot",
+   "visualID",
+   "installColormap",
+   "verbose",
+@@ -799,6 +800,7 @@
+       CHECK("lockVTs")		continue;  /* don't save, unused */
+       CHECK("lockTimeout")	type = pref_time, t = p->lock_timeout;
+       CHECK("passwdTimeout")	type = pref_time, t = p->passwd_timeout;
++      CHECK("allowRoot")	type = pref_bool, b = p->allowRoot;
+ 
+ /* *bugid 5077981 pwd timeout */
+       CHECK("passwdTimeoutEnabled")		type = pref_bool, b = p->pwd_p;
+@@ -1117,6 +1119,7 @@
+   }
+   /* *bugid 5077981 pwd timeout */
+   p->pwd_p	    = get_boolean_resource (dpy, "passwdTimeoutEnabled", "Boolean");
++  p->allowRoot	    = get_boolean_resource (dpy, "allowRoot", "Boolean");
+   p->pointer_timeout = 1000 * get_seconds_resource (dpy, "pointerPollTime", "Time");
+   p->pointer_hysteresis = get_integer_resource (dpy, "pointerHysteresis","Integer");
+   p->notice_events_timeout = 1000*get_seconds_resource(dpy,
+--- driver/prefs.h	Wed Sep 13 12:31:07 2006
++++ driver/prefs.h	Mon Sep 11 17:48:29 2006
+@@ -55,6 +55,7 @@
+   Bool lock_p;			/* whether to lock as well as save */
+   Bool pwd_p;			/* whether to disable/enable pwd timeout */
+ 				/* bugid 5077981 */
++  Bool allowRoot;               /* whether to allow root to unlock a users session */
+ 
+   Bool fade_p;			/* whether to fade to black, if possible */
+   Bool unfade_p;		/* whether to fade from black, if possible */
upstream/oracle/x-cons/x-s11-update-clone