solaris-desktop/patches/xscreensaver-07-allow-root.diff

	xscreensaver-07-allow-root.diff revision 19117
10139N/A/*
10139N/A * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
10139N/A *
10139N/A * Permission is hereby granted, free of charge, to any person obtaining a
10139N/A * copy of this software and associated documentation files (the "Software"),
10139N/A * to deal in the Software without restriction, including without limitation
10139N/A * the rights to use, copy, modify, merge, publish, distribute, sublicense,
10139N/A * and/or sell copies of the Software, and to permit persons to whom the
10139N/A * Software is furnished to do so, subject to the following conditions:
10139N/A *
10139N/A * The above copyright notice and this permission notice (including the next
10139N/A * paragraph) shall be included in all copies or substantial portions of the
10139N/A * Software.
10139N/A *
10474N/A * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
10139N/A * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
10139N/A * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
10139N/A * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
10139N/A * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
10285N/A * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
10139N/A * DEALINGS IN THE SOFTWARE.
10139N/A */
10139N/A
10139N/AFix for: 4849641: xscreensaver won't run as root
10139N/A
10139N/ALet root lock the screen, but don't launch the hacks for root.
10139N/A
10139N/A(Upstream maintainer argues instead that users should not login as root,
10139N/A which is correct, but not something we can force our customers to stop
10139N/A doing.  See http://www.jwz.org/xscreensaver/faq.html#root-lock for his side.)
10139N/A---
10139N/A driver/demo-Gtk.c     |   26 ++++++++++++++++++++++++++
10139N/A driver/exec.c         |    2 ++
10139N/A driver/setuid.c       |   12 ++++++++++++
10139N/A driver/subprocs.c     |    3 +++
10139N/A driver/timers.c       |    2 +-
10139N/A driver/xscreensaver.c |    7 ++++---
10139N/A 6 files changed, 48 insertions(+), 4 deletions(-)
10139N/A
10139N/Adiff --git xscreensaver-5.12/driver/demo-Gtk.c xscreensaver-5.12/driver/demo-Gtk.c
10139N/A--- xscreensaver-5.12/driver/demo-Gtk.c
10139N/A+++ xscreensaver-5.12/driver/demo-Gtk.c
10139N/A@@ -686,6 +686,14 @@ run_cmd (state *s, Atom command, int arg)
10139N/A   char *err = 0;
10139N/A   int status;
10139N/A
10139N/A+  if (getuid () == 0)
10139N/A+    {
10139N/A+      char buf [255];
10139N/A+      strlcpy (buf, _("Can not run hacks if logged in as root!"), sizeof(buf));
10139N/A+      warning_dialog (s->toplevel_widget, buf, False, 100);
10139N/A+      return;
10139N/A+    }
10139N/A+
10139N/A   flush_dialog_changes_and_save (s);
10139N/A   status = xscreensaver_command (GDK_DISPLAY(), command, arg, False, &err);
10139N/A
10139N/A@@ -716,6 +724,14 @@ run_hack (state *s, int list_elt, Bool report_errors_p)
10139N/A   char *err = 0;
10139N/A   int status;
10504N/A
10139N/A+  if (getuid () == 0)
10139N/A+    {
10139N/A+      char buf [255];
10139N/A+      strlcpy (buf, _("Can not run hacks if logged in as root!"), sizeof(buf));
10139N/A+      warning_dialog (s->toplevel_widget, buf, False, 100);
10139N/A+      return;
10139N/A+    }
10139N/A+
10139N/A   if (list_elt < 0) return;
10139N/A   hack_number = s->list_elt_to_hack_number[list_elt];
10139N/A
10139N/A@@ -5137,6 +5153,15 @@ main (int argc, char **argv)
10139N/A     GtkMenu *menu = GTK_MENU (gtk_option_menu_get_menu (opt));
10139N/A     GList *kids = gtk_container_children (GTK_CONTAINER (menu));
10139N/A     int i;
10139N/A+
10139N/A+    if (getuid () == 0)
10139N/A+      {
10139N/A+        /* If logged in as root disable menu so user can't activate a hack. */
10139N/A+        gtk_widget_set_sensitive (GTK_WIDGET (opt), False);
10139N/A+        gtk_widget_set_sensitive (GTK_WIDGET (menu), False);
10139N/A+      }
10139N/A+    else
10139N/A+    {
10139N/A     for (i = 0; kids; kids = kids->next, i++)
10139N/A       {
10139N/A         gtk_signal_connect (GTK_OBJECT (kids->data), "activate",
10139N/A@@ -5150,6 +5175,7 @@ main (int argc, char **argv)
10139N/A             mode_menu_order[i] == RANDOM_HACKS_SAME)
10139N/A           gtk_widget_hide (GTK_WIDGET (kids->data));
10139N/A       }
10139N/A+    }
10139N/A
10139N/A     if (s->nscreens <= 1)   /* recompute option-menu size */
10139N/A       {
10139N/Adiff --git xscreensaver-5.12/driver/exec.c xscreensaver-5.12/driver/exec.c
10139N/A--- xscreensaver-5.12/driver/exec.c
10139N/A+++ xscreensaver-5.12/driver/exec.c
10139N/A@@ -186,6 +186,7 @@ exec_command (const char *shell, const char *command, int nice_level)
10139N/A   hairy_p = !!strpbrk (command, "*?$&!<>[];`'\\\"=");
10139N/A   /* note: = is in the above because of the sh syntax "FOO=bar cmd". */
10139N/A
10139N/A+#ifdef DONT_ALLOW_ROOT_LOGIN
10139N/A   if (getuid() == (uid_t) 0 || geteuid() == (uid_t) 0)
10139N/A     {
10139N/A       /* If you're thinking of commenting this out, think again.
10139N/A@@ -196,6 +197,7 @@ exec_command (const char *shell, const char *command, int nice_level)
10139N/A                blurb());
10139N/A       exit (-1);
10139N/A     }
10139N/A+#endif /*DONT_ALLOW_ROOT_LOGIN*/
10139N/A
10504N/A   if (hairy_p)
10504N/A     /* If it contains any shell metacharacters, do it the hard way,
10474N/Adiff --git xscreensaver-5.12/driver/setuid.c xscreensaver-5.12/driver/setuid.c
10474N/A--- xscreensaver-5.12/driver/setuid.c
10285N/A+++ xscreensaver-5.12/driver/setuid.c
10285N/A@@ -121,6 +121,10 @@ set_ids_by_number (uid_t uid, gid_t gid, char **message_ret)
10139N/A   struct passwd *p = getpwuid (uid);
10139N/A   struct group  *g = getgrgid (gid);
10139N/A
10139N/A+  /* if we are logged in as root i.e. uid==0 then dont do anything*/
10139N/A+  if (getuid () == (uid_t) 0)
10139N/A+   return 0;
10139N/A+
10139N/A   if (message_ret)
10139N/A     *message_ret = 0;
10139N/A
10139N/A@@ -278,11 +282,13 @@ hack_uid (saver_info *si)
10139N/A          of the xscreensaver manual titled "LOCKING AND ROOT LOGINS",
10139N/A          and "USING XDM".
10139N/A    */
10139N/A+#ifdef DONT_ALLOW_ROOT_LOGIN
10139N/A   if (getuid() == (uid_t) 0)
10139N/A     {
10139N/A       si->locking_disabled_p = True;
10139N/A       si->nolock_reason = "running as root";
10139N/A     }
10139N/A+#endif /*DONT_ALLOW_ROOT_LOGIN*/
10139N/A
10139N/A
10139N/A   /* If we're running as root, switch to a safer user.  This is above and
10139N/A@@ -297,6 +303,8 @@ hack_uid (saver_info *si)
10139N/A          of the xscreensaver manual titled "LOCKING AND ROOT LOGINS",
10139N/A          and "USING XDM".
10139N/A    */
10139N/A+/* We are letting root login to fix a P1 bug, i.e. root should lock screen*/
10139N/A+#ifdef DONT_ALLOW_ROOT_LOGIN
10139N/A   if (getuid() == (uid_t) 0)
10139N/A     {
10139N/A       struct passwd *p;
10139N/A@@ -315,6 +323,7 @@ hack_uid (saver_info *si)
10139N/A       if (set_ids_by_number (p->pw_uid, p->pw_gid, &si->uid_message) != 0)
10139N/A    saver_exit (si, -1, 0);
10139N/A     }
10139N/A+#endif /*DONT_ALLOW_ROOT_LOGIN*/
10139N/A
10139N/A
10139N/A   /* If there's anything even remotely funny looking about the passwd struct,
@@ -357,7 +366,10 @@ hack_uid (saver_info *si)
         (p && p->pw_name && *p->pw_name
          ? p->pw_name : "<unknown>"));
    si->nolock_reason = buf;
+
+#ifdef DONT_ALLOW_ROOT_LOGIN
    si->locking_disabled_p = True;
+#endif
    si->dangerous_uid_p = True;
       }
   }
diff --git xscreensaver-5.12/driver/subprocs.c xscreensaver-5.12/driver/subprocs.c
--- xscreensaver-5.12/driver/subprocs.c
+++ xscreensaver-5.12/driver/subprocs.c
@@ -939,6 +939,9 @@ spawn_screenhack (saver_screen_info *ssi)
   saver_preferences *p = &si->prefs;
   char* complete_hack_command;

+  if (getuid () == 0)
+    return;  /* Dont let hacks run if logged in as root*/
+
   if (si->prefs.verbose_p)
    fprintf(stderr, "--> spawn_screenhack()\n");

diff --git xscreensaver-5.12/driver/timers.c xscreensaver-5.12/driver/timers.c
--- xscreensaver-5.12/driver/timers.c
+++ xscreensaver-5.12/driver/timers.c
@@ -282,7 +282,7 @@ cycle_timer (XtPointer closure, XtIntervalId *id)

       raise_window (si, True, True, False);

-      if (!si->throttled_p)
+      if (!si->throttled_p && getuid () != 0)
         for (i = 0; i < si->nscreens; i++)
           spawn_screenhack (&si->screens[i]);
       else
diff --git xscreensaver-5.12/driver/xscreensaver.c xscreensaver-5.12/driver/xscreensaver.c
--- xscreensaver-5.12/driver/xscreensaver.c
+++ xscreensaver-5.12/driver/xscreensaver.c
@@ -458,6 +458,7 @@ startup_ehandler (String name, String type, String class,

   describe_uids (si, stderr);

+#ifdef DONT_ALLOW_ROOT_LOGIN
   if (si->orig_uid && !strncmp (si->orig_uid, "root/", 5))
     {
       fprintf (stderr, "\n"
@@ -471,11 +472,11 @@ startup_ehandler (String name, String type, String class,
                blurb());
     }
   else
+#endif /*DONT_ALLOW_ROOT_LOGIN*/
     {
       fprintf (stderr, "\n"
           "%s: Errors at startup are usually authorization problems.\n"
-"              But you're not logging in as root (good!) so something\n"
-"              else must be wrong.  Did you read the manual and the FAQ?\n",
+"              Did you read the manual and the FAQ?\n",
            blurb());
     }

@@ -1269,7 +1270,7 @@ main_loop (saver_info *si)
         kill_screenhack (&si->screens[i]);

       raise_window (si, True, True, False);
-      if (si->throttled_p)
+      if (si->throttled_p || getuid () == 0)
         fprintf (stderr, "%s: not launching hack (throttled.)\n", blurb());
       else
         for (i = 0; i < si->nscreens; i++)