19033N/A/*
19033N/A * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
19033N/A *
19033N/A * Permission is hereby granted, free of charge, to any person obtaining a
19033N/A * copy of this software and associated documentation files (the "Software"),
19033N/A * to deal in the Software without restriction, including without limitation
19033N/A * the rights to use, copy, modify, merge, publish, distribute, sublicense,
19033N/A * and/or sell copies of the Software, and to permit persons to whom the
19033N/A * Software is furnished to do so, subject to the following conditions:
19033N/A *
19033N/A * The above copyright notice and this permission notice (including the next
19033N/A * paragraph) shall be included in all copies or substantial portions of the
19033N/A * Software.
19033N/A *
19033N/A * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19033N/A * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19033N/A * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19033N/A * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19033N/A * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
19033N/A * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
19033N/A * DEALINGS IN THE SOFTWARE.
19033N/A */
19033N/A
19033N/AFixes for bugs:
19033N/A5015296, P1, gnome/screensaver - xscreensaver doesn't audit
19033N/A6417168, P3, gnome/screensaver - xscreensaver loops while trying to unlock a session for a user whose password was expired
19844N/A
19844N/AAlso ensures that Xscreensaver on Solaris only uses PAM, and never attempts
19844N/Ato fallback to direct use of getpwent(), which isn't audited
19033N/A---
19844N/A driver/Makefile.in | 6 +-
19033N/A driver/passwd-pam.c | 158 ++++++++++++++++++++++++++++++++++++++++++++++++++-
19844N/A driver/passwd.c | 4 +
19844N/A 3 files changed, 163 insertions(+), 5 deletions(-)
19033N/A
19033N/Adiff --git xscreensaver-5.12/driver/Makefile.in xscreensaver-5.12/driver/Makefile.in
19033N/A--- xscreensaver-5.12/driver/Makefile.in
19033N/A+++ xscreensaver-5.12/driver/Makefile.in
19844N/A@@ -109,8 +109,8 @@ TRUSTED_LIBS = -lglib-2.0 -lsecdb
19844N/A TRUSTED_SRCS = trusted-utils.c
19844N/A TRUSTED_OBJS = trusted-utils.o
19844N/A
19844N/A-PWENT_SRCS = passwd-pwent.c
19844N/A-PWENT_OBJS = passwd-pwent.o
19844N/A+PWENT_SRCS = # passwd-pwent.c - Not used in Solaris builds
19844N/A+PWENT_OBJS = # passwd-pwent.o - Not used in Solaris builds
19844N/A
19844N/A KERBEROS_SRCS = passwd-kerberos.c
19844N/A KERBEROS_OBJS = passwd-kerberos.o
19033N/A@@ -218,7 +218,7 @@ PDF2JPEG_LIBS = -framework Cocoa
19033N/A SAVER_LIBS = $(LIBS) $(X_LIBS) $(XMU_LIBS) @SAVER_LIBS@ \
19033N/A $(XDPMS_LIBS) $(XINERAMA_LIBS) $(GL_LIBS) $(X_PRE_LIBS) \
19033N/A -lXt -lX11 -lXext $(X_EXTRA_LIBS) \
19033N/A- $(PASSWD_LIBS)
19033N/A+ -lbsm $(PASSWD_LIBS)
19033N/A
19033N/A CMD_LIBS = $(LIBS) $(X_LIBS) \
19033N/A $(X_PRE_LIBS) -lX11 -lXext $(X_EXTRA_LIBS)
19033N/Adiff --git xscreensaver-5.12/driver/passwd-pam.c xscreensaver-5.12/driver/passwd-pam.c
19033N/A--- xscreensaver-5.12/driver/passwd-pam.c
19033N/A+++ xscreensaver-5.12/driver/passwd-pam.c
19033N/A@@ -47,6 +47,8 @@
19033N/A
19033N/A #ifdef __sun
19033N/A # include <deflt.h>
19033N/A+# include <bsm/adt.h>
19033N/A+# include <bsm/adt_event.h>
19033N/A #endif
19033N/A
19033N/A extern char *blurb(void);
19033N/A@@ -81,6 +83,9 @@ extern void unblock_sigchld (void);
19033N/A #undef countof
19033N/A #define countof(x) (sizeof((x))/sizeof(*(x)))
19033N/A
19033N/A+static struct pam_response *reply = 0; /*making it global so we can free it */
19033N/A+static int replies = 0;
19033N/A+
19033N/A /* Some time between Red Hat 4.2 and 7.0, the words were transposed
19033N/A in the various PAM_x_CRED macro names. Yay!
19033N/A */
19033N/A@@ -178,6 +183,124 @@ Bool pam_priv_init (int argc, char **argv, Bool verbose_p);
19033N/A */
19033N/A static void *suns_pam_implementation_blows = 0;
19033N/A
19033N/A+#ifdef __sun
19033N/A+#include <syslog.h>
19033N/A+#include <bsm/adt.h>
19033N/A+#include <bsm/adt_event.h>
19033N/A+
19033N/A+static Bool audit_flag_global = True;
19033N/A+
19033N/A+/*
19033N/A+ * audit_lock - audit entry to screenlock
19033N/A+ *
19033N/A+ * Entry Process running with appropriate privilege to generate
19033N/A+ * audit records and real uid of the user.
19033N/A+ *
19033N/A+ * Exit ADT_screenlock audit record written.
19033N/A+ */
19033N/A+void
19033N/A+audit_lock(void)
19033N/A+{
19033N/A+ adt_session_data_t *ah; /* audit session handle */
19033N/A+ adt_event_data_t *event; /* audit event handle */
19033N/A+
19033N/A+ /* Audit start of screen lock -- equivalent to logout ;-) */
19033N/A+ if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0)
19033N/A+ {
19033N/A+ syslog(LOG_AUTH | LOG_ALERT, "adt_start_session: %m");
19033N/A+ return;
19033N/A+ }
19033N/A+ if ((event = adt_alloc_event(ah, ADT_screenlock)) == NULL)
19033N/A+ {
19033N/A+ syslog(LOG_AUTH | LOG_ALERT, "adt_alloc_event(ADT_screenlock): %m");
19033N/A+ } else {
19033N/A+ if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0)
19033N/A+ {
19033N/A+ syslog(LOG_AUTH | LOG_ALERT, "adt_put_event(ADT_screenlock): %m");
19033N/A+ }
19033N/A+ adt_free_event(event);
19033N/A+ }
19033N/A+ (void) adt_end_session(ah);
19033N/A+}
19033N/A+
19033N/A+/*
19033N/A+ * audit_unlock - audit screen unlock
19033N/A+ *
19033N/A+ * Entry Process running with appropriate privilege to generate
19033N/A+ * audit records and real uid of the user.
19033N/A+ * pam_status = PAM error code; reason for failure.
19033N/A+ *
19033N/A+ * Exit ADT_screenunlock audit record written.
19033N/A+ */
19033N/A+static void
19033N/A+audit_unlock(int pam_status)
19033N/A+{
19033N/A+ adt_session_data_t *ah; /* audit session handle */
19033N/A+ adt_event_data_t *event; /* audit event handle */
19033N/A+
19033N/A+ if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0)
19033N/A+ {
19033N/A+ syslog(LOG_AUTH | LOG_ALERT,
19033N/A+ "adt_start_session(ADT_screenunlock): %m");
19033N/A+ return;
19033N/A+ }
19033N/A+ if ((event = adt_alloc_event(ah, ADT_screenunlock)) == NULL)
19033N/A+ {
19033N/A+ syslog(LOG_AUTH | LOG_ALERT,
19033N/A+ "adt_alloc_event(ADT_screenunlock): %m");
19033N/A+ } else {
19033N/A+ if (adt_put_event(event,
19033N/A+ pam_status == PAM_SUCCESS ? ADT_SUCCESS : ADT_FAILURE,
19033N/A+ pam_status == PAM_SUCCESS ? ADT_SUCCESS
19033N/A+ : ADT_FAIL_PAM + pam_status)
19033N/A+ != 0)
19033N/A+ {
19033N/A+ syslog(LOG_AUTH | LOG_ALERT,
19033N/A+ "adt_put_event(ADT_screenunlock(%s): %m",
19033N/A+ pam_strerror(NULL, pam_status));
19033N/A+ }
19033N/A+ adt_free_event(event);
19033N/A+ }
19033N/A+ (void) adt_end_session(ah);
19033N/A+}
19033N/A+
19033N/A+/*
19033N/A+ * audit_passwd - audit password change
19033N/A+ * Entry Process running with appropriate privilege to generate
19033N/A+ * audit records and real uid of the user.
19033N/A+ * pam_status = PAM error code; reason for failure.
19033N/A+ *
19033N/A+ * Exit ADT_passwd audit record written.
19033N/A+ */
19033N/A+static void
19033N/A+audit_passwd(int pam_status)
19033N/A+{
19033N/A+ adt_session_data_t *ah; /* audit session handle */
19033N/A+ adt_event_data_t *event; /* audit event handle */
19033N/A+
19033N/A+ if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0)
19033N/A+ {
19033N/A+ syslog(LOG_AUTH | LOG_ALERT, "adt_start_session(ADT_passwd): %m");
19033N/A+ return;
19033N/A+ }
19033N/A+ if ((event = adt_alloc_event(ah, ADT_passwd)) == NULL)
19033N/A+ {
19033N/A+ syslog(LOG_AUTH | LOG_ALERT, "adt_alloc_event(ADT_passwd): %m");
19033N/A+ } else {
19033N/A+ if (adt_put_event(event,
19033N/A+ pam_status == PAM_SUCCESS ? ADT_SUCCESS : ADT_FAILURE,
19033N/A+ pam_status == PAM_SUCCESS ? ADT_SUCCESS
19033N/A+ : ADT_FAIL_PAM + pam_status)
19033N/A+ != 0)
19033N/A+ {
19033N/A+ syslog(LOG_AUTH | LOG_ALERT, "adt_put_event(ADT_passwd(%s): %m",
19033N/A+ pam_strerror(NULL, pam_status));
19033N/A+ }
19033N/A+ adt_free_event(event);
19033N/A+ }
19033N/A+ (void) adt_end_session(ah);
19033N/A+}
19033N/A+#endif /* sun */
19033N/A
19033N/A /**
19033N/A * This function is the PAM conversation driver. It conducts a full
19033N/A@@ -231,6 +354,12 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
19033N/A fprintf (stderr, "%s: pam_start (\"%s\", \"%s\", ...) ==> %d (%s)\n",
19033N/A blurb(), service, si->user,
19033N/A status, PAM_STRERROR (pamh, status));
19033N/A+
19033N/A+#ifdef __sun
19033N/A+ if (audit_flag_global) /* We want one audit lock log per lock */
19033N/A+ audit_lock ();
19033N/A+#endif /**sun*/
19033N/A+
19033N/A if (status != PAM_SUCCESS) goto DONE;
19033N/A
19033N/A #ifdef __sun
19033N/A@@ -307,6 +436,14 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
19033N/A # endif /* HAVE_SIGTIMEDWAIT */
19033N/A unblock_sigchld();
19033N/A
19033N/A+#ifdef __sun
19033N/A+ audit_unlock(pam_auth_status);
19033N/A+ if (pam_auth_status == PAM_SUCCESS)
19033N/A+ audit_flag_global = True;
19033N/A+ else
19033N/A+ audit_flag_global = False;
19033N/A+#endif /*sun*/
19033N/A+
19033N/A #ifdef HAVE_XSCREENSAVER_LOCK
19033N/A /* Send status message to unlock dialog */
19033N/A if (pam_auth_status == PAM_SUCCESS)
19033N/A@@ -354,7 +491,14 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
19098N/A write_to_child (si, "ul_acct_ok", PAM_STRERROR(pamh, acct_rc));
19098N/A }
19033N/A else
19033N/A- write_to_child (si, "ul_acct_fail", PAM_STRERROR(pamh, acct_rc));
19033N/A+ {
19033N/A+#ifdef __sun
19033N/A+ /* Only in failure of pam_acct_mgmt case we call audit */
19033N/A+ audit_unlock (acct_rc);
19033N/A+#endif /*sun*/
19033N/A+
19033N/A+ write_to_child (si, "ul_acct_fail", PAM_STRERROR(pamh, acct_rc));
19033N/A+ }
19033N/A if (verbose_p)
19033N/A sleep (1);
19033N/A #endif
19033N/A@@ -383,6 +527,10 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
19033N/A fprintf (stderr, "%s: pam_chauthtok (...) ==> %d (%s)\n",
19033N/A blurb(), chauth_rc, PAM_STRERROR(pamh, chauth_rc));
19033N/A
19033N/A+#ifdef __sun
19033N/A+ audit_passwd (chauth_rc);
19033N/A+#endif /* sun */
19033N/A+
19033N/A if (chauth_rc != PAM_SUCCESS)
19033N/A {
19033N/A pam_auth_status = chauth_rc;
19098N/A@@ -419,7 +567,13 @@ pam_try_unlock(saver_info *si, Bool verbose_p,
19098N/A write_to_child (si, "ul_setcred_ok", PAM_STRERROR(pamh, setcred_rc));
19098N/A }
19033N/A else
19033N/A- write_to_child (si, "ul_setcred_fail", PAM_STRERROR(pamh, setcred_rc));
19033N/A+ {
19033N/A+#ifdef __sun
19033N/A+ /* Only in failure of pam_setcred() case we call audit. */
19033N/A+ audit_unlock (setcred_rc);
19033N/A+#endif /*sun*/
19033N/A+ write_to_child (si, "ul_setcred_fail", PAM_STRERROR(pamh, setcred_rc));
19033N/A+ }
19033N/A if (verbose_p)
19033N/A sleep (1);
19033N/A #endif
19844N/Adiff --git xscreensaver-5.12/driver/passwd.c xscreensaver-5.12/driver/passwd.c
19844N/A--- xscreensaver-5.12/driver/passwd.c
19844N/A+++ xscreensaver-5.12/driver/passwd.c
19844N/A@@ -79,9 +79,11 @@ extern void pam_try_unlock (saver_info *si, Bool verbose_p,
19844N/A extern Bool ext_priv_init (int argc, char **argv, Bool verbose_p);
19844N/A extern Bool ext_passwd_valid_p (const char *typed_passwd, Bool verbose_p);
19844N/A #endif
19844N/A+#ifndef __sun /* Only use PAM on Solaris, not direct getpwent */
19844N/A extern Bool pwent_lock_init (int argc, char **argv, Bool verbose_p);
19844N/A extern Bool pwent_priv_init (int argc, char **argv, Bool verbose_p);
19844N/A extern Bool pwent_passwd_valid_p (const char *typed_passwd, Bool verbose_p);
19844N/A+#endif
19844N/A
19844N/A Bool lock_priv_init (int argc, char **argv, Bool verbose_p);
19844N/A Bool lock_init (int argc, char **argv, Bool verbose_p);
19844N/A@@ -105,8 +107,10 @@ struct auth_methods methods[] = {
19844N/A { "external", 0, ext_priv_init, ext_passwd_valid_p, 0,
19844N/A False, False },
19844N/A # endif
19844N/A+# ifndef __sun /* Only use PAM on Solaris, not direct getpwent */
19844N/A { "normal", pwent_lock_init, pwent_priv_init, pwent_passwd_valid_p, 0,
19844N/A False, False }
19844N/A+# endif
19844N/A };
19844N/A
19844N/A
19033N/A