#!/bin/ksh -p
#
# ident "@(#)utxunlock.sh	1.6    09/06/22 SMI"
#
# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#

#
# This command is intended to be run by utaction on a (re)connect
# event.  It will issue an appropriate screen lock deactivation for 
# any windowing environment that does not support use of pam_sunray 
# (with the syncondisplay option) for this purpose.
#
# The screen lock is deactivated only if the key AUTH is defined in the 
# session dispinfo file ($VARDIR/dispinfo/<dpy>) and its value  is 'true'.
# This value indicates that authentication has been performed by other means 
# (typically nscloginGUI or hdloginGUI) in the current connection.
#
# Environments supported (and their unlock programs) are:
# Gnome(Linux)/"gnome-screensaver-command --deactivate"
#

#
# Solaris 10 Trusted Extension guard
#
ORIGIN=`/usr/bin/dirname $0`
UTIL_LIB=${ORIGIN:-/opt/SUNWut/lib}/../lib/support_lib/util_lib
. $UTIL_LIB
FailExecInLocalZoneOnTx 
#
# Solaris 10 Trusted Extension guard 
#

ME=utxunlock

function logIt {
    level=${1:-debug}
    print -u2 "${ME}: $2"
    logger -i -t ${ME} -p user.$level "$2" 	
}

# Check the auth property for this session
function is_authenticated_session {
    authline=`grep '^AUTH=' "$INFOFILE" 2>/dev/null`
    
    [[ "$authline" = "AUTH=true:lock" ]]	
}

# Return success iff gnome-screensaver-command --query succeeds
function is_gnome_screensaver_running {
    [[ -n "$GNOMESCREENSAVERCMD" ]] &&
    [[ -x "$GNOMESCREENSAVERCMD" ]] &&
    "$GNOMESCREENSAVERCMD" --query >/dev/null 2>&1
}

function unlock_gnome_screensaver {
    "$GNOMESCREENSAVERCMD" --deactivate
}

function poke_gnome_screensaver {
    "$GNOMESCREENSAVERCMD" --poke
}

# defaults

#
# Determine display number
# for checking session authentication status
#
DPY=${DISPLAY#*:}
DPY=${DPY%.*}

#
# Where authentication status is stored
#
VARDIR=/var/opt/SUNWut
INFODIR=$VARDIR/dispinfo
INFOFILE=$INFODIR/$DPY

#
# PATH setup to find gnome-screensaver
# on supported platforms:
# - SLES10
# - RHEL5
PATH=/usr/bin:/bin
for dir in /opt/gnome/bin ; do
    if [ -d $dir ] ; then
	PATH=${PATH}:$dir
    fi
done    
export PATH    	

# Locate the command
GNOMESCREENSAVERCMD=`command -v gnome-screensaver-command`

# Now perform the unlock or poke, if applicable
if is_gnome_screensaver_running ; then
    if is_authenticated_session ; then
	if unlock_gnome_screensaver ; then
	    logIt debug "Unlocked screen for display $DISPLAY"
	else
	    logIt err "Failed to unlock screen for display $DISPLAY"
	    exit 1
	fi
    else
	# poke the screensaver to show unlock dialog
	if poke_gnome_screensaver ; then
	    logIt debug "Poked screensaver for display $DISPLAY"
	else
	    logIt debug "Failed to poke screensaver for display $DISPLAY"
	fi
    fi
else
    logIt debug "Not unlocking session: gnome-screensaver not responding to query"
fi

exit 0
