[PATCH:xdm] On Solaris, make sure PAM_TTY is only ever set to an actual /dev path

Alan Coopersmith alan.coopersmith at oracle.com
Fri May 27 22:56:00 PDT 2011


Solaris PAM & auditing insist this is a device file that can be found in
the filesystem, so we can't use the display name (":0") like we've
been doing (and continue to do on other OS'es).

Fixes Solaris bug 6960231:
xdm login fails with: pam_unix_cred: cannot load ttyname with c2audit loaded

Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
 greeter/greet.c |   21 +++++++++++++++++++--
 1 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/greeter/greet.c b/greeter/greet.c
index 0639e76..8e32279 100644
--- a/greeter/greet.c
+++ b/greeter/greet.c
@@ -537,8 +537,25 @@ greet_user_rtn GreetUser(
 					(*pamhp, PAM_RHOST, hostname));
 		free(hostname);
 	    }
-	} else
-	    RUN_AND_CHECK_PAM_ERROR(pam_set_item, (*pamhp, PAM_TTY, d->name));
+	} else {			/* Displaying on local host */
+	    const char *ttyname = NULL;
+
+#ifdef __sun
+	    /* Solaris PAM & auditing insist this is a device file that can
+	       be found under /dev, so we can't use the display name */
+	    char vtpath[16];
+
+	    if ((d->windowPath) && !(strchr(d->windowPath, ':'))) {
+		/* if path is simply a VT, with no intermediaries, use it */
+		snprintf(vtpath, sizeof(vtpath), "/dev/vt/%s", d->windowPath);
+		ttyname = vtpath;
+	    }
+#else
+	    /* On all other OS'es we just pass the display name for PAM_TTY */
+	    ttyname = d->name;
+#endif
+	    RUN_AND_CHECK_PAM_ERROR(pam_set_item, (*pamhp, PAM_TTY, ttyname));
+	}
 
 	if (!greet->allow_null_passwd) {
 	    pam_flags |= PAM_DISALLOW_NULL_AUTHTOK;
-- 
1.7.3.2



More information about the xorg-devel mailing list