1141N/AFrom 7d69ff7b9dfcd3e4410f181225f66f51089eef67 Mon Sep 17 00:00:00 2001
1141N/AFrom: Alan Coopersmith <alan.coopersmith@oracle.com>
1141N/ADate: Fri, 27 May 2011 22:46:09 -0700
1141N/ASubject: [PATCH:xdm] On Solaris, make sure PAM_TTY is only ever set to an actual /dev path
1141N/ASolaris PAM & auditing insist this is a device file that can be found in
1141N/Athe filesystem, so we can't use the display name (":0") like we've
1141N/Abeen doing (and continue to do on other OS'es).
1141N/Axdm login fails with: pam_unix_cred: cannot load ttyname with c2audit loaded
1141N/ASigned-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
1141N/A 1 files changed, 19 insertions(+), 2 deletions(-)
1141N/Aindex 0639e76..8e32279 100644
1141N/A@@ -537,8 +537,25 @@ greet_user_rtn GreetUser(
1141N/A (*pamhp, PAM_RHOST, hostname));
1141N/A- RUN_AND_CHECK_PAM_ERROR(pam_set_item, (*pamhp, PAM_TTY, d->name));
1141N/A+ } else { /* Displaying on local host */
1141N/A+ const char *ttyname = NULL;
1141N/A+ /* Solaris PAM & auditing insist this is a device file that can
1141N/A+ be found under /dev, so we can't use the display name */
1141N/A+ if ((d->windowPath) && !(strchr(d->windowPath, ':'))) {
1141N/A+ /* if path is simply a VT, with no intermediaries, use it */
1141N/A+ snprintf(vtpath, sizeof(vtpath), "
/dev/vt/%s", d->windowPath);
1141N/A+ /* On all other OS'es we just pass the display name for PAM_TTY */
1141N/A+ RUN_AND_CHECK_PAM_ERROR(pam_set_item, (*pamhp, PAM_TTY, ttyname));
1141N/A if (!greet->allow_null_passwd) {
1141N/A pam_flags |= PAM_DISALLOW_NULL_AUTHTOK;