Changeset 94984 in vbox
- Timestamp:
- May 11, 2022 10:43:09 AM (3 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/Runtime/r3/posix/process-creation-posix.cpp
r94406 r94984 366 366 if (rc == PAM_SUCCESS) 367 367 { 368 if (pfMayFallBack) 369 *pfMayFallBack = false; 370 rc = pam_authenticate(hPam, 0); 368 /* We also need to set PAM_TTY (if available) to make PAM stacks work which 369 * require a secure TTY via pam_securetty (Debian 10 + 11, for example). See @bugref{10225}. */ 370 char const *pszTTY = RTEnvGet("DISPLAY"); 371 if (!pszTTY) /* No display set or available? Try the TTY's name instead. */ 372 pszTTY = ttyname(0); 373 if (pszTTY) /* Only try using PAM_TTY if we have something to set. */ 374 rc = pam_set_item(hPam, PAM_TTY, pszTTY); 371 375 if (rc == PAM_SUCCESS) 372 376 { 373 rc = pam_acct_mgmt(hPam, 0); 374 if ( rc == PAM_SUCCESS 375 || rc == PAM_AUTHINFO_UNAVAIL /*??*/) 377 /* From this point on we don't allow falling back to other auth methods. */ 378 if (pfMayFallBack) 379 *pfMayFallBack = false; 380 381 rc = pam_authenticate(hPam, 0); 382 if (rc == PAM_SUCCESS) 376 383 { 377 if ( ppapszEnv378 && s_pfnPamGetEnvList379 && s_pfnPamSetCred)384 rc = pam_acct_mgmt(hPam, 0); 385 if ( rc == PAM_SUCCESS 386 || rc == PAM_AUTHINFO_UNAVAIL /*??*/) 380 387 { 381 /* pam_env.so creates the environment when pam_setcred is called,. */ 382 int rcSetCred = pam_setcred(hPam, PAM_ESTABLISH_CRED | PAM_SILENT); 383 /** @todo check pam_setcred status code? */ 384 385 /* Unless it does it during session opening (Ubuntu 21.10). This 386 unfortunately means we might mount user dir and other crap: */ 387 /** @todo do session handling properly */ 388 int rcOpenSession = PAM_ABORT; 389 if ( s_pfnPamOpenSession 390 && s_pfnPamCloseSession) 391 rcOpenSession = pam_open_session(hPam, PAM_SILENT); 392 393 *ppapszEnv = pam_getenvlist(hPam); 394 LogFlowFunc(("pam_getenvlist -> %p ([0]=%p); rcSetCred=%d rcOpenSession=%d\n", 395 *ppapszEnv, *ppapszEnv ? **ppapszEnv : NULL, rcSetCred, rcOpenSession)); RT_NOREF(rcSetCred); 396 397 if (rcOpenSession == PAM_SUCCESS) 398 pam_close_session(hPam, PAM_SILENT); 399 pam_setcred(hPam, PAM_DELETE_CRED); 388 if ( ppapszEnv 389 && s_pfnPamGetEnvList 390 && s_pfnPamSetCred) 391 { 392 /* pam_env.so creates the environment when pam_setcred is called,. */ 393 int rcSetCred = pam_setcred(hPam, PAM_ESTABLISH_CRED | PAM_SILENT); 394 /** @todo check pam_setcred status code? */ 395 396 /* Unless it does it during session opening (Ubuntu 21.10). This 397 unfortunately means we might mount user dir and other crap: */ 398 /** @todo do session handling properly */ 399 int rcOpenSession = PAM_ABORT; 400 if ( s_pfnPamOpenSession 401 && s_pfnPamCloseSession) 402 rcOpenSession = pam_open_session(hPam, PAM_SILENT); 403 404 *ppapszEnv = pam_getenvlist(hPam); 405 LogFlowFunc(("pam_getenvlist -> %p ([0]=%p); rcSetCred=%d rcOpenSession=%d\n", 406 *ppapszEnv, *ppapszEnv ? **ppapszEnv : NULL, rcSetCred, rcOpenSession)); RT_NOREF(rcSetCred); 407 408 if (rcOpenSession == PAM_SUCCESS) 409 pam_close_session(hPam, PAM_SILENT); 410 pam_setcred(hPam, PAM_DELETE_CRED); 411 } 412 413 pam_end(hPam, PAM_SUCCESS); 414 LogFlowFunc(("pam auth (for %s) successful\n", pszPamService)); 415 return VINF_SUCCESS; 400 416 } 401 402 pam_end(hPam, PAM_SUCCESS); 403 LogFlowFunc(("pam auth (for %s) successful\n", pszPamService)); 404 return VINF_SUCCESS; 417 LogFunc(("pam_acct_mgmt -> %d\n", rc)); 405 418 } 406 LogFunc(("pam_acct_mgmt -> %d\n", rc)); 419 else 420 LogFunc(("pam_authenticate -> %d\n", rc)); 407 421 } 408 422 else 409 LogFunc(("pam_ authenticate-> %d\n", rc));423 LogFunc(("pam_setitem/PAM_TTY -> %d\n", rc)); 410 424 } 411 425 else
Note:
See TracChangeset
for help on using the changeset viewer.
