VirtualBox

Ignore:
Timestamp:
May 13, 2022 2:03:41 PM (3 years ago)
Author:
vboxsync
svn:sync-xref-src-repo-rev:
151435
Message:

IPRT/Process creation: More code for PAM_TTY authentication, along with some optional release logging. bugref:10225

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Runtime/r3/posix/process-creation-posix.cpp

    r94984 r95006  
    364364    {
    365365        rc = pam_set_item(hPam, PAM_RUSER, pszUser);
     366        LogRel2(("rtProcPosixAuthenticateUsingPam(%s): pam_setitem/PAM_RUSER: %s\n", pszPamService, pszUser));
    366367        if (rc == PAM_SUCCESS)
    367368        {
    368             /* We also need to set PAM_TTY (if available) to make PAM stacks work which
    369              * require a secure TTY via pam_securetty (Debian 10 + 11, for example). See @bugref{10225}. */
    370             char const *pszTTY = RTEnvGet("DISPLAY");
    371             if (!pszTTY) /* No display set or available? Try the TTY's name instead. */
    372                 pszTTY = ttyname(0);
    373             if (pszTTY) /* Only try using PAM_TTY if we have something to set. */
    374                 rc = pam_set_item(hPam, PAM_TTY, pszTTY);
     369            RTENV hEnv = RTENV_DEFAULT;
     370
     371            /*
     372             * Secure TTY fun ahead (for pam_securetty).
     373             *
     374             * We also need to set PAM_TTY (if available) to make PAM stacks work which
     375             * require a secure TTY via pam_securetty (Debian 10 + 11, for example). See @bugref{10225}.
     376             *
     377             * Note! We only can try (or better: guess) to a certain amount, as it really depends on the
     378             *       distribution or Administrator which has set up the system which (and how) things are allowed
     379             *       (see /etc/securetty).
     380             */
     381            char szTTY[64] = { 0 };
     382            int rc2 = RTEnvGetEx(hEnv, "DISPLAY", szTTY, sizeof(szTTY), NULL);
     383            if (RT_FAILURE(rc2))
     384            {
     385                char szTTYNr[4];
     386                rc2 = RTEnvGetEx(hEnv, "XDG_VTNR", szTTYNr, sizeof(szTTYNr), NULL); /* Virtual terminal hint given? */
     387                if (RT_SUCCESS(rc2))
     388                {
     389                    if (RTStrPrintf2(szTTY, sizeof(szTTY), "tty%s", szTTYNr) <= 0)
     390                        rc2 = VERR_BUFFER_OVERFLOW;
     391                }
     392            }
     393
     394            /* As a last resort, try the TTY's name instead. */
     395            if (RT_FAILURE(rc2))
     396            {
     397                if (RTStrPrintf2(szTTY, sizeof(szTTY), "%s", ttyname(0)) <= 0)
     398                    rc2 = VERR_BUFFER_OVERFLOW;
     399            }
     400
     401            LogRel2(("rtProcPosixAuthenticateUsingPam(%s): pam_setitem/PAM_TTY: %s\n", pszPamService, szTTY));
     402
     403            if (   RT_SUCCESS(rc2)
     404                && strlen(szTTY)) /* Only try using PAM_TTY if we have something to set. */
     405            {
     406                rc = pam_set_item(hPam, PAM_TTY, szTTY);
     407            }
     408
    375409            if (rc == PAM_SUCCESS)
    376410            {
     
    429463    else
    430464        LogFunc(("pam_start(%s) -> %d\n", pszPamService, rc));
     465
     466    LogRel2(("rtProcPosixAuthenticateUsingPam(%s): Failed authenticating user '%s' with %d\n", pszPamService, pszUser, rc));
    431467    return VERR_AUTHENTICATION_FAILURE;
    432468}
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette