- Timestamp:
- Jun 21, 2022 1:22:01 PM (3 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/Runtime/r3/posix/process-creation-posix.cpp
r95208 r95320 371 371 if (rc == PAM_SUCCESS) 372 372 { 373 RTENV hEnv = RTENV_DEFAULT;374 375 373 /* 376 374 * Secure TTY fun ahead (for pam_securetty). 377 375 * 378 * We also need to set PAM_TTY (if available) to make PAM stacks work which 379 * require a secure TTY via pam_securetty (Debian 10 + 11, for example). See @bugref{10225}. 376 * We need to set PAM_TTY (if available) to make PAM stacks work which 377 * require a secure TTY via pam_securetty (Debian 10 + 11, for example). This 378 * is typically an issue when launching as 'root'. See @bugref{10225}. 380 379 * 381 * Note! We only can try (or better: guess) to a certain amount, as it really depends on the 382 * distribution or Administrator which has set up the system which (and how) things are allowed 383 * (see /etc/securetty). 380 * Note! We only can try (or better: guess) to a certain amount, as it really 381 * depends on the distribution or Administrator which has set up the 382 * system which (and how) things are allowed (see /etc/securetty). 383 * 384 * Note! We don't acctually try or guess anything about the distro like 385 * suggested by the above note, we just try determine the TTY of 386 * the _parent_ process and hope for the best. (bird) 384 387 */ 385 char szTTY[64] = { 0 };386 int rc2 = RTEnvGetEx( hEnv, "DISPLAY", szTTY, sizeof(szTTY), NULL);388 char szTTY[64]; 389 int rc2 = RTEnvGetEx(RTENV_DEFAULT, "DISPLAY", szTTY, sizeof(szTTY), NULL); 387 390 if (RT_FAILURE(rc2)) 388 391 { 389 char szTTYNr[4]; 390 rc2 = RTEnvGetEx(hEnv, "XDG_VTNR", szTTYNr, sizeof(szTTYNr), NULL); /* Virtual terminal hint given? */ 391 if (RT_SUCCESS(rc2)) 392 { 393 if (RTStrPrintf2(szTTY, sizeof(szTTY), "tty%s", szTTYNr) <= 0) 394 rc2 = VERR_BUFFER_OVERFLOW; 395 } 392 /* Virtual terminal hint given? */ 393 static char const s_szPrefix[] = "tty"; 394 memcpy(szTTY, s_szPrefix, sizeof(s_szPrefix)); 395 rc2 = RTEnvGetEx(RTENV_DEFAULT, "XDG_VTNR", &szTTY[sizeof(s_szPrefix) - 1], sizeof(s_szPrefix) - 1, NULL); 396 396 } 397 397 … … 401 401 #ifdef IPRT_WITH_PAM_TTY_KLUDGE 402 402 if (RT_FAILURE(rc2)) 403 {404 403 if (!RTStrICmp(pszPamService, "access")) /* Access management needed? */ 405 404 { … … 408 407 rc2 = VINF_SUCCESS; 409 408 } 410 }411 409 #endif 412 410 /* As a last resort, try stdin's TTY name instead (if any). */ 413 411 if (RT_FAILURE(rc2)) 414 412 { 415 if (RTStrPrintf2(szTTY, sizeof(szTTY), "%s", ttyname(STDIN_FILENO)) > 0) 416 rc2 = VINF_SUCCESS; 417 else 418 rc2 = VERR_BUFFER_OVERFLOW; 419 } 420 421 LogRel2(("rtProcPosixAuthenticateUsingPam(%s): pam_setitem/PAM_TTY: %s, rc=%Rrc\n", pszPamService, szTTY, rc2)); 422 if (!strlen(szTTY)) 413 rc2 = ttyname_r(0 /*stdin*/, szTTY, sizeof(szTTY)); 414 if (rc2 != 0) 415 rc2 = RTErrConvertFromErrno(rc2); 416 } 417 418 LogRel2(("rtProcPosixAuthenticateUsingPam(%s): pam_setitem/PAM_TTY: %s, rc2=%Rrc\n", pszPamService, szTTY, rc2)); 419 if (szTTY[0] == '\0') 423 420 LogRel2(("rtProcPosixAuthenticateUsingPam(%s): Hint: Looks like running as a non-interactive user (no TTY/PTY).\n" 424 "Authentication requiring a secure terminal might fail.\n", 425 pszPamService)); 421 "Authentication requiring a secure terminal might fail.\n", pszPamService)); 426 422 427 423 if ( RT_SUCCESS(rc2) 428 && strlen(szTTY)) /* Only try using PAM_TTY if we have something to set. */ 429 { 424 && szTTY[0] != '\0') /* Only try using PAM_TTY if we have something to set. */ 430 425 rc = pam_set_item(hPam, PAM_TTY, szTTY); 431 }432 426 433 427 if (rc == PAM_SUCCESS)
Note:
See TracChangeset
for help on using the changeset viewer.
