When pam_console_apply_devfs.so and pam_console_apply look up the console user, they do so via the name 'tty0'. If /dev/tty0 doesn't exist, eg if oldcompat names have been disabled, then a check fails and nought happens. Changing tty0 to vc/0 fixes this, and has the advantage that vc/0 should be there whether oldcompat names are used or not. Impact is low, as this problem will only come up if someone messes around with devfsd.conf (like *cough* me.) Symptoms are, for example, that permissions on sound devices aren't set correctly if the appropriate modules are loaded after login, etc. Patch below should do the trick: diff -urN Linux-PAM-0.75/modules/pam_console/pam_console_apply.c Linux-PAM-0.75.patched/modules/pam_console/pam_console_apply.c --- Linux-PAM-0.75/modules/pam_console/pam_console_apply.c 2002-12-15 02:15:14.000000000 +0100 +++ Linux-PAM-0.75.patched/modules/pam_console/pam_console_apply.c 2002-12-15 02:15:39.000000000 +0100 @@ -100,10 +100,10 @@ sense = Reset; } if((sense == Set) && (consoleuser != NULL)) { - set_permissions("tty0", consoleuser, TRUE); + set_permissions("vc/0", consoleuser, TRUE); } if(sense == Reset) { - reset_permissions("tty0", TRUE); + reset_permissions("vc/0", TRUE); } return 0; diff -urN Linux-PAM-0.75/modules/pam_console/pam_console_apply_devfsd.c Linux-PAM-0.75.patched/modules/pam_console/pam_console_apply_devfsd.c --- Linux-PAM-0.75/modules/pam_console/pam_console_apply_devfsd.c 2002-12-15 02:15:23.000000000 +0100 +++ Linux-PAM-0.75.patched/modules/pam_console/pam_console_apply_devfsd.c 2002-12-15 02:15:52.000000000 +0100 @@ -84,10 +84,10 @@ sense = Reset; } if((sense == Set) && (consoleuser != NULL)) { - set_permissions_single("tty0", consoleuser, TRUE, dname); + set_permissions_single("vc/0", consoleuser, TRUE, dname); } if(sense == Reset) { - reset_permissions_single("tty0", TRUE, dname); + reset_permissions_single("vc/0", TRUE, dname); } return 0;
az, this thing again :p looks ok to me, whaddaya think this time?
Not exactly the same. This seems good for a devfs setup, but if the user disables devfs, pam_console_apply.c at least are going to fail. Quick question ... dont pam_console_apply.c only run if we dont use devfs ? I cannot remember, as its been a while since I hacked this. It should be possible to only patch pam_console_apply_devfsd.c ... Can you verify this ?
It should be possible just to adjust pam_console_apply_devfs.c. A better solution might be to try statting tty0, then vc/0, second guessingthe 'policy' that's a little dubiously incorporated into the set_permissions() code. This wouldn't be hard to do - when I get back to the gentoo machine later I'll give it a go. The best solution would probably be to provide some way of doing set_permissions() by console _class_ (eg, 'console' or 'xconsole' in the default config) rather than via a device which we hope is associated with the class we're after. The current arrangement is a bit backwards. Again, it wouldn't be hard to code up, but it's a little intrusive, and there may be good reasons why it's currently done the way it is (though I admit I can't really see it.)
az i dunno why this was assigned to me in the first place.
Created attachment 6548 [details, diff] Use vc/0 or tty0 (as appropriate) when finding console This patch has pam_console_apply and pam_console_apply_devfsd first try vc/0, then tty0. Should work regardless of the state of devfsd, though testing by myself has been very limited!
Seems fine. Ill commit in a day or two after some testing and if nothing major comes up.
Added to pam-0.75-r11, please test.
closing, as this seems to be resolved.
