Package: libpam-foreground Version: 0.2 Severity: important Hi,
when using libpam-foreground in common-session, pam_foreground does
create a lockfile independently from where the user comes.
This way a lockfile is also created, when the users uses ssh to login
from a network host. The number of the active virtual terminal does not
give any sensible informations under such condition as it reflects the
virtual terminal active on the "target" system and has nothing to do
with ssh.
Appended is a patch which checks the pam rhost for information about
local or remote connections. When coming from remote rhost will contain
information about the remote host and prevents the lockfile from being
created.
Greetings
Daniel
--- libpam-foreground-0.2.orig/pam_foreground.c 2006-01-24 02:00:42.000000000
+0100
+++ libpam-foreground-0.2/pam_foreground.c 2007-07-03 23:49:53.415530194
+0200
@@ -76,6 +76,7 @@
struct vt_stat vtstat;
size_t len;
int retval;
+ const char *rhost=NULL;
retval = pam_get_user(pamh, &user, NULL);
if (retval != PAM_SUCCESS) {
@@ -83,6 +84,12 @@
return retval;
}
+ retval = pam_get_item(pamh, PAM_RHOST, (const void **)&rhost);
+ if (retval != PAM_SUCCESS) {
+ D(("get remote host returned error: %s",
pam_strerror(pamh,retval)));
+ return retval;
+ }
+
if (stat (AUTH_DIR, &finfo)) {
if (errno != ENOENT) {
D(("Can't access %s - %s\n", AUTH_DIR,
@@ -139,7 +146,11 @@
sprintf(filename,"%s/%s:%d",AUTH_DIR,user,console);
- fd = open(filename,O_CREAT|O_WRONLY|O_EXCL,0644);
+ /* Only for local sessions */
+
+ if (rhost == NULL || *rhost == '\0') {
+ fd = open(filename,O_CREAT|O_WRONLY|O_EXCL,0644);
+ }
if (fd < 1) {
D(("Can't open %s - %s\n",filename,strerr(errno)));
@@ -163,6 +174,7 @@
unlink(filename);
free:
free(filename);
+ free(rhost);
close(fd);
fail:
user = NULL;
signature.asc
Description: Digital signature
