Date: Sun, 05 Jan 2014 16:04:03 -0500 From: Nathan Whitehorn <nwhitehorn@freebsd.org> To: Jilles Tjoelker <jilles@stack.nl> Cc: "Teske, Devin" <Devin.Teske@fisglobal.com>, Current Current <freebsd-current@freebsd.org>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>, Devin Teske <dteske@freebsd.org>, Peter Grehan <grehan@freebsd.org>, Michael Dexter <editor@callfortesting.org> Subject: Re: [CFT] bsdinstall and zfsboot enhancements Message-ID: <52C9C8C3.7050108@freebsd.org> In-Reply-To: <20131201123442.GA6818@stack.nl> References: <5275C597.6070702@freebsd.org> <97944047-D575-4E2E-B687-9871DFE058E3@fisglobal.com> <ABD90FE2-1540-410A-959E-D91D0BE811E3@freebsd.org> <52769CFE.5080707@freebsd.org> <5281340E.8080009@callfortesting.org> <F3512B82-7B2E-40D9-A513-C4C2430F9255@fisglobal.com> <52813E53.20403@freebsd.org> <5281441E.7060806@freebsd.org> <D81082F2-8273-449F-A2EB-DAA12779CAE7@fisglobal.com> <529A6862.7060308@freebsd.org> <20131201123442.GA6818@stack.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --Boundary_(ID_O69mP3h7Oe9DLHDkdwR32w) Content-type: text/plain; CHARSET=US-ASCII Content-transfer-encoding: 7BIT On 12/01/13 07:34, Jilles Tjoelker wrote: > On Sat, Nov 30, 2013 at 04:36:18PM -0600, Nathan Whitehorn wrote: >> This took much longer than I'd anticipated, but the patch to init is >> attached. I chose not to make the changes to init rather than >> getttyent() and friends in libc, which I am open to revisiting. > lib/libpam/modules/pam_securetty/pam_securetty.c calls getttynam(3) and > will not allow root login on a "fake" TTY that getttynam() does not > know. This module is enabled by default for the "login" service. > > So it is probably better to patch libc rather than init. OK, here's a revised patch. This one is shorter and works by introducing an "auto" flag (ideas for names appreciated) that means "on" if the line is an active console and "off" otherwise. Note that the behavior is now: - ttys marked "off" stay off - ttys marked "on" stay on - ttys marked "auto" are enabled iff they are console devices - ttys not present in /etc/ttys stay off This behavior change is much easier to implement when doing it in libc for various structural reasons and allows the terminal type, etc. to be specified in the usual way. >> The behavior changes are as follows: >> If the "console" device in /etc/ttys in marked "on", instead of opening >> /dev/console, init will loop through the active kernel console devices, >> and for each will: >> 1. If the kernel console device is in /etc/ttys and marked "on", it >> already has a terminal and will be ignored. >> 2. If marked "off", that is an explicit statement that a console is not >> wanted and so it will be ignored. >> 3. If not present in /etc/ttys, init will run getty with whatever >> parameters "console" has. > This seems to make sense. > >> (3) is the main behavioral change. No changes in behavior will occur if >> /etc/ttys is not modified. If we turn on "console" by default, it will >> usually have no effect instead of trying to run multiple gettys, which >> is new. If we then also comment out the ttyu0 line, instead of marking >> it "off", the result will be the conditional presence of a login prompt >> on the first serial port depending on whether it is an active console >> device for the kernel. I believe this is the behavior we are going for. > The terminal type for the console entry should probably be changed to > something other than "unknown" to reduce annoyance. > >> Comments and test results would be appreciated. > As a preparatory patch, you could remove se_index and session_index from > init. They are only used to warn about a changed slot number in utmp(5) > which is irrelevant with utmpx. This noise warning would also appear > in most cases when changing from a "fake" console entry to a real line > in /etc/ttys. Also, if you do decide to fake ttys entries in init rather > than libc, the patch to init will be simpler. > With the new patch, this is indeed the case: no changes to init are necessary at all. This does not change any behavior unless explicitly requested in /etc/ttys, so unless there are any objections in the next couple days, I will commit it. -Nathan --Boundary_(ID_O69mP3h7Oe9DLHDkdwR32w) Content-type: text/plain; CHARSET=US-ASCII; name=init-tty.diff Content-transfer-encoding: 7BIT Content-disposition: attachment; filename=init-tty.diff Index: include/ttyent.h =================================================================== --- include/ttyent.h (revision 260331) +++ include/ttyent.h (working copy) @@ -37,6 +37,7 @@ #define _TTYS_OFF "off" #define _TTYS_ON "on" +#define _TTYS_AUTO "auto" #define _TTYS_SECURE "secure" #define _TTYS_INSECURE "insecure" #define _TTYS_WINDOW "window" Index: lib/libc/gen/getttyent.c =================================================================== --- lib/libc/gen/getttyent.c (revision 260331) +++ lib/libc/gen/getttyent.c (working copy) @@ -39,6 +39,9 @@ #include <ctype.h> #include <string.h> +#include <sys/types.h> +#include <sys/sysctl.h> + static char zapchar; static FILE *tf; static size_t lbsize; @@ -64,6 +67,32 @@ return (t); } +static int +auto_tty_status(const char *ty_name) +{ + size_t len; + char *buf, *cons, *nextcons; + + /* Check if this is an enabled kernel console line */ + buf = NULL; + if (sysctlbyname("kern.console", NULL, &len, NULL, 0) == -1) + return (0); /* Errors mean don't enable */ + buf = malloc(len); + if (sysctlbyname("kern.console", buf, &len, NULL, 0) == -1) + return (0); + + if ((cons = strchr(buf, '/')) == NULL) + return (0); + *cons = '\0'; + nextcons = buf; + while ((cons = strsep(&nextcons, ",")) != NULL && strlen(cons) != 0) { + if (strcmp(cons, ty_name) == 0) + return (TTY_ON); + } + + return (0); +} + struct ttyent * getttyent(void) { @@ -126,6 +155,8 @@ tty.ty_status &= ~TTY_ON; else if (scmp(_TTYS_ON)) tty.ty_status |= TTY_ON; + else if (scmp(_TTYS_AUTO)) + tty.ty_status |= auto_tty_status(tty.ty_name); else if (scmp(_TTYS_SECURE)) tty.ty_status |= TTY_SECURE; else if (scmp(_TTYS_INSECURE)) Index: libexec/getty/ttys.5 =================================================================== --- libexec/getty/ttys.5 (revision 260331) +++ libexec/getty/ttys.5 (working copy) @@ -102,8 +102,11 @@ .Pp As flag values, the strings ``on'' and ``off'' specify that .Xr init 8 -should (should not) execute the command given in the second field, -while ``secure'' (if ``on'' is also specified) allows users with a +should (should not) execute the command given in the second field. +``auto'' will cause this line to be enabled if and only if it is +an active kernel console device (it is equivalent to ``on'' in this +case). +The flag ``secure'' (if ``on'' is also specified) allows users with a uid of 0 to login on this line. The flag ``dialin'' indicates that a tty entry describes a dialin --Boundary_(ID_O69mP3h7Oe9DLHDkdwR32w)--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52C9C8C3.7050108>