Date: Thu, 1 Oct 2015 11:58:53 -0700 From: Bryan Drewery <bdrewery@FreeBSD.org> To: freebsd-arch@FreeBSD.org Subject: login -f changing session getlogin(2) Message-ID: <560D826D.7000302@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--NmnlDEdgGU4JG0JOmDpl1tPPuDsQNbsP9
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
This issue has bothered me forever.
As root running 'login -f someuser' and then exit, logname(1) and
getlogin(2) will forever return that user's name, rather than root.
The issue is that login(1) uses setlogin(2) without ever restoring the
login from the parent when it exits.
This is easily fixed by something like:
Index: usr.bin/login/login.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- usr.bin/login/login.c (revision 288456)
+++ usr.bin/login/login.c (working copy)
@@ -166,6 +166,7 @@
gid_t egid;
char *term;
char *p, *ttyn;
+ char oldlogname[MAXLOGNAME];
char tname[sizeof(_PATH_TTY) + 10];
char *arg0;
const char *tp;
@@ -545,6 +546,9 @@
}
pam_session_established =3D 1;
+ if (getlogin_r(oldlogname, sizeof(oldlogname)) !=3D 0)
+ oldlogname[0] =3D '\0';
+
/*
* We must fork() before setuid() because we need to call
* pam_close_session() as root.
@@ -567,6 +571,8 @@
(void)sigprocmask(SIG_SETMASK, &omask, NULL);
waitpid(pid, &status, 0);
(void)sigprocmask(SIG_BLOCK, &mask, NULL);
+ if (oldlogname[0] !=3D '\0')
+ setlogin(oldlogname);
bail(NO_SLEEP_EXIT, 0);
}
I'm not sure this is the right way though.
My initial instinct was to use setsid(2) in the child but that clobbers
the terminal.
It makes me wonder if there's bigger architectural issues here that need
addressing with session and login. Perhaps login -f is just a special
case though.
Thanks,
Bryan Drewery
--NmnlDEdgGU4JG0JOmDpl1tPPuDsQNbsP9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJWDYJzAAoJEDXXcbtuRpfPJEAIALFb3CcBqgRH3lodHOeyu2S+
K8ABbLaz2jybHg85YD3ACvlSt0dilWcjhbxxI9x98URKLZ9Clu9XWrykXnL5xr7h
dkt4RmD9wVRKCpis4bXIHLpNrT9Zw4CAWkXxKt7a2EVkX+Y1gZSpGokrll5xLM7j
ks4LqrxbboLPqDeqMZ+1/9oD5PqJ62OpEzPWzlh8u0OVtSrI7yKisYpr6EGvLdAA
j1Z9cwRdB43K1aESWU+b/RuGehXK/HoJ6Icr7WoLhQAI7g+VLk3w+EkZ3iFyu5rc
oC6kYgJIfNtdQ89Qf8+uTQH1fXR4CiOkDJw4W047QyVkiFYfkqBsf0xUIHHKhxE=
=ECmn
-----END PGP SIGNATURE-----
--NmnlDEdgGU4JG0JOmDpl1tPPuDsQNbsP9--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?560D826D.7000302>