From: Kyle Manna <kyle@kylemanna.com>
To: <kbd@lists.altlinux.org>
Subject: [kbd] [PATCH] vlock: Handle tty dying
Date: Fri, 26 Sep 2014 05:42:14 +0000 [thread overview]
Message-ID: <20140926054204.GH3701@kylemanna.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 720 bytes --]
Hi guys,
I ran into a problem where if vlock was running over ssh and the ssh
session died my system logs would get spammed by the now orphaned vlock
process on Arch Linux:
Sep 25 20:51:12 hostname vlock[31336]: pam_unix(vlock:auth): auth could not identify password for [user]
Sep 25 20:51:13 hostname vlock[31336]: pam_unix(vlock:auth): auth could not identify password for [user]
Sep 25 20:51:14 hostname vlock[31336]: pam_unix(vlock:auth): auth could not identify password for [user]
I was able to re-create this in many other situations (ssh, xterm
window/tab, tmux window/pane, etc).
The patch know checks for a tty on stdin where PAM will likely ask for
the password and exits if it's not found.
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-vlock-Handle-tty-dying.patch --]
[-- Type: text/x-diff, Size: 1158 bytes --]
From ec97bfb838ff45a1f7c3a640cb29f7eeb2718db3 Mon Sep 17 00:00:00 2001
From: Kyle Manna <kyle@kylemanna.com>
Date: Thu, 25 Sep 2014 22:22:17 -0700
Subject: [PATCH] vlock: Handle tty dying
* Gracefully exit when the parent tty dies.
* Typical causes of death include closing:
* terminal tab or window
* shell
* ssh session
* If no tty exists, I'm not sure what vlock would be locking.
Signed-off-by: Kyle Manna <kyle@kylemanna.com>
---
src/vlock/auth.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/vlock/auth.c b/src/vlock/auth.c
index da135ce..79b1319 100644
--- a/src/vlock/auth.c
+++ b/src/vlock/auth.c
@@ -67,6 +67,17 @@ get_password (pam_handle_t * pamh, const char *username, const char *tty)
int rc;
const char *msg;
+ /* Ensure that the process has a tty. If the parent had died,
+ * stdin/out are likely no longer valid and PAM will fail continuously.
+ */
+ if (isatty(STDIN_FILENO) != 1)
+ {
+ syslog (LOG_INFO,
+ "TTY %s disappeared for %s by (uid=%u)",
+ tty, username, uid);
+ return EXIT_FAILURE;
+ }
+
if (!pamh)
{
pamh = init_pam (username, tty, 1);
--
2.1.1
next reply other threads:[~2014-09-26 5:42 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-26 5:42 Kyle Manna [this message]
2015-01-23 17:46 ` [kbd] [PATCH] vlock: Handle tty dying Dmitry V. Levin
2015-01-23 17:47 ` [kbd] [PATCH 1/2] vlock: move some code around Dmitry V. Levin
2015-01-23 17:49 ` [kbd] [PATCH 2/2] vlock: handle disappearing ttys gracefully Dmitry V. Levin
2015-01-25 11:18 ` [kbd] [PATCH] vlock: Handle tty dying Alexey Gladkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140926054204.GH3701@kylemanna.com \
--to=kyle@kylemanna.com \
--cc=kbd@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).