Does not set PAM_XDISPLAY and or XDISPLAY, XAUTHORITY variables

Bug #862559 reported by Wolfgang Ullrich on 2011-09-29
164
This bug affects 38 people
Affects Status Importance Assigned to Milestone
Light Display Manager
Medium
Unassigned
lightdm (Ubuntu)
Low
Unassigned

Bug Description

If a PAM module with GUI interface for alternative authentication methods (like fingerprint authentication) is used, this module needs information about the xdisplay to connect to for showing up it's widget. Therefore PAM has two enviroment variables to be setup by the application before calling the "pam_authenticate" function. These variables are PAM_XDISPLAY and PAM_TTY, both to be set to the current display number (e.g. ":0"). Alternatively the environment variables XDISPLAY and XAUTHORITY can be set, so the PAM module can get the information by calling "getenv()".

Robert Ancell (robert-ancell) wrote :

PAM_TTY has been set since 0.9.7. PAM_XDISPLAY is not currently set. XAUTHORITY is set later in the process, as it requires the home directory to be mounted. We could set it to a system XAUTHORITY earlier then replace it with the user XAUTHORITY.

affects: unity-greeter (Ubuntu) → lightdm (Ubuntu)
summary: - Missing PAM environment variables in unity-greeter
+ Does not set PAM_XDISPLAY and or XDISPLAY, XAUTHORITY variables
Changed in lightdm:
status: New → Triaged
Changed in lightdm (Ubuntu):
status: New → Triaged
Changed in lightdm:
importance: Undecided → Medium
Changed in lightdm (Ubuntu):
importance: Undecided → Medium
Wolfgang Ullrich (w-ullrich) wrote :

The following code writes this to /var/log/auth.log:

------
... PAM_SERVICE: lightdm.
... Have no PAM_TTY.
... Have now XDisplay: "(null)" and XAuth: "(null)".
------

This is the pam_sm_authenticate function of the PAM module:

<code>

PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) {
    const char *service = NULL;
    char* xdisp = getenv("DISPLAY");
    char* xauth = getenv("XAUTHORITY");

    // Requested service
    pam_get_item(pamh, PAM_SERVICE, (const void **)(const void*)&service);
    if (service != NULL && strlen(service) > 0) {
        syslog(LOG_DEBUG, "PAM_SERVICE: %s.", (const char*)service);
    }

    if (xdisp == NULL) { // Trying to get the xdisplay
        pam_get_item(pamh, PAM_XDISPLAY, (const void **)(const void*)&xdisp);
        if (xdisp == NULL) {
            pam_get_item(pamh, PAM_TTY, (const void **)(const void*)&xdisp);
            if (xdisp == NULL || strlen(xdisp) == 0) {
                syslog(LOG_DEBUG, "Have no PAM_TTY.");
                xdisp = NULL;
            }
            else {
                syslog(LOG_DEBUG, "Have PAM_TTY: %s.", xdisp);
                if(xdisp[0] != ':'){// looks not like a X-Display
                    syslog(LOG_DEBUG, "Have no DISPLAY from PAM_TTY.");
                    xdisp = NULL;
                }
                else{
                    syslog(LOG_DEBUG, "Have DISPLAY %s from PAM_TTY.", xdisp);
                    setenv("DISPLAY", xdisp, -1);
                }
            }
        }
        else {
            syslog(LOG_DEBUG, "Have DISPLAY %s from pam_get_item.", xdisp);
            setenv("DISPLAY", xdisp, -1);
        }
    }
    else
        syslog(LOG_DEBUG, "Have DISPLAY %s from getenv.", xdisp);

    syslog(LOG_DEBUG, "Have now XDisplay: \"%s\" and XAuth: \"%s\".", xdisp, xauth);
}

</code>

This means none of the variables are set. The module cannot display it's widget.

Changed in lightdm (Ubuntu):
importance: Medium → Low
Robert Ancell (robert-ancell) wrote :

This is fixed in 1.1.4

Changed in lightdm:
status: Triaged → Fix Committed
Changed in lightdm (Ubuntu):
status: Triaged → Fix Committed
Changed in lightdm:
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lightdm - 1.1.4-0ubuntu1

---------------
lightdm (1.1.4-0ubuntu1) precise; urgency=low

  * New upstream release.
    - Change session directory once user permissions are set so it works
      on NFS filesystems that don't allow root to access files. (LP: #877766)
    - Restructure session code so the PAM authentication is run in its
      own process. (LP: #881466)
    - Set PAM_XDISPLAY and PAM_XAUTHDATA pam items (LP: #862559)
    - Don't send session stdout to .xsession-errors
    - Fix Qt bindings crash when removing a user
 -- Robert Ancell <email address hidden> Thu, 01 Mar 2012 20:54:07 +1100

Changed in lightdm (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers