libpam_blue requires root, fails if non-privileged
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libpam-blue (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
I modified /etc/pam.
. . .
# here are the per-package modules (the "Primary" block)
auth [success=1 default=ignore] pam_unix.so nullok_secure
# here's the fallback if no module succeeds
auth requisite pam_deny.so
#
auth [success=1 default=ignore] pam_blue.so
auth required pam_google_
#
# prime the stack . . .
This works fine for login, but bluetooth authentication always fails when unlocking gnome-screensaver with the error message:
Bluetooth scan failure [bluetooth device up?]
The reason seems to be that pam_blue is based on l2cap which requires root authority to create sockets (l2ping runs as root but fails for a non-privileged user).
An alternative method of detecting bluetooth proximity is to use hcitool:
hcitool name xx:xx:xx:xx:xx:xx
returns the name of the device whose MAC is given, or nothing on fail, and it works for a non-privileged user.
Replacing pam_blue with a simple hacked version using hcitool works for both login and gnome-screensaver unlock:
int rc = PAM_SESSION_ERR;
FILE *fpipe;
char *command="hcitool name xx:xx:xx:xx:xx:xx";
char line[256];
if ( !(fpipe = (FILE*)
perror(
exit(1);
}
while ( fgets( line, sizeof line, fpipe)) {
if (strlen(line) > 2) rc = PAM_SUCCESS;
}
pclose(fpipe);
return rc;
This bug probably affects all versions to date, but has been confirmed in Ubuntu 11.04 and 11.10, and in libpam-blue 0.9.0-3
Patching bluescan.c to follow hcitool rather than l2ping seems to work for both login and gnome-screensaver.
The disadvantage that I can see is that there is no way to change the timeout.
The patch is attached.