#113 HAS_PAM_LIBRARY dtlogin sets PAM session PAM_TTY to bogus value "/dev/NULL"

[rakslice]

In Linux, when running dtlogin from systemd, with systemd's PAM driver in place in the PAM configuration for dtlogin, CDE users' login sessions automatically integrate nicely with systemd's user session tracking. That's great.

However the TTY of the CDE user sessions shows up as NULL:

rakslice@d109cde:~$ loginctl
SESSION  UID USER     SEAT TTY
      2 1000 rakslice      pts/2
      3 1000 rakslice      pts/0
     c9 1000 rakslice      NULL

3 sessions listed.
rakslice@d109cde:~$ loginctl show-session c9
Id=c9
User=1000
Name=rakslice
Timestamp=Wed 2021-11-24 05:14:29 PST
TimestampMonotonic=7532732736
VTNr=0
TTY=NULL
Remote=yes
RemoteHost=:0
Service=dtlogin
Scope=session-c9.scope
Leader=6295
Audit=4294967295
Type=tty
Class=user
Active=yes
State=closing
IdleHint=no
IdleSinceHint=0
IdleSinceHintMonotonic=0
LockedHint=no

This value comes from the device name set into the PAM session's PAM_TTY by dtlogin.

Going through the lib/DtPamSvc/PamSvc.c PamInit() calls, some come from the logic in dtlogin/sysauth.cand have a reasonable TTY value based on d->gettyLine.

But the relevant one comes from the HAS_PAM_LIBRARY case Account() calls in dtlogin/session.c, which pass NULL. Owing to the logic in account.c Account() and lib/DtPamSvc/PamSvc.c's \_DtAccounting(), this gets turned into "/dev/NULL" which is passed to PamInit().

[rakslice]

To test in Debian 10 I have a systemd service config for dtlogin in /etc/systemd/system/dtlogin.service:

[Unit]
Description=CDE login service
After=systemd-user-sessions.service

[Service]
ExecStart=/usr/dt/bin/dtlogin -debug 1

[Install]
WantedBy=graphical.target

and in the CDE-installed /etc/pam.d/dtlogin I add the line:

@include common-session

The common-session PAM config is from Debian and includes pam_systemd.so

[rakslice]

Note that the d->gettyLine value isn't necessarily a 'correct' TTY device for Linux, it's just whatever you put after the @ in the /etc/dt/config/Xservers line for a local session, or dtremote for an XDMCP session, but that you can at least use to distinguish multiple X sessions and certainly better than NULL.

[-]

In the original CDE source code, that argument is NULL. You may also notice there are a lot of #if...#else. The Account function is not only used for one OS. It's hard to test the function on all OSes especially the OS which doesn't use PAM. That's why that argument is kept as is for now.
To fix this issue or other potential issues, more discussion is needed: in the future, should we only confirm to some common standards or still write #if..#else for old OSes?

[rakslice]

The argument should keep its original value of NULL, and should still apply for what it was originally for, which is non-Sun non-PAM OSes. Okay. Perhaps instead of trying to also repurpose it for PAM, something else should be done for HAS_PAM_LIBRARY, something with _DtAccounting that is analogous to the PamAccounting call in the original Sun PAM code path...