exec-invoke: Always go via stdin fd in setup_pam() to get tty

We might have resolved the tty to something else if it was set to
/dev/console, so let's always go via stdin in setup_pam(). This also
means we won't set the pam tty if only stdout or stderr are connected
to a tty, which seems like a sensible thing to do.

diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index 0a29da522ed945665b697a8c73f6b5e1876728c7..ef501607b698c1d3229022d3d76461f731a3d9bd 100644 (file)
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -1201,6 +1201,7 @@ static int setup_pam(
 
         _cleanup_(barrier_destroy) Barrier barrier = BARRIER_NULL;
         _cleanup_strv_free_ char **e = NULL;
+        _cleanup_free_ char *tty = NULL;
         pam_handle_t *handle = NULL;
         sigset_t old_ss;
         int pam_code = PAM_SUCCESS, r;
@@ -1236,15 +1237,14 @@ static int setup_pam(
                 goto fail;
         }
 
-        const char *tty = context->tty_path;
-        if (!tty) {
-                _cleanup_free_ char *q = NULL;
-
-                /* Hmm, so no TTY was explicitly passed, but an fd passed to us directly might be a TTY. Let's figure
-                 * out if that's the case, and read the TTY off it. */
+        if (getttyname_malloc(STDIN_FILENO, &tty) >= 0) {
+                _cleanup_free_ char *q = path_join("/dev", tty);
+                if (!q) {
+                        r = -ENOMEM;
+                        goto fail;
+                }
 
-                if (getttyname_malloc(STDIN_FILENO, &q) >= 0)
-                        tty = strjoina("/dev/", q);
+                free_and_replace(tty, q);
         }
 
         if (tty) {