pam_systemd: explain in detail why pam_systemd does the PAM item mangling it does in comments

The old comments were imprecise, and misleading. Let's extend things and explain the situation in more detail. (cherry picked from commit 3a7369495bdbec38d897a48da511e126e373b253)
author: Lennart Poettering <lennart@poettering.net> 2018-07-23 13:02:58 +0200
committer: Sven Eden <sven.eden@prydeworx.com> 2018-10-29 10:18:39 +0100
commit: aafb6f802c6a6f9339319e9e2d3d669d99f51e5b (patch)
tree: a6851e8d74318263cf25e63a6967fca8593f7c1a
parent: 17a2fb719de6821eccc882d04c5c7ad719ed495f (diff)
1 files changed, 16 insertions, 12 deletions
diff --git a/src/login/pam_elogind.c b/src/login/pam_elogind.c
index 63cbbbc1d..bb6da2aac 100644
--- a/src/login/pam_elogind.c
+++ b/src/login/pam_elogind.c
@@ -381,28 +381,32 @@ _public_ PAM_EXTERN int pam_sm_open_session(
         tty = strempty(tty);
 
         if (strchr(tty, ':')) {
-                /* A tty with a colon is usually an X11 display,
-                 * placed there to show up in utmp. We rearrange
-                 * things and don't pretend that an X display was a
-                 * tty. */
-
+                /* A tty with a colon is usually an X11 display, placed there to show up in utmp. We rearrange things
+                 * and don't pretend that an X display was a tty. */
                 if (isempty(display))
                         display = tty;
                 tty = NULL;
+
         } else if (streq(tty, "cron")) {
-                /* cron has been setting PAM_TTY to "cron" for a very
-                 * long time and it probably shouldn't stop doing that
-                 * for compatibility reasons. */
+                /* cron is setting PAM_TTY to "cron" for some reason (the commit carries no information why, but
+                 * probably because it wants to set it to something as pam_time/pam_access/… require PAM_TTY to be set
+                 * (as they otherwise even try to update it!) — but cron doesn't actually allocate a TTY for its forked
+                 * off processes.) */
                 type = "unspecified";
                 class = "background";
                 tty = NULL;
+
         } else if (streq(tty, "ssh")) {
-                /* ssh has been setting PAM_TTY to "ssh" for a very
-                 * long time and probably shouldn't stop doing that
-                 * for compatibility reasons. */
+                /* ssh has been setting PAM_TTY to "ssh" (for the same reason as cron does this, see above. For further
+                 * details look for "PAM_TTY_KLUDGE" in the openssh sources). */
                 type ="tty";
                 class = "user";
-                tty = NULL;
+                tty = NULL; /* This one is particularly sad, as this means that ssh sessions — even though usually
+                             * associated with a pty — won't be tracked by their tty in logind. This is because ssh
+                             * does the PAM session registration early for new connections, and registers a pty only
+                             * much later (this is because it doesn't know yet if it needs one at all, as whether to
+                             * register a pty or not is negotiated much later in the protocol). */
+
         } else
                 /* Chop off leading /dev prefix that some clients specify, but others do not. */
                 tty = skip_dev_prefix(tty);
author	Lennart Poettering <lennart@poettering.net>	2018-07-23 13:02:58 +0200
committer	Sven Eden <sven.eden@prydeworx.com>	2018-10-29 10:18:39 +0100
commit	aafb6f802c6a6f9339319e9e2d3d669d99f51e5b (patch)
tree	a6851e8d74318263cf25e63a6967fca8593f7c1a
parent	17a2fb719de6821eccc882d04c5c7ad719ed495f (diff)