Blame SOURCES/pam-1.3.1-lastlog-no-showfailed.patch

43d219
From c426914fa166ffb0482b6f6ad659ddf17d5dfaa1 Mon Sep 17 00:00:00 2001
43d219
From: Nir Soffer <nsoffer@redhat.com>
43d219
Date: Wed, 9 Jan 2019 23:41:16 +0200
43d219
Subject: [PATCH] pam_lastlog: Improve silent option documentation
43d219
43d219
The silent option explicitly silents only the last login message and not
43d219
bad logins. Add a note to the manual to make this clear.
43d219
43d219
* modules/pam_lastlog/pam_lastlog.8.xml: Clearify "silent showfailed"
43d219
---
43d219
 modules/pam_lastlog/pam_lastlog.8.xml | 1 +
43d219
 1 file changed, 1 insertion(+)
43d219
43d219
diff --git a/modules/pam_lastlog/pam_lastlog.8.xml b/modules/pam_lastlog/pam_lastlog.8.xml
43d219
index c8f247e..bc2e1be 100644
43d219
--- a/modules/pam_lastlog/pam_lastlog.8.xml
43d219
+++ b/modules/pam_lastlog/pam_lastlog.8.xml
43d219
@@ -102,6 +102,7 @@
43d219
           <para>
43d219
             Don't inform the user about any previous login,
43d219
             just update the <filename>/var/log/lastlog</filename> file.
43d219
+            This option does not affect display of bad login attempts.
43d219
           </para>
43d219
         </listitem>
43d219
       </varlistentry>
43d219
-- 
43d219
2.20.1
43d219
43d219
From 7d036249a9772c546ede1f38ad68b3f1575216d6 Mon Sep 17 00:00:00 2001
43d219
From: Nir Soffer <nsoffer@redhat.com>
43d219
Date: Sun, 6 Jan 2019 00:36:27 +0200
43d219
Subject: [PATCH] pam_lastlog: Respect PAM_SILENT flag
43d219
43d219
pam_lastlog module will not log info about failed login if the session
43d219
was opened with PAM_SILENT flag.
43d219
43d219
Example use case enabled by this change:
43d219
43d219
    sudo --non-interactive program
43d219
43d219
If this command is run by another program expecting specific output from
43d219
the command run by sudo, the unexpected info about failed logins will
43d219
break this program.
43d219
43d219
* modules/pam_lastlog/pam_lastlog.c: Respect silent option.
43d219
  (_pam_session_parse): Unset LASTLOG_BTMP if PAM_SILENT is set.
43d219
---
43d219
 modules/pam_lastlog/pam_lastlog.c | 11 ++++++-----
43d219
 1 file changed, 6 insertions(+), 5 deletions(-)
43d219
43d219
diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c
43d219
index 18bf7be..e980c04 100644
43d219
--- a/modules/pam_lastlog/pam_lastlog.c
43d219
+++ b/modules/pam_lastlog/pam_lastlog.c
43d219
@@ -135,11 +135,6 @@ _pam_session_parse(pam_handle_t *pamh, int flags, int argc, const char **argv)
43d219
 {
43d219
     int ctrl=(LASTLOG_DATE|LASTLOG_HOST|LASTLOG_LINE|LASTLOG_WTMP|LASTLOG_UPDATE);
43d219
 
43d219
-    /* does the appliction require quiet? */
43d219
-    if (flags & PAM_SILENT) {
43d219
-	ctrl |= LASTLOG_QUIET;
43d219
-    }
43d219
-
43d219
     /* step through arguments */
43d219
     for (; argc-- > 0; ++argv) {
43d219
 
43d219
@@ -168,6 +163,12 @@ _pam_session_parse(pam_handle_t *pamh, int flags, int argc, const char **argv)
43d219
 	}
43d219
     }
43d219
 
43d219
+    /* does the appliction require quiet? */
43d219
+    if (flags & PAM_SILENT) {
43d219
+	ctrl |= LASTLOG_QUIET;
43d219
+	ctrl &= ~LASTLOG_BTMP;
43d219
+    }
43d219
+
43d219
     D(("ctrl = %o", ctrl));
43d219
     return ctrl;
43d219
 }
43d219
-- 
43d219
2.20.1
43d219