|
|
43d219 |
From c426914fa166ffb0482b6f6ad659ddf17d5dfaa1 Mon Sep 17 00:00:00 2001
|
|
|
43d219 |
From: Nir Soffer <nsoffer@redhat.com>
|
|
|
43d219 |
Date: Wed, 9 Jan 2019 23:41:16 +0200
|
|
|
43d219 |
Subject: [PATCH] pam_lastlog: Improve silent option documentation
|
|
|
43d219 |
|
|
|
43d219 |
The silent option explicitly silents only the last login message and not
|
|
|
43d219 |
bad logins. Add a note to the manual to make this clear.
|
|
|
43d219 |
|
|
|
43d219 |
* modules/pam_lastlog/pam_lastlog.8.xml: Clearify "silent showfailed"
|
|
|
43d219 |
---
|
|
|
43d219 |
modules/pam_lastlog/pam_lastlog.8.xml | 1 +
|
|
|
43d219 |
1 file changed, 1 insertion(+)
|
|
|
43d219 |
|
|
|
43d219 |
diff --git a/modules/pam_lastlog/pam_lastlog.8.xml b/modules/pam_lastlog/pam_lastlog.8.xml
|
|
|
43d219 |
index c8f247e..bc2e1be 100644
|
|
|
43d219 |
--- a/modules/pam_lastlog/pam_lastlog.8.xml
|
|
|
43d219 |
+++ b/modules/pam_lastlog/pam_lastlog.8.xml
|
|
|
43d219 |
@@ -102,6 +102,7 @@
|
|
|
43d219 |
<para>
|
|
|
43d219 |
Don't inform the user about any previous login,
|
|
|
43d219 |
just update the <filename>/var/log/lastlog</filename> file.
|
|
|
43d219 |
+ This option does not affect display of bad login attempts.
|
|
|
43d219 |
</para>
|
|
|
43d219 |
</listitem>
|
|
|
43d219 |
</varlistentry>
|
|
|
43d219 |
--
|
|
|
43d219 |
2.20.1
|
|
|
43d219 |
|
|
|
43d219 |
From 7d036249a9772c546ede1f38ad68b3f1575216d6 Mon Sep 17 00:00:00 2001
|
|
|
43d219 |
From: Nir Soffer <nsoffer@redhat.com>
|
|
|
43d219 |
Date: Sun, 6 Jan 2019 00:36:27 +0200
|
|
|
43d219 |
Subject: [PATCH] pam_lastlog: Respect PAM_SILENT flag
|
|
|
43d219 |
|
|
|
43d219 |
pam_lastlog module will not log info about failed login if the session
|
|
|
43d219 |
was opened with PAM_SILENT flag.
|
|
|
43d219 |
|
|
|
43d219 |
Example use case enabled by this change:
|
|
|
43d219 |
|
|
|
43d219 |
sudo --non-interactive program
|
|
|
43d219 |
|
|
|
43d219 |
If this command is run by another program expecting specific output from
|
|
|
43d219 |
the command run by sudo, the unexpected info about failed logins will
|
|
|
43d219 |
break this program.
|
|
|
43d219 |
|
|
|
43d219 |
* modules/pam_lastlog/pam_lastlog.c: Respect silent option.
|
|
|
43d219 |
(_pam_session_parse): Unset LASTLOG_BTMP if PAM_SILENT is set.
|
|
|
43d219 |
---
|
|
|
43d219 |
modules/pam_lastlog/pam_lastlog.c | 11 ++++++-----
|
|
|
43d219 |
1 file changed, 6 insertions(+), 5 deletions(-)
|
|
|
43d219 |
|
|
|
43d219 |
diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c
|
|
|
43d219 |
index 18bf7be..e980c04 100644
|
|
|
43d219 |
--- a/modules/pam_lastlog/pam_lastlog.c
|
|
|
43d219 |
+++ b/modules/pam_lastlog/pam_lastlog.c
|
|
|
43d219 |
@@ -135,11 +135,6 @@ _pam_session_parse(pam_handle_t *pamh, int flags, int argc, const char **argv)
|
|
|
43d219 |
{
|
|
|
43d219 |
int ctrl=(LASTLOG_DATE|LASTLOG_HOST|LASTLOG_LINE|LASTLOG_WTMP|LASTLOG_UPDATE);
|
|
|
43d219 |
|
|
|
43d219 |
- /* does the appliction require quiet? */
|
|
|
43d219 |
- if (flags & PAM_SILENT) {
|
|
|
43d219 |
- ctrl |= LASTLOG_QUIET;
|
|
|
43d219 |
- }
|
|
|
43d219 |
-
|
|
|
43d219 |
/* step through arguments */
|
|
|
43d219 |
for (; argc-- > 0; ++argv) {
|
|
|
43d219 |
|
|
|
43d219 |
@@ -168,6 +163,12 @@ _pam_session_parse(pam_handle_t *pamh, int flags, int argc, const char **argv)
|
|
|
43d219 |
}
|
|
|
43d219 |
}
|
|
|
43d219 |
|
|
|
43d219 |
+ /* does the appliction require quiet? */
|
|
|
43d219 |
+ if (flags & PAM_SILENT) {
|
|
|
43d219 |
+ ctrl |= LASTLOG_QUIET;
|
|
|
43d219 |
+ ctrl &= ~LASTLOG_BTMP;
|
|
|
43d219 |
+ }
|
|
|
43d219 |
+
|
|
|
43d219 |
D(("ctrl = %o", ctrl));
|
|
|
43d219 |
return ctrl;
|
|
|
43d219 |
}
|
|
|
43d219 |
--
|
|
|
43d219 |
2.20.1
|
|
|
43d219 |
|