|
 |
a46dbe |
From c426914fa166ffb0482b6f6ad659ddf17d5dfaa1 Mon Sep 17 00:00:00 2001
|
|
|
a46dbe |
From: Nir Soffer <nsoffer@redhat.com>
|
|
|
a46dbe |
Date: Wed, 9 Jan 2019 23:41:16 +0200
|
|
|
a46dbe |
Subject: [PATCH] pam_lastlog: Improve silent option documentation
|
|
|
a46dbe |
|
|
|
a46dbe |
The silent option explicitly silents only the last login message and not
|
|
|
a46dbe |
bad logins. Add a note to the manual to make this clear.
|
|
|
a46dbe |
|
|
|
a46dbe |
* modules/pam_lastlog/pam_lastlog.8.xml: Clearify "silent showfailed"
|
|
|
a46dbe |
---
|
|
|
a46dbe |
modules/pam_lastlog/pam_lastlog.8.xml | 1 +
|
|
|
a46dbe |
1 file changed, 1 insertion(+)
|
|
|
a46dbe |
|
|
|
a46dbe |
diff --git a/modules/pam_lastlog/pam_lastlog.8.xml b/modules/pam_lastlog/pam_lastlog.8.xml
|
|
|
a46dbe |
index c8f247e..bc2e1be 100644
|
|
|
a46dbe |
--- a/modules/pam_lastlog/pam_lastlog.8.xml
|
|
|
a46dbe |
+++ b/modules/pam_lastlog/pam_lastlog.8.xml
|
|
|
a46dbe |
@@ -102,6 +102,7 @@
|
|
|
a46dbe |
<para>
|
|
|
a46dbe |
Don't inform the user about any previous login,
|
|
|
a46dbe |
just update the <filename>/var/log/lastlog</filename> file.
|
|
|
a46dbe |
+ This option does not affect display of bad login attempts.
|
|
|
a46dbe |
</para>
|
|
|
a46dbe |
</listitem>
|
|
|
a46dbe |
</varlistentry>
|
|
|
a46dbe |
--
|
|
|
a46dbe |
2.20.1
|
|
|
a46dbe |
|
|
|
a46dbe |
From 7d036249a9772c546ede1f38ad68b3f1575216d6 Mon Sep 17 00:00:00 2001
|
|
|
a46dbe |
From: Nir Soffer <nsoffer@redhat.com>
|
|
|
a46dbe |
Date: Sun, 6 Jan 2019 00:36:27 +0200
|
|
|
a46dbe |
Subject: [PATCH] pam_lastlog: Respect PAM_SILENT flag
|
|
|
a46dbe |
|
|
|
a46dbe |
pam_lastlog module will not log info about failed login if the session
|
|
|
a46dbe |
was opened with PAM_SILENT flag.
|
|
|
a46dbe |
|
|
|
a46dbe |
Example use case enabled by this change:
|
|
|
a46dbe |
|
|
|
a46dbe |
sudo --non-interactive program
|
|
|
a46dbe |
|
|
|
a46dbe |
If this command is run by another program expecting specific output from
|
|
|
a46dbe |
the command run by sudo, the unexpected info about failed logins will
|
|
|
a46dbe |
break this program.
|
|
|
a46dbe |
|
|
|
a46dbe |
* modules/pam_lastlog/pam_lastlog.c: Respect silent option.
|
|
|
a46dbe |
(_pam_session_parse): Unset LASTLOG_BTMP if PAM_SILENT is set.
|
|
|
a46dbe |
---
|
|
|
a46dbe |
modules/pam_lastlog/pam_lastlog.c | 11 ++++++-----
|
|
|
a46dbe |
1 file changed, 6 insertions(+), 5 deletions(-)
|
|
|
a46dbe |
|
|
|
a46dbe |
diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c
|
|
|
a46dbe |
index 18bf7be..e980c04 100644
|
|
|
a46dbe |
--- a/modules/pam_lastlog/pam_lastlog.c
|
|
|
a46dbe |
+++ b/modules/pam_lastlog/pam_lastlog.c
|
|
|
a46dbe |
@@ -135,11 +135,6 @@ _pam_session_parse(pam_handle_t *pamh, int flags, int argc, const char **argv)
|
|
|
a46dbe |
{
|
|
|
a46dbe |
int ctrl=(LASTLOG_DATE|LASTLOG_HOST|LASTLOG_LINE|LASTLOG_WTMP|LASTLOG_UPDATE);
|
|
|
a46dbe |
|
|
|
a46dbe |
- /* does the appliction require quiet? */
|
|
|
a46dbe |
- if (flags & PAM_SILENT) {
|
|
|
a46dbe |
- ctrl |= LASTLOG_QUIET;
|
|
|
a46dbe |
- }
|
|
|
a46dbe |
-
|
|
|
a46dbe |
/* step through arguments */
|
|
|
a46dbe |
for (; argc-- > 0; ++argv) {
|
|
|
a46dbe |
|
|
|
a46dbe |
@@ -168,6 +163,12 @@ _pam_session_parse(pam_handle_t *pamh, int flags, int argc, const char **argv)
|
|
|
a46dbe |
}
|
|
|
a46dbe |
}
|
|
|
a46dbe |
|
|
|
a46dbe |
+ /* does the appliction require quiet? */
|
|
|
a46dbe |
+ if (flags & PAM_SILENT) {
|
|
|
a46dbe |
+ ctrl |= LASTLOG_QUIET;
|
|
|
a46dbe |
+ ctrl &= ~LASTLOG_BTMP;
|
|
|
a46dbe |
+ }
|
|
|
a46dbe |
+
|
|
|
a46dbe |
D(("ctrl = %o", ctrl));
|
|
|
a46dbe |
return ctrl;
|
|
|
a46dbe |
}
|
|
|
a46dbe |
--
|
|
|
a46dbe |
2.20.1
|
|
|
a46dbe |
|