granicus.if.org Git - linux-pam/commit

author	Richard Guy Briggs <rgb@redhat.com>
	Fri, 21 Jun 2013 12:29:00 +0000 (08:29 -0400)
committer	Dmitry V. Levin <ldv@altlinux.org>
	Fri, 21 Jun 2013 21:36:20 +0000 (21:36 +0000)
commit	333686501468f66160c8eb50ae23f1dc08b82e12
tree	a6adc46e5ecddac9bea683f4b0ffb0db6621978f	tree \| snapshot
parent	43a69398c33f8580c5925953fa7ee561666d8e33	commit \| diff

pam_tty_audit: add an option to control logging of passwords: log_passwd

Most commands are entered one line at a time and processed as complete lines
in non-canonical mode.  Commands that interactively require a password, enter
canonical mode with echo set to off to do this.  This feature (icanon and
!echo) can be used to avoid logging passwords by audit while still logging the
rest of the command.  Adding a member to the struct audit_tty_status passed in
by pam_tty_audit allows control of logging passwords per task.

* configure.in: autoconf bits to conditionally add support at compile time
depending on struct audit_tty_status kernel header version.
* modules/pam_tty_audit/pam_tty_audit.8.xml: Document new pam_tty_audit module
log_passwd option.
* modules/pam_tty_audit/pam_tty_audit.c: (pam_sm_open_session): Added
"log_passwd" option parsing.

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>

configure.in		diff \| blob \| history
modules/pam_tty_audit/pam_tty_audit.8.xml		diff \| blob \| history
modules/pam_tty_audit/pam_tty_audit.c		diff \| blob \| history