pam_lastlog module will not log info about failed login if the session
was opened with PAM_SILENT flag.
Example use case enabled by this change:
sudo --non-interactive program
If this command is run by another program expecting specific output from
the command run by sudo, the unexpected info about failed logins will
break this program.
* modules/pam_lastlog/pam_lastlog.c: Respect silent option.
(_pam_session_parse): Unset LASTLOG_BTMP if PAM_SILENT is set.
{
int ctrl=(LASTLOG_DATE|LASTLOG_HOST|LASTLOG_LINE|LASTLOG_WTMP|LASTLOG_UPDATE);
- /* does the appliction require quiet? */
- if (flags & PAM_SILENT) {
- ctrl |= LASTLOG_QUIET;
- }
-
/* step through arguments */
for (; argc-- > 0; ++argv) {
}
}
+ /* does the appliction require quiet? */
+ if (flags & PAM_SILENT) {
+ ctrl |= LASTLOG_QUIET;
+ ctrl &= ~LASTLOG_BTMP;
+ }
+
D(("ctrl = %o", ctrl));
return ctrl;
}