pam_lastlog: Respect PAM_SILENT flag

pam_lastlog module will not log info about failed login if the session
was opened with PAM_SILENT flag.

Example use case enabled by this change:

    sudo --non-interactive program

If this command is run by another program expecting specific output from
the command run by sudo, the unexpected info about failed logins will
break this program.

* modules/pam_lastlog/pam_lastlog.c: Respect silent option.
  (_pam_session_parse): Unset LASTLOG_BTMP if PAM_SILENT is set.

diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c
index 18bf7bec4875203ecd05d2a451af3124396cafc6..e980c0478a8ec97bf01f1d68653559870469f29c 100644 (file)
--- a/modules/pam_lastlog/pam_lastlog.c
+++ b/modules/pam_lastlog/pam_lastlog.c
@@ -135,11 +135,6 @@ _pam_session_parse(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
     int ctrl=(LASTLOG_DATE|LASTLOG_HOST|LASTLOG_LINE|LASTLOG_WTMP|LASTLOG_UPDATE);
 
-    /* does the appliction require quiet? */
-    if (flags & PAM_SILENT) {
-       ctrl |= LASTLOG_QUIET;
-    }
-
     /* step through arguments */
     for (; argc-- > 0; ++argv) {
 
@@ -168,6 +163,12 @@ _pam_session_parse(pam_handle_t *pamh, int flags, int argc, const char **argv)
        }
     }
 
+    /* does the appliction require quiet? */
+    if (flags & PAM_SILENT) {
+       ctrl |= LASTLOG_QUIET;
+       ctrl &= ~LASTLOG_BTMP;
+    }
+
     D(("ctrl = %o", ctrl));
     return ctrl;
 }