]> granicus.if.org Git - linux-pam/commitdiff
Add "quiet" option to pam_unix to suppress informential info
authorThorsten Kukuk <kukuk@thkukuk.de>
Thu, 23 Apr 2015 14:04:32 +0000 (16:04 +0200)
committerThorsten Kukuk <kukuk@thkukuk.de>
Thu, 23 Apr 2015 14:04:32 +0000 (16:04 +0200)
messages from session.

* modules/pam_unix/pam_unix.8.xml: Document new option.
* modules/pam_unix/support.h: Add quiet option.
* modules/pam_unix/pam_unix_sess.c: Don't print LOG_INFO messages if
 'quiet' option is set.

modules/pam_unix/pam_unix.8.xml
modules/pam_unix/pam_unix_sess.c
modules/pam_unix/support.h

index 9ce084e36e7ce2c194b7ee4f69338b9ea0cce16e..e1702420afc9f3c554119578c286e4408322fda8 100644 (file)
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>
+          <option>quiet</option>
+        </term>
+        <listitem>
+          <para>
+           Turns off informational messages namely messages about
+           session open and close via
+            <citerefentry>
+              <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
+            </citerefentry>.
+          </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>
           <option>nullok</option>
index d1376732e63c68804d001ac83f4be1c2337562b4..5d001816dab8d90d9f5abc798a5e5f2dc14d7872 100644 (file)
@@ -96,8 +96,9 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
        if (login_name == NULL) {
            login_name = "";
        }
-       pam_syslog(pamh, LOG_INFO, "session opened for user %s by %s(uid=%lu)",
-                user_name, login_name, (unsigned long)getuid());
+       if (off (UNIX_QUIET, ctrl))
+         pam_syslog(pamh, LOG_INFO, "session opened for user %s by %s(uid=%lu)",
+                    user_name, login_name, (unsigned long)getuid());
 
        return PAM_SUCCESS;
 }
@@ -126,8 +127,9 @@ pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
                         "close_session - error recovering service");
                return PAM_SESSION_ERR;
        }
-       pam_syslog(pamh, LOG_INFO, "session closed for user %s",
-               user_name);
+       if (off (UNIX_QUIET, ctrl))
+         pam_syslog(pamh, LOG_INFO, "session closed for user %s",
+                    user_name);
 
        return PAM_SUCCESS;
 }
index cd6ddb76a822cf408c00924035ab67d649d07489..3729ce0cc76372045b21d5fc79ea6a669ebb8963 100644 (file)
@@ -97,9 +97,10 @@ typedef struct {
                                           password hash algorithms */
 #define UNIX_BLOWFISH_PASS       26    /* new password hashes will use blowfish */
 #define UNIX_MIN_PASS_LEN        27    /* min length for password */
-#define UNIX_DES                 28     /* DES, default */
+#define UNIX_QUIET              28     /* Don't print informational messages */
+#define UNIX_DES                 29     /* DES, default */
 /* -------------- */
-#define UNIX_CTRLS_              29    /* number of ctrl arguments defined */
+#define UNIX_CTRLS_              30    /* number of ctrl arguments defined */
 
 #define UNIX_DES_CRYPT(ctrl)   (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl))
 
@@ -136,6 +137,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
 /* UNIX_ALGO_ROUNDS */     {"rounds=",         _ALL_ON_,          0100000000, 0},
 /* UNIX_BLOWFISH_PASS */   {"blowfish",    _ALL_ON_^(0260420000), 0200000000, 1},
 /* UNIX_MIN_PASS_LEN */    {"minlen=",         _ALL_ON_,         0400000000, 0},
+/* UNIX_QUIET */           {"quiet",           _ALL_ON_,         01000000000, 0},
 /* UNIX_DES */             {"des",             _ALL_ON_^(0260420000),      0, 1},
 };