summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThorsten Kukuk <kukuk@thkukuk.de>2015-04-23 16:04:32 +0200
committerThorsten Kukuk <kukuk@thkukuk.de>2015-04-23 16:04:32 +0200
commitaa7acd0d8ab1cba8e079ee2b801c944896d2638b (patch)
tree02db6b6793ba07239d0f1549be61d62ebc8ff2c2
parentedcd6ce3a097c9b813909186dcb4accc35e604ef (diff)
Add "quiet" option to pam_unix to suppress informential info
messages from session. * modules/pam_unix/pam_unix.8.xml: Document new option. * modules/pam_unix/support.h: Add quiet option. * modules/pam_unix/pam_unix_sess.c: Don't print LOG_INFO messages if 'quiet' option is set.
-rw-r--r--modules/pam_unix/pam_unix.8.xml15
-rw-r--r--modules/pam_unix/pam_unix_sess.c10
-rw-r--r--modules/pam_unix/support.h6
3 files changed, 25 insertions, 6 deletions
diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml
index 9ce084e3..e1702420 100644
--- a/modules/pam_unix/pam_unix.8.xml
+++ b/modules/pam_unix/pam_unix.8.xml
@@ -131,6 +131,21 @@
<varlistentry>
<term>
+ <option>quiet</option>
+ </term>
+ <listitem>
+ <para>
+ Turns off informational messages namely messages about
+ session open and close via
+ <citerefentry>
+ <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
<option>nullok</option>
</term>
<listitem>
diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c
index d1376732..5d001816 100644
--- a/modules/pam_unix/pam_unix_sess.c
+++ b/modules/pam_unix/pam_unix_sess.c
@@ -96,8 +96,9 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
if (login_name == NULL) {
login_name = "";
}
- pam_syslog(pamh, LOG_INFO, "session opened for user %s by %s(uid=%lu)",
- user_name, login_name, (unsigned long)getuid());
+ if (off (UNIX_QUIET, ctrl))
+ pam_syslog(pamh, LOG_INFO, "session opened for user %s by %s(uid=%lu)",
+ user_name, login_name, (unsigned long)getuid());
return PAM_SUCCESS;
}
@@ -126,8 +127,9 @@ pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
"close_session - error recovering service");
return PAM_SESSION_ERR;
}
- pam_syslog(pamh, LOG_INFO, "session closed for user %s",
- user_name);
+ if (off (UNIX_QUIET, ctrl))
+ pam_syslog(pamh, LOG_INFO, "session closed for user %s",
+ user_name);
return PAM_SUCCESS;
}
diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
index cd6ddb76..3729ce0c 100644
--- a/modules/pam_unix/support.h
+++ b/modules/pam_unix/support.h
@@ -97,9 +97,10 @@ typedef struct {
password hash algorithms */
#define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */
#define UNIX_MIN_PASS_LEN 27 /* min length for password */
-#define UNIX_DES 28 /* DES, default */
+#define UNIX_QUIET 28 /* Don't print informational messages */
+#define UNIX_DES 29 /* DES, default */
/* -------------- */
-#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */
+#define UNIX_CTRLS_ 30 /* number of ctrl arguments defined */
#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl))
@@ -136,6 +137,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0},
/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1},
/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0},
+/* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0},
/* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1},
};