pam_lastlog: Respect PAM_SILENT flag

pam_lastlog module will not log info about failed login if the session
was opened with PAM_SILENT flag.

Example use case enabled by this change:

    sudo --non-interactive program

If this command is run by another program expecting specific output from
the command run by sudo, the unexpected info about failed logins will
break this program.

* modules/pam_lastlog/pam_lastlog.c: Respect silent option.
  (_pam_session_parse): Unset LASTLOG_BTMP if PAM_SILENT is set.

1 files changed, 6 insertions, 5 deletions

diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c
index 18bf7bec..e980c047 100644
--- a/modules/pam_lastlog/pam_lastlog.c
+++ b/modules/pam_lastlog/pam_lastlog.c
@@ -135,11 +135,6 @@ _pam_session_parse(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
     int ctrl=(LASTLOG_DATE|LASTLOG_HOST|LASTLOG_LINE|LASTLOG_WTMP|LASTLOG_UPDATE);
 
-    /* does the appliction require quiet? */
-    if (flags & PAM_SILENT) {
-	ctrl |= LASTLOG_QUIET;
-    }
-
     /* step through arguments */
     for (; argc-- > 0; ++argv) {
 
@@ -168,6 +163,12 @@ _pam_session_parse(pam_handle_t *pamh, int flags, int argc, const char **argv)
 	}
     }
 
+    /* does the appliction require quiet? */
+    if (flags & PAM_SILENT) {
+	ctrl |= LASTLOG_QUIET;
+	ctrl &= ~LASTLOG_BTMP;
+    }
+
     D(("ctrl = %o", ctrl));
     return ctrl;
 }