diff options
| author | Karel Zak | 2013-08-27 11:23:54 +0200 |
|---|---|---|
| committer | Karel Zak | 2013-08-27 11:49:13 +0200 |
| commit | fb4edda749e4c81e9ce713a017240ded8f521d07 (patch) | |
| tree | 3b2b2f7aea21429db131526750e627a97a8d3549 /login-utils/su-common.c | |
| parent | build-sys: add CFLAGS and LDFLAGS for daemons and shared libs (diff) | |
| download | kernel-qcow2-util-linux-fb4edda749e4c81e9ce713a017240ded8f521d07.tar.gz kernel-qcow2-util-linux-fb4edda749e4c81e9ce713a017240ded8f521d07.tar.xz kernel-qcow2-util-linux-fb4edda749e4c81e9ce713a017240ded8f521d07.zip | |
su: suppress PAM info messages for -c or non-login sessions
The 'Last login:' messages from PAM lastlogin module is unexpected
for non-login sessions or when -c <command> executed.
For example:
$ su - -c id
Last login: Wed Jul 24 08:36:28 CEST 2013 from dhcp-25-161.brq.redhat.com on pts/18
uid=0(root) gid=0(root) skupiny=0(root)
this makes 'su' useless in scripts.
This patch suppress all PAM_TEXT_INFO messages for -c and for
non-login session ('-' is not specified) after pam_authenticate() and
pam_acct_mgmt().
Note that the new PAM conversation function checks the first message
in the msg[] array only. It seems good enough as PAM internally uses
pam_info() function that does not use multiple messages for one conv
call.
References: https://bugzilla.redhat.com/show_bug.cgi?id=987787
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'login-utils/su-common.c')
| -rw-r--r-- | login-utils/su-common.c | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/login-utils/su-common.c b/login-utils/su-common.c index 6df176382..ade5c9210 100644 --- a/login-utils/su-common.c +++ b/login-utils/su-common.c @@ -111,6 +111,9 @@ static int same_session = 0; /* SU_MODE_{RUNUSER,SU} */ static int su_mode; +/* Don't print PAM info messages (Last login, etc.). */ +static int suppress_pam_info; + static bool _pam_session_opened; static bool _pam_cred_established; static sig_atomic_t volatile caught_signal = false; @@ -208,10 +211,23 @@ static void log_btmp(struct passwd const *pw) updwtmp(_PATH_BTMP, &ut); } + +static int su_pam_conv(int num_msg, const struct pam_message **msg, + struct pam_response **resp, void *appdata_ptr) +{ + if (suppress_pam_info + && num_msg == 1 + && msg + && msg[0]->msg_style == PAM_TEXT_INFO) + return PAM_SUCCESS; + + return misc_conv(num_msg, msg, resp, appdata_ptr); +} + static struct pam_conv conv = { - misc_conv, - NULL + su_pam_conv, + NULL }; static void @@ -927,6 +943,9 @@ su_main (int argc, char **argv, int mode) init_groups (pw, groups, num_supp_groups); + if (!simulate_login || command) + suppress_pam_info = 1; /* don't print PAM info messages */ + create_watching_parent (); /* Now we're in the child. */ |