I have patched in a quiet_unknown flag for pam_succeed_if which avoids
logging when the user is unknown (right be before PAM_USER_UNKNOWN is
returned).
The regenerations mentioned in the ChangeLog will need to be done.
dc
diff -ru Linux-PAM-1.1.1/ChangeLog quieter/ChangeLog
--- Linux-PAM-1.1.1/ChangeLog 2009-12-16 08:16:41.000000000 -0500
+++ quieter/ChangeLog 2009-12-17 21:17:59.000000000 -0500
@@ -1,3 +1,10 @@
+ * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Add
+ quiet_unknown flag to avoid logging "error retrieving information about
+ user", included in quiet flag.
+ * modules/pam_succeed_if/pam_succeed_if.8.xml: Document quiet_unknown
+ * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml.
+ * modules/pam_succeed_if/README: Regenerated from xml.
+
2009-12-16 Thorsten Kukuk <kukuk@xxxxxxx>
* release version 1.1.1
diff -ru Linux-PAM-1.1.1/modules/pam_succeed_if/pam_succeed_if.8.xml quieter/modules/pam_succeed_if/pam_succeed_if.8.xml
--- Linux-PAM-1.1.1/modules/pam_succeed_if/pam_succeed_if.8.xml 2009-06-16 03:35:09.000000000 -0400
+++ quieter/modules/pam_succeed_if/pam_succeed_if.8.xml 2009-12-17 20:51:32.000000000 -0500
@@ -69,7 +69,7 @@
<varlistentry>
<term><option>quiet</option></term>
<listitem>
- <para>Don't log failure or success to the system log.</para>
+ <para>Don't log failure, success, or unknown user to the system log.</para>
</listitem>
</varlistentry>
<varlistentry>
@@ -88,6 +88,14 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>quiet_unknown</option></term>
+ <listitem>
+ <para>
+ Don't log unknown user to the system log.
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
<para>
diff -ru Linux-PAM-1.1.1/modules/pam_succeed_if/pam_succeed_if.c quieter/modules/pam_succeed_if/pam_succeed_if.c
--- Linux-PAM-1.1.1/modules/pam_succeed_if/pam_succeed_if.c 2009-05-05 08:50:16.000000000 -0400
+++ quieter/modules/pam_succeed_if/pam_succeed_if.c 2009-12-17 20:47:39.000000000 -0500
@@ -383,7 +383,7 @@
struct passwd *pwd;
int ret, i, count, use_uid, debug;
const char *left, *right, *qual;
- int quiet_fail, quiet_succ;
+ int quiet_fail, quiet_succ, quiet_unkn;
/* Get the user prompt. */
ret = pam_get_item(pamh, PAM_USER_PROMPT, &prompt);
@@ -393,6 +393,7 @@
quiet_fail = 0;
quiet_succ = 0;
+ quiet_unkn = 0;
for (use_uid = 0, debug = 0, i = 0; i < argc; i++) {
if (strcmp(argv[i], "debug") == 0) {
debug++;
@@ -403,6 +404,7 @@
if (strcmp(argv[i], "quiet") == 0) {
quiet_fail++;
quiet_succ++;
+ quiet_unkn++;
}
if (strcmp(argv[i], "quiet_fail") == 0) {
quiet_fail++;
@@ -410,15 +412,19 @@
if (strcmp(argv[i], "quiet_success") == 0) {
quiet_succ++;
}
+ if (strcmp(argv[i], "quiet_unknown") == 0) {
+ quiet_unkn++;
+ }
}
if (use_uid) {
/* Get information about the user. */
pwd = pam_modutil_getpwuid(pamh, getuid());
if (pwd == NULL) {
- pam_syslog(pamh, LOG_CRIT,
- "error retrieving information about user %lu",
- (unsigned long)getuid());
+ if(!quiet_unkn)
+ pam_syslog(pamh, LOG_CRIT,
+ "error retrieving information about user %lu",
+ (unsigned long)getuid());
return PAM_USER_UNKNOWN;
}
user = pwd->pw_name;
@@ -435,9 +441,10 @@
/* Get information about the user. */
pwd = pam_modutil_getpwnam(pamh, user);
if (pwd == NULL) {
- pam_syslog(pamh, LOG_CRIT,
- "error retrieving information about user %s",
- user);
+ if(!quiet_unkn)
+ pam_syslog(pamh, LOG_CRIT,
+ "error retrieving information about user %s",
+ user);
return PAM_USER_UNKNOWN;
}
}
@@ -461,6 +468,9 @@
if (strcmp(argv[i], "quiet_success") == 0) {
continue;
}
+ if (strcmp(argv[i], "quiet_unknown") == 0) {
+ continue;
+ }
if (left == NULL) {
left = argv[i];
continue;
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
