[PATCH] quieter pam_succeed_if when user unknown

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have patched in a quiet_unknown flag for pam_succeed_if which avoids
logging when the user is unknown (right be before PAM_USER_UNKNOWN is
returned).

The regenerations mentioned in the ChangeLog will need to be done.

dc
diff -ru Linux-PAM-1.1.1/ChangeLog quieter/ChangeLog
--- Linux-PAM-1.1.1/ChangeLog	2009-12-16 08:16:41.000000000 -0500
+++ quieter/ChangeLog	2009-12-17 21:17:59.000000000 -0500
@@ -1,3 +1,10 @@
+	* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Add
+	quiet_unknown flag to avoid logging "error retrieving information about
+	user", included in quiet flag.
+	* modules/pam_succeed_if/pam_succeed_if.8.xml: Document quiet_unknown
+	* modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml.
+	* modules/pam_succeed_if/README: Regenerated from xml.
+
 2009-12-16  Thorsten Kukuk  <kukuk@xxxxxxx>
 
 	* release version 1.1.1
diff -ru Linux-PAM-1.1.1/modules/pam_succeed_if/pam_succeed_if.8.xml quieter/modules/pam_succeed_if/pam_succeed_if.8.xml
--- Linux-PAM-1.1.1/modules/pam_succeed_if/pam_succeed_if.8.xml	2009-06-16 03:35:09.000000000 -0400
+++ quieter/modules/pam_succeed_if/pam_succeed_if.8.xml	2009-12-17 20:51:32.000000000 -0500
@@ -69,7 +69,7 @@
       <varlistentry>
         <term><option>quiet</option></term>
         <listitem>
-          <para>Don't log failure or success to the system log.</para>
+          <para>Don't log failure, success, or unknown user to the system log.</para>
         </listitem>
       </varlistentry>
       <varlistentry>
@@ -88,6 +88,14 @@
           </para>
         </listitem>
       </varlistentry>
+      <varlistentry>
+        <term><option>quiet_unknown</option></term>
+        <listitem>
+          <para>
+            Don't log unknown user to the system log.
+          </para>
+        </listitem>
+      </varlistentry>
     </variablelist>
 
     <para>
diff -ru Linux-PAM-1.1.1/modules/pam_succeed_if/pam_succeed_if.c quieter/modules/pam_succeed_if/pam_succeed_if.c
--- Linux-PAM-1.1.1/modules/pam_succeed_if/pam_succeed_if.c	2009-05-05 08:50:16.000000000 -0400
+++ quieter/modules/pam_succeed_if/pam_succeed_if.c	2009-12-17 20:47:39.000000000 -0500
@@ -383,7 +383,7 @@
 	struct passwd *pwd;
 	int ret, i, count, use_uid, debug;
 	const char *left, *right, *qual;
-	int quiet_fail, quiet_succ;
+	int quiet_fail, quiet_succ, quiet_unkn;
 
 	/* Get the user prompt. */
 	ret = pam_get_item(pamh, PAM_USER_PROMPT, &prompt);
@@ -393,6 +393,7 @@
 
 	quiet_fail = 0;
 	quiet_succ = 0;
+	quiet_unkn = 0;
 	for (use_uid = 0, debug = 0, i = 0; i < argc; i++) {
 		if (strcmp(argv[i], "debug") == 0) {
 			debug++;
@@ -403,6 +404,7 @@
 		if (strcmp(argv[i], "quiet") == 0) {
 			quiet_fail++;
 			quiet_succ++;
+			quiet_unkn++;
 		}
 		if (strcmp(argv[i], "quiet_fail") == 0) {
 			quiet_fail++;
@@ -410,15 +412,19 @@
 		if (strcmp(argv[i], "quiet_success") == 0) {
 			quiet_succ++;
 		}
+		if (strcmp(argv[i], "quiet_unknown") == 0) {
+			quiet_unkn++;
+		}
 	}
 
 	if (use_uid) {
 		/* Get information about the user. */
 		pwd = pam_modutil_getpwuid(pamh, getuid());
 		if (pwd == NULL) {
-			pam_syslog(pamh, LOG_CRIT,
-				   "error retrieving information about user %lu",
-				   (unsigned long)getuid());
+			if(!quiet_unkn)
+				pam_syslog(pamh, LOG_CRIT,
+					   "error retrieving information about user %lu",
+					   (unsigned long)getuid());
 			return PAM_USER_UNKNOWN;
 		}
 		user = pwd->pw_name;
@@ -435,9 +441,10 @@
 		/* Get information about the user. */
 		pwd = pam_modutil_getpwnam(pamh, user);
 		if (pwd == NULL) {
-			pam_syslog(pamh, LOG_CRIT,
-				   "error retrieving information about user %s",
-				   user);
+			if(!quiet_unkn)
+				pam_syslog(pamh, LOG_CRIT,
+					   "error retrieving information about user %s",
+					   user);
 			return PAM_USER_UNKNOWN;
 		}
 	}
@@ -461,6 +468,9 @@
 		if (strcmp(argv[i], "quiet_success") == 0) {
 			continue;
 		}
+		if (strcmp(argv[i], "quiet_unknown") == 0) {
+			continue;
+		}
 		if (left == NULL) {
 			left = argv[i];
 			continue;
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux