su: suppress PAM info messages for -c or non-login sessions
The 'Last login:' messages from PAM lastlogin module is unexpected for non-login sessions or when -c <command> executed. For example: $ su - -c id Last login: Wed Jul 24 08:36:28 CEST 2013 from dhcp-25-161.brq.redhat.com on pts/18 uid=0(root) gid=0(root) skupiny=0(root) this makes 'su' useless in scripts. This patch suppress all PAM_TEXT_INFO messages for -c and for non-login session ('-' is not specified) after pam_authenticate() and pam_acct_mgmt(). Note that the new PAM conversation function checks the first message in the msg[] array only. It seems good enough as PAM internally uses pam_info() function that does not use multiple messages for one conv call. References: https://bugzilla.redhat.com/show_bug.cgi?id=987787 Signed-off-by: Karel Zak <kzak@redhat.com>
This commit is contained in:
parent
03d00d495f
commit
fb4edda749
|
@ -111,6 +111,9 @@ static int same_session = 0;
|
|||
/* SU_MODE_{RUNUSER,SU} */
|
||||
static int su_mode;
|
||||
|
||||
/* Don't print PAM info messages (Last login, etc.). */
|
||||
static int suppress_pam_info;
|
||||
|
||||
static bool _pam_session_opened;
|
||||
static bool _pam_cred_established;
|
||||
static sig_atomic_t volatile caught_signal = false;
|
||||
|
@ -208,10 +211,23 @@ static void log_btmp(struct passwd const *pw)
|
|||
updwtmp(_PATH_BTMP, &ut);
|
||||
}
|
||||
|
||||
|
||||
static int su_pam_conv(int num_msg, const struct pam_message **msg,
|
||||
struct pam_response **resp, void *appdata_ptr)
|
||||
{
|
||||
if (suppress_pam_info
|
||||
&& num_msg == 1
|
||||
&& msg
|
||||
&& msg[0]->msg_style == PAM_TEXT_INFO)
|
||||
return PAM_SUCCESS;
|
||||
|
||||
return misc_conv(num_msg, msg, resp, appdata_ptr);
|
||||
}
|
||||
|
||||
static struct pam_conv conv =
|
||||
{
|
||||
misc_conv,
|
||||
NULL
|
||||
su_pam_conv,
|
||||
NULL
|
||||
};
|
||||
|
||||
static void
|
||||
|
@ -927,6 +943,9 @@ su_main (int argc, char **argv, int mode)
|
|||
|
||||
init_groups (pw, groups, num_supp_groups);
|
||||
|
||||
if (!simulate_login || command)
|
||||
suppress_pam_info = 1; /* don't print PAM info messages */
|
||||
|
||||
create_watching_parent ();
|
||||
/* Now we're in the child. */
|
||||
|
||||
|
|
Loading…
Reference in New Issue