Add "quiet" option to pam_unix to suppress informential info

messages from session.

* modules/pam_unix/pam_unix.8.xml: Document new option.
* modules/pam_unix/support.h: Add quiet option.
* modules/pam_unix/pam_unix_sess.c: Don't print LOG_INFO messages if
 'quiet' option is set.

3 files changed, 25 insertions, 6 deletions

diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml
index 9ce084e3..e1702420 100644
--- a/modules/pam_unix/pam_unix.8.xml
+++ b/modules/pam_unix/pam_unix.8.xml
@@ -131,6 +131,21 @@
 
       <varlistentry>
         <term>
+          <option>quiet</option>
+        </term>
+        <listitem>
+          <para>
+	    Turns off informational messages namely messages about
+	    session open and close via
+            <citerefentry>
+              <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
+            </citerefentry>.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>
           <option>nullok</option>
         </term>
         <listitem>
diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c
index d1376732..5d001816 100644
--- a/modules/pam_unix/pam_unix_sess.c
+++ b/modules/pam_unix/pam_unix_sess.c
@@ -96,8 +96,9 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
 	if (login_name == NULL) {
 	    login_name = "";
 	}
-	pam_syslog(pamh, LOG_INFO, "session opened for user %s by %s(uid=%lu)",
-		 user_name, login_name, (unsigned long)getuid());
+	if (off (UNIX_QUIET, ctrl))
+	  pam_syslog(pamh, LOG_INFO, "session opened for user %s by %s(uid=%lu)",
+		     user_name, login_name, (unsigned long)getuid());
 
 	return PAM_SUCCESS;
 }
@@ -126,8 +127,9 @@ pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
 		         "close_session - error recovering service");
 		return PAM_SESSION_ERR;
 	}
-	pam_syslog(pamh, LOG_INFO, "session closed for user %s",
-		user_name);
+	if (off (UNIX_QUIET, ctrl))
+	  pam_syslog(pamh, LOG_INFO, "session closed for user %s",
+		     user_name);
 
 	return PAM_SUCCESS;
 }
diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
index cd6ddb76..3729ce0c 100644
--- a/modules/pam_unix/support.h
+++ b/modules/pam_unix/support.h
@@ -97,9 +97,10 @@ typedef struct {
 					   password hash algorithms */
 #define UNIX_BLOWFISH_PASS       26	/* new password hashes will use blowfish */
 #define UNIX_MIN_PASS_LEN        27	/* min length for password */
-#define UNIX_DES                 28     /* DES, default */
+#define UNIX_QUIET		 28	/* Don't print informational messages */
+#define UNIX_DES                 29     /* DES, default */
 /* -------------- */
-#define UNIX_CTRLS_              29	/* number of ctrl arguments defined */
+#define UNIX_CTRLS_              30	/* number of ctrl arguments defined */
 
 #define UNIX_DES_CRYPT(ctrl)	(off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl))
 
@@ -136,6 +137,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
 /* UNIX_ALGO_ROUNDS */     {"rounds=",         _ALL_ON_,          0100000000, 0},
 /* UNIX_BLOWFISH_PASS */   {"blowfish",    _ALL_ON_^(0260420000), 0200000000, 1},
 /* UNIX_MIN_PASS_LEN */    {"minlen=",		_ALL_ON_,         0400000000, 0},
+/* UNIX_QUIET */           {"quiet",           _ALL_ON_,         01000000000, 0},
 /* UNIX_DES */             {"des",             _ALL_ON_^(0260420000),      0, 1},
 };