diff options
| author | Andreas Vögele <andreas@andreasvoegele.com> | 2024-01-05 12:08:29 +0100 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@strace.io> | 2024-01-13 08:00:00 +0000 |
| commit | 2894abec4d2bf487348994f1703671a5e039c0f9 (patch) | |
| tree | e084e59f79ddbc1598a6e3b4350ab647f7ca96f9 /modules/pam_access/pam_access.c | |
| parent | f531148ae4920eced517cf9e89108510ec59f32a (diff) | |
| download | pam-2894abec4d2bf487348994f1703671a5e039c0f9.tar.gz pam-2894abec4d2bf487348994f1703671a5e039c0f9.tar.bz2 pam-2894abec4d2bf487348994f1703671a5e039c0f9.zip | |
pam_access: add quiet_log option
If quiet_log option is specified, no "access denied" message is logged.
* modules/pam_access/pam_access.c (struct login_info): Add quiet_log.
(parse_args): Initialize it.
(pam_sm_authenticate): Use it.
* modules/pam_access/pam_access.8.xml: Document quiet_log option.
Closes: https://github.com/linux-pam/linux-pam/issues/706
Diffstat (limited to 'modules/pam_access/pam_access.c')
| -rw-r--r-- | modules/pam_access/pam_access.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index 1bb7a70b..f52ab2c3 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -99,6 +99,7 @@ struct login_info { int debug; /* Print debugging messages. */ int only_new_group_syntax; /* Only allow group entries of the form "(xyz)" */ int noaudit; /* Do not audit denials */ + int quiet_log; /* Do not log denials */ const char *fs; /* field separator */ const char *sep; /* list-element separator */ int from_remote_host; /* If PAM_RHOST was used for from */ @@ -115,6 +116,7 @@ parse_args(pam_handle_t *pamh, struct login_info *loginfo, int i; loginfo->noaudit = NO; + loginfo->quiet_log = NO; loginfo->debug = NO; loginfo->only_new_group_syntax = NO; loginfo->fs = ":"; @@ -150,6 +152,8 @@ parse_args(pam_handle_t *pamh, struct login_info *loginfo, loginfo->only_new_group_syntax = YES; } else if (strcmp (argv[i], "noaudit") == 0) { loginfo->noaudit = YES; + } else if (strcmp (argv[i], "quiet_log") == 0) { + loginfo->quiet_log = YES; } else { pam_syslog(pamh, LOG_ERR, "unrecognized option [%s]", argv[i]); } @@ -1105,8 +1109,10 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, if (rv) { return (PAM_SUCCESS); } else { - pam_syslog(pamh, LOG_ERR, - "access denied for user `%s' from `%s'",user,from); + if (!loginfo.quiet_log) { + pam_syslog(pamh, LOG_ERR, + "access denied for user `%s' from `%s'",user,from); + } return (PAM_PERM_DENIED); } } |