login: use PAM_SILENT to propagate hushlogin to PAM

login(1) follows /etc/hushlogin and ~/.hushlogin to enable silent
mode, but it's not propagated to PAM now. Note that login(1) from
shadow-utils uses PAM_SILENT too.

Addresses: https://github.com/linux-pam/linux-pam/issues/233
Addresses: https://github.com/karelzak/util-linux/issues/1059
Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/login-utils/login.c b/login-utils/login.c
index 2a938ba126148a168928095ae73e586f46c58327..026c023c920b9d757a451c3c6fa0c9164ee02bd1 100644 (file)
--- a/login-utils/login.c
+++ b/login-utils/login.c
@@ -959,7 +959,7 @@ static void loginpam_session(struct login_context *cxt)
        if (is_pam_failure(rc))
                loginpam_err(pamh, rc);
 
-       rc = pam_open_session(pamh, 0);
+       rc = pam_open_session(pamh, cxt->quiet ? PAM_SILENT : 0);
        if (is_pam_failure(rc)) {
                pam_setcred(cxt->pamh, PAM_DELETE_CRED);
                loginpam_err(pamh, rc);
@@ -1339,6 +1339,8 @@ int main(int argc, char **argv)
                sleepexit(EXIT_FAILURE);
        }
 
+       cxt.quiet = get_hushlogin_status(pwd, 1);
+
        /*
         * Open PAM session (after successful authentication and account check).
         */
@@ -1349,8 +1351,6 @@ int main(int argc, char **argv)
 
        endpwent();
 
-       cxt.quiet = get_hushlogin_status(pwd, 1);
-
        log_utmp(&cxt);
        log_audit(&cxt, 1);
        log_lastlog(&cxt);