audit: add an option to control logging of passwords with pam_tty_audit
authorRichard Guy Briggs <rgb@redhat.com>
Fri, 3 May 2013 18:03:50 +0000 (14:03 -0400)
committerEric Paris <eparis@redhat.com>
Tue, 30 Apr 2013 19:31:28 +0000 (15:31 -0400)
commit46e959ea2969cc1668d09b0dc55226946cf781f1
tree40481f42587257039bd7b898c2aec95e1c01656f
parentbde02ca858448cf54a4226774dd1481f3bcc455e
audit: add an option to control logging of passwords with pam_tty_audit

Most commands are entered one line at a time and processed as complete lines
in non-canonical mode.  Commands that interactively require a password, enter
canonical mode to do this while shutting off echo.  This pair of features
(icanon and !echo) can be used to avoid logging passwords by audit while still
logging the rest of the command.

Adding a member (log_passwd) to the struct audit_tty_status passed in by
pam_tty_audit allows control of canonical mode without echo per task.

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
drivers/tty/tty_audit.c
include/linux/sched.h
include/uapi/linux/audit.h
kernel/audit.c