diff options
| author | Stefan Schubert <schubi@suse.de> | 2021-12-08 14:28:18 +0100 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@altlinux.org> | 2022-01-24 08:00:00 +0000 |
| commit | 4d96b59360a57a7a96443e6c34d2cfd13ea3f5e3 (patch) | |
| tree | 712df9ce5bce70a508d00f2c63a442a4f4398a97 | |
| parent | 7ea1119a382ca07a9a60ee2044c49eefbb87de9c (diff) | |
| download | pam-4d96b59360a57a7a96443e6c34d2cfd13ea3f5e3.tar.gz pam-4d96b59360a57a7a96443e6c34d2cfd13ea3f5e3.tar.bz2 pam-4d96b59360a57a7a96443e6c34d2cfd13ea3f5e3.zip | |
pam_sepermit: use vendor specific sepermit.conf as fallback
Use the vendor directory defined by --enable-vendordir=DIR configure
option as fallback for the distribution provided default config file
if there is no configuration in /etc.
* modules/pam_sepermit/pam_sepermit.c [VENDOR_SCONFIGDIR]
(SEPERMIT_VENDOR_CONF_FILE): New macro.
(pam_sm_authenticate) [SEPERMIT_VENDOR_CONF_FILE]: Use it as default
config file when conf= option is not specified and the file pointed
by SEPERMIT_CONF_FILE does not exist.
* modules/pam_sepermit/pam_sepermit.8.xml: Describe it.
Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>
Resolves: https://github.com/linux-pam/linux-pam/pull/411
| -rw-r--r-- | modules/pam_sepermit/pam_sepermit.8.xml | 6 | ||||
| -rw-r--r-- | modules/pam_sepermit/pam_sepermit.c | 17 |
2 files changed, 21 insertions, 2 deletions
diff --git a/modules/pam_sepermit/pam_sepermit.8.xml b/modules/pam_sepermit/pam_sepermit.8.xml index 30d9cc54..5763c346 100644 --- a/modules/pam_sepermit/pam_sepermit.8.xml +++ b/modules/pam_sepermit/pam_sepermit.8.xml @@ -54,7 +54,11 @@ <refentrytitle>sepermit.conf</refentrytitle><manvolnum>5</manvolnum> </citerefentry> for details. </para> - + <para condition="with_vendordir"> + If there is no explicitly specified configuration file and + <filename>/etc/security/sepermit.conf</filename> does not exist, + <filename>%vendordir%/security/sepermit.conf</filename> is used. + </para> </refsect1> <refsect1 id="pam_sepermit-options"> diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c index 5a622027..5fbc8fdd 100644 --- a/modules/pam_sepermit/pam_sepermit.c +++ b/modules/pam_sepermit/pam_sepermit.c @@ -64,6 +64,9 @@ #include "pam_inline.h" #define SEPERMIT_CONF_FILE (SCONFIGDIR "/sepermit.conf") +#ifdef VENDOR_SCONFIGDIR +# define SEPERMIT_VENDOR_CONF_FILE (VENDOR_SCONFIGDIR "/sepermit.conf"); +#endif #define MODULE "pam_sepermit" #define OPT_DELIM ":" @@ -373,7 +376,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, const char *user = NULL; char *seuser = NULL; char *level = NULL; - const char *cfgfile = SEPERMIT_CONF_FILE; + const char *cfgfile = NULL; /* Parse arguments. */ for (i = 0; i < argc; i++) { @@ -388,6 +391,18 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, } } + if (cfgfile == NULL) { +#ifdef SEPERMIT_VENDOR_CONF_FILE + struct stat buffer; + + cfgfile = SEPERMIT_CONF_FILE; + if (stat(cfgfile, &buffer) != 0 && errno == ENOENT) + cfgfile = SEPERMIT_VENDOR_CONF_FILE; +#else + cfgfile = SEPERMIT_CONF_FILE; +#endif + } + if (debug) pam_syslog(pamh, LOG_NOTICE, "Parsing config file: %s", cfgfile); |