diff options
| author | Stefan Schubert <schubi@suse.de> | 2023-01-25 10:09:01 +0100 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@strace.io> | 2023-01-27 13:40:14 +0000 |
| commit | b392552522524f6bac9c01d469f33e87971dbe0f (patch) | |
| tree | 9950cf2ad9638a29db149c13f74a53233ab8b138 | |
| parent | daec232978b1c4bfffe220839e0bfbb910723bbb (diff) | |
| download | pam-b392552522524f6bac9c01d469f33e87971dbe0f.tar.gz pam-b392552522524f6bac9c01d469f33e87971dbe0f.tar.bz2 pam-b392552522524f6bac9c01d469f33e87971dbe0f.zip | |
pam_pwhistory: use vendor specific pwhistory.conf as fallback
Use the vendor directory defined by --enable-vendordir=DIR configure
option as fallback for the distribution provided default config file
if there is no configuration in /etc.
* modules/pam_pwhistory/pam_pwhistory.8.xml: Describe pwhistory.conf
* modules/pam_pwhistory/pwhistory_config.c [VENDOR_SCONFIGDIR]
(VENDOR_PWHISTORY_DEFAULT_CONF): New macro.
(parse_config_file) [VENDOR_PWHISTORY_DEFAULT_CONF]: Try to open
VENDOR_PWHISTORY_DEFAULT_CONF if PWHISTORY_DEFAULT_CONF file does not
exist.
| -rw-r--r-- | modules/pam_pwhistory/pam_pwhistory.8.xml | 15 | ||||
| -rw-r--r-- | modules/pam_pwhistory/pwhistory_config.c | 16 |
2 files changed, 31 insertions, 0 deletions
diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml index 62848666..d83d8d97 100644 --- a/modules/pam_pwhistory/pam_pwhistory.8.xml +++ b/modules/pam_pwhistory/pam_pwhistory.8.xml @@ -251,6 +251,21 @@ password required pam_unix.so use_authtok <para>Default file with password history</para> </listitem> </varlistentry> + <varlistentry> + <term><filename>/etc/security/pwhistory.conf</filename></term> + <listitem> + <para>Config file for pam_pwhistory options</para> + </listitem> + </varlistentry> + <varlistentry condition="with_vendordir"> + <term><filename>%vendordir%/security/pwhistory.conf</filename></term> + <listitem> + <para> + Config file for pam_pwhistory options. It will be used if + <filename>/etc/security/pwhistory.conf</filename> does not exist. + </para> + </listitem> + </varlistentry> </variablelist> </refsect1> diff --git a/modules/pam_pwhistory/pwhistory_config.c b/modules/pam_pwhistory/pwhistory_config.c index b21879c6..692cf80e 100644 --- a/modules/pam_pwhistory/pwhistory_config.c +++ b/modules/pam_pwhistory/pwhistory_config.c @@ -39,6 +39,7 @@ #include <stdlib.h> #include <string.h> #include <syslog.h> +#include <sys/stat.h> #include <security/pam_modutil.h> @@ -47,6 +48,10 @@ #define PWHISTORY_DEFAULT_CONF SCONFIGDIR "/pwhistory.conf" +#ifdef VENDOR_SCONFIGDIR +#define VENDOR_PWHISTORY_DEFAULT_CONF (VENDOR_SCONFIGDIR "/pwhistory.conf") +#endif + void parse_config_file(pam_handle_t *pamh, int argc, const char **argv, struct options_t *options) @@ -65,6 +70,17 @@ parse_config_file(pam_handle_t *pamh, int argc, const char **argv, if (fname == NULL) { fname = PWHISTORY_DEFAULT_CONF; + +#ifdef VENDOR_PWHISTORY_DEFAULT_CONF + /* + * Check whether PWHISTORY_DEFAULT_CONF file is available. + * If it does not exist, fall back to VENDOR_PWHISTORY_DEFAULT_CONF file. + */ + struct stat buffer; + if (stat(fname, &buffer) != 0 && errno == ENOENT) { + fname = VENDOR_PWHISTORY_DEFAULT_CONF; + } +#endif } val = pam_modutil_search_key (pamh, fname, "debug"); |