Add support for a vendor directory and libeconf (#136)

With this, it is possible for Linux distributors to store their
supplied default configuration files somewhere below /usr, while
/etc only contains the changes made by the user. The new option
--enable-vendordir defines where Linux-PAM should additional look
for pam.d/*, login.defs and securetty if this files are not in /etc.
libeconf is a key/value configuration file reading library, which
handles the split of configuration files in different locations
and merges them transparently for the application.

1 files changed, 37 insertions, 0 deletions

diff --git a/libpam/pam_modutil_searchkey.c b/libpam/pam_modutil_searchkey.c
index 338b44fd..4e565974 100644
--- a/libpam/pam_modutil_searchkey.c
+++ b/libpam/pam_modutil_searchkey.c
@@ -13,9 +13,41 @@
 #include <string.h>
 #include <stdlib.h>
 #include <ctype.h>
+#ifdef USE_ECONF
+#include <libeconf.h>
+#endif
 
 #define BUF_SIZE 8192
 
+#ifdef USE_ECONF
+#define LOGIN_DEFS "/etc/login.defs"
+
+#ifndef VENDORDIR
+#define VENDORDIR NULL
+#endif
+
+static char *
+econf_search_key (const char *name, const char *suffix, const char *key)
+{
+	econf_file *key_file = NULL;
+	char *val;
+
+	if (econf_readDirs (&key_file, VENDORDIR, SYSCONFDIR, name, suffix,
+			    " \t", "#"))
+		return NULL;
+
+	if (econf_getStringValue (key_file, NULL, key, &val)) {
+		econf_free (key_file);
+		return NULL;
+	}
+
+	econf_free (key_file);
+
+	return val;
+}
+
+#endif
+
 /* lookup a value for key in login.defs file or similar key value format */
 char *
 pam_modutil_search_key(pam_handle_t *pamh UNUSED,
@@ -27,6 +59,11 @@ pam_modutil_search_key(pam_handle_t *pamh UNUSED,
 	size_t buflen = 0;
 	char *retval = NULL;
 
+#ifdef USE_ECONF
+	if (strcmp (file_name, LOGIN_DEFS) == 0)
+		return econf_search_key ("login", ".defs", key);
+#endif
+
 	fp = fopen(file_name, "r");
 	if (NULL == fp)
 		return NULL;