pam_access: support parsing files in /etc/security/access.d/*.conf

* modules/pam_access/pam_access.c (login_access): Return NOMATCH if
there was no match in the parsed file.
(pam_sm_authenticate): Add glob() call to go through the ACCESS_CONF_GLOB
subdirectory and call login_access() on the individual files matched.
* modules/pam_access/pam_access.8.xml: Document the addition.
* modules/pam_access/Makefile.am: Add ACCESS_CONF_GLOB definition.

1 files changed, 8 insertions, 0 deletions

diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml
index c629a9f3..9a6556cc 100644
--- a/modules/pam_access/pam_access.8.xml
+++ b/modules/pam_access/pam_access.8.xml
@@ -57,6 +57,14 @@
       By default rules for access management are taken from config file
       <filename>/etc/security/access.conf</filename> if you don't specify
       another file.
+      Then individual <filename>*.conf</filename> files from the
+      <filename>/etc/security/access.d/</filename> directory are read.
+      The files are parsed one after another in the order of the system locale.
+      The effect of the individual files is the same as if all the files were
+      concatenated together in the order of parsing. This means that once
+      a pattern is matched in some file no further files are parsed.
+      If a config file is explicitly specified with the <option>accessfile</option>
+      option the files in the above directory are not parsed.
     </para>
     <para>
       If Linux PAM is compiled with audit support the module will report