pam_group: use vendor specific group.conf as fallback

Use the vendor directory defined by --enable-vendordir=DIR configure
option as fallback for the distribution provided default config file
if there is no configuration in /etc.

* modules/pam_group/pam_group.c: Include <errno.h>.
[VENDOR_SCONFIGDIR] (VENDOR_PAM_GROUP_CONF): New macro.
(read_field): Add conf_filename argument, use it instead of PAM_GROUP_CONF.
(check_account) <conf_filename>: New variable, initialize it to
PAM_GROUP_CONF, pass it to read_field().
[VENDOR_PAM_GROUP_CONF]: Assign VENDOR_PAM_GROUP_CONF to conf_filename
when PAM_GROUP_CONF file does not exist.
* modules/pam_group/pam_group.8.xml: Describe it.

Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>
Resolves: https://github.com/linux-pam/linux-pam/pull/412

1 files changed, 4 insertions, 0 deletions

diff --git a/modules/pam_group/pam_group.8.xml b/modules/pam_group/pam_group.8.xml
index 2c1c9058..e4a59dfd 100644
--- a/modules/pam_group/pam_group.8.xml
+++ b/modules/pam_group/pam_group.8.xml
@@ -38,6 +38,10 @@
       By default rules for group memberships are taken from config file
       <filename>/etc/security/group.conf</filename>.
     </para>
+    <para condition="with_vendordir">
+      If <filename>/etc/security/group.conf</filename> does not exist,
+      <filename>%vendordir%/security/group.conf</filename> is used.
+    </para>
     <para>
       This module's usefulness relies on the file-systems
       accessible to the user. The point being that once granted the