diff options
| author | Stefan Schubert <schubi@suse.de> | 2021-12-03 15:56:49 +0100 |
|---|---|---|
| committer | Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com> | 2022-02-08 09:13:00 +0100 |
| commit | 89054484253e29a7a74c6326cf07c74ce4f2f192 (patch) | |
| tree | 2b6c80d5b5ff678768e35821f124500be5f2b981 /modules | |
| parent | b68ce3d7c634bf9581aa90195abe5124a799d795 (diff) | |
| download | pam-89054484253e29a7a74c6326cf07c74ce4f2f192.tar.gz pam-89054484253e29a7a74c6326cf07c74ce4f2f192.tar.bz2 pam-89054484253e29a7a74c6326cf07c74ce4f2f192.zip | |
pam_time: use vendor specific time.conf as fallback
Use the vendor directory defined by --enable-vendordir=DIR configure
option as fallback for the distribution provided default config file
if there is no configuration in /etc.
* modules/pam_time/pam_time.8.xml: Describe this.
* modules/pam_time/time.h [VENDOR_SCONFIGDIR] (VENDOR_PAM_TIME_CONF):
New macro.
* modules/pam_time/pam_time.c (_pam_parse) [VENDOR_PAM_TIME_CONF]:
Try to open VENDOR_PAM_TIME_CONF file when no conffile= option was
specified and PAM_TIME_CONF file does not exist.
Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>
Resolves: https://github.com/linux-pam/linux-pam/pull/409
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_time/pam_time.8.xml | 5 | ||||
| -rw-r--r-- | modules/pam_time/pam_time.c | 16 |
2 files changed, 21 insertions, 0 deletions
diff --git a/modules/pam_time/pam_time.8.xml b/modules/pam_time/pam_time.8.xml index 4708220c..a33744ea 100644 --- a/modules/pam_time/pam_time.8.xml +++ b/modules/pam_time/pam_time.8.xml @@ -51,6 +51,11 @@ <filename>/etc/security/time.conf</filename>. An alternative file can be specified with the <emphasis>conffile</emphasis> option. </para> + <para condition="with_vendordir"> + If there is no explicitly specified configuration file and + <filename>/etc/security/time.conf</filename> does not exist, + <filename>%vendordir%/security/time.conf</filename> is used. + </para> <para> If Linux PAM is compiled with audit support the module will report when it denies access. diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index 8eebc914..b99e4c32 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -34,6 +34,9 @@ #endif #define PAM_TIME_CONF (SCONFIGDIR "/time.conf") +#ifdef VENDOR_SCONFIGDIR +#define VENDOR_PAM_TIME_CONF (VENDOR_SCONFIGDIR "/time.conf") +#endif #define PAM_TIME_BUFLEN 1000 #define FIELD_SEPARATOR ';' /* this is new as of .02 */ @@ -79,6 +82,19 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, const char ** } } +#ifdef VENDOR_PAM_TIME_CONF + if (*conffile == PAM_TIME_CONF) { + /* + * Check whether PAM_TIME_CONF file is available. + * If it does not exist, fall back to VENDOR_PAM_TIME_CONF file. + */ + struct stat buffer; + if (stat(*conffile, &buffer) != 0 && errno == ENOENT) { + *conffile = VENDOR_PAM_TIME_CONF; + } + } +#endif + return ctrl; } |