diff options
author | Sam Hartman <hartmans@debian.org> | 2023-09-11 14:00:42 -0600 |
---|---|---|
committer | Steve Langasek <steve.langasek@ubuntu.com> | 2024-02-29 13:56:32 -0700 |
commit | 2fcd683b6bb0885a250d12bede593b77d2a58cf9 (patch) | |
tree | 5f0ccbc76d5ba33db05222f776e6e1b8957a8d3f | |
parent | 83b32923e29375a9888a0ad658269a28a1feb1d5 (diff) |
lib_security_multiarch_compat
Unqualified module paths should always be looked up in *both* the default
module dir, *and* the ISA dir. That's what paths are for.
This lets us have a soft transition to multiarch for modules without having
to rewrite /etc/pam.d/ files or add ugly symlinks.
Authors: Steve Langasek <vorlon@debian.org>
Upstream status: not ready to be committed - this needs tweaked, we're
currently abusing the existing variables and inverting their meaning in
order to get everything installed where we want it and get absolute paths
the way we want them.
Gbp-Pq: Name lib_security_multiarch_compat
-rw-r--r-- | libpam/pam_handlers.c | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c index c7045d26..dc5f81fa 100644 --- a/libpam/pam_handlers.c +++ b/libpam/pam_handlers.c @@ -737,7 +737,27 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) success = PAM_ABORT; D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); - mod->dl_handle = _pam_dlopen(mod_path); + if (mod_path[0] == '/') { + mod->dl_handle = _pam_dlopen(mod_path); + } else { + char *mod_full_path = NULL; + if (asprintf(&mod_full_path, "%s%s", + DEFAULT_MODULE_PATH, mod_path) >= 0) { + mod->dl_handle = _pam_dlopen(mod_full_path); + _pam_drop(mod_full_path); + } else { + pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); + } + if (!mod->dl_handle) { + if (asprintf(&mod_full_path, "%s/%s", + _PAM_ISA, mod_path) >= 0) { + mod->dl_handle = _pam_dlopen(mod_full_path); + _pam_drop(mod_full_path); + } else { + pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); + } + } + } D(("_pam_load_module: _pam_dlopen'ed")); D(("_pam_load_module: dlopen'ed")); if (mod->dl_handle == NULL) { @@ -814,7 +834,6 @@ int _pam_add_handler(pam_handle_t *pamh struct handler **handler_p2; struct handlers *the_handlers; const char *sym, *sym2; - char *mod_full_path; servicefn func, func2; int mod_type = PAM_MT_FAULTY_MOD; @@ -826,16 +845,7 @@ int _pam_add_handler(pam_handle_t *pamh if ((handler_type == PAM_HT_MODULE || handler_type == PAM_HT_SILENT_MODULE) && mod_path != NULL) { - if (mod_path[0] == '/') { - mod = _pam_load_module(pamh, mod_path, handler_type); - } else if (asprintf(&mod_full_path, "%s%s", - DEFAULT_MODULE_PATH, mod_path) >= 0) { - mod = _pam_load_module(pamh, mod_full_path, handler_type); - _pam_drop(mod_full_path); - } else { - pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); - return PAM_ABORT; - } + mod = _pam_load_module(pamh, mod_path, handler_type); if (mod == NULL) { /* if we get here with NULL it means allocation error */ |