pam_umask: build-time usergroups option default

This change adds a configure option to set the default value of the
usergroups option (of the pam_umask module) at build-time.

Distributions usually makes the decision if usergroups should be used or
not. This allows them to control the built-in default value, without
having to ship the value in a config file (cluttering up the view
of actually relevant user/system configuration overrides).

2 files changed, 14 insertions, 0 deletions

diff --git a/configure.ac b/configure.ac
index ab2963c1..a124b274 100644
--- a/configure.ac
+++ b/configure.ac
@@ -487,6 +487,17 @@ AS_IF([test "x$enable_nis" != "xno"], [
 AC_SUBST([NIS_CFLAGS])
 AC_SUBST([NIS_LIBS])
 
+AC_ARG_ENABLE([usergroups],
+  AS_HELP_STRING([--enable-usergroups], [sets the usergroups option default to enabled]),
+  [WITH_USERGROUPS=$enableval], WITH_USERGROUPS=no)
+if test "$WITH_USERGROUPS" = "yes" ; then
+   AC_DEFINE([DEFAULT_USERGROUPS_SETTING], 1,
+	     [Defines the value usergroups option should have by default])
+else
+   AC_DEFINE([DEFAULT_USERGROUPS_SETTING], 0,
+	     [Defines the value usergroups option should have by default])
+fi
+
 AC_ARG_ENABLE([selinux],
         AS_HELP_STRING([--disable-selinux],[do not use SELinux]),
         WITH_SELINUX=$enableval, WITH_SELINUX=yes)
diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c
index d962ed1f..f101919f 100644
--- a/modules/pam_umask/pam_umask.c
+++ b/modules/pam_umask/pam_umask.c
@@ -90,6 +90,9 @@ get_options (pam_handle_t *pamh, options_t *options,
 	     int argc, const char **argv)
 {
   memset (options, 0, sizeof (options_t));
+
+  options->usergroups = DEFAULT_USERGROUPS_SETTING;
+
   /* Parse parameters for module */
   for ( ; argc-- > 0; argv++)
     parse_option (pamh, *argv, options);