diff options
Diffstat (limited to 'debian/patches-applied/031_pam_include')
| -rw-r--r-- | debian/patches-applied/031_pam_include | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/debian/patches-applied/031_pam_include b/debian/patches-applied/031_pam_include new file mode 100644 index 00000000..e28415c4 --- /dev/null +++ b/debian/patches-applied/031_pam_include @@ -0,0 +1,58 @@ +Patch to implement an @include directive for use in pam.d config files. + +Authors: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de> + +Upstream status: not yet submitted + +Index: pam/Linux-PAM/libpam/pam_handlers.c +=================================================================== +--- pam.orig/Linux-PAM/libpam/pam_handlers.c ++++ pam/Linux-PAM/libpam/pam_handlers.c +@@ -114,6 +114,10 @@ + module_type = PAM_T_ACCT; + } else if (!strcasecmp("password", tok)) { + module_type = PAM_T_PASS; ++ } else if (!strcasecmp("@include", tok)) { ++ pam_include = 1; ++ module_type = requested_module_type; ++ goto parsing_done; + } else { + /* Illegal module type */ + D(("_pam_init_handlers: bad module type: %s", tok)); +@@ -178,14 +182,33 @@ + _pam_set_default_control(actions, _PAM_ACTION_BAD); + } + ++parsing_done: + tok = _pam_StrTok(NULL, " \n\t", &nexttok); + if (pam_include) { +- if (_pam_load_conf_file(pamh, tok, this_service, module_type ++ struct stat include_dir; ++ if (tok[0] == '/') { ++ if (_pam_load_conf_file(pamh, tok, this_service, module_type + #ifdef PAM_READ_BOTH_CONFS +- , !other ++ , !other + #endif /* PAM_READ_BOTH_CONFS */ + ) == PAM_SUCCESS) +- continue; ++ continue; ++ } else if (!stat(PAM_CONFIG_D, &include_dir) && S_ISDIR(include_dir.st_mode)) { ++ char *include_file; ++ if (asprintf (&include_file, PAM_CONFIG_DF, tok) < 0) { ++ pam_syslog(pamh, LOG_CRIT, "asprintf failed"); ++ return PAM_ABORT; ++ } ++ if (_pam_load_conf_file(pamh, include_file, this_service, module_type ++#ifdef PAM_READ_BOTH_CONFS ++ , !other ++#endif /* PAM_READ_BOTH_CONFS */ ++ ) == PAM_SUCCESS) { ++ free(include_file); ++ continue; ++ } ++ free(include_file); ++ } + _pam_set_default_control(actions, _PAM_ACTION_BAD); + mod_path = NULL; + must_fail = 1; |