diff options
Diffstat (limited to 'modules/pam_sepermit/pam_sepermit.c')
-rw-r--r-- | modules/pam_sepermit/pam_sepermit.c | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c index f7d98d5b..5fbc8fdd 100644 --- a/modules/pam_sepermit/pam_sepermit.c +++ b/modules/pam_sepermit/pam_sepermit.c @@ -61,6 +61,12 @@ #include <selinux/selinux.h> +#include "pam_inline.h" + +#define SEPERMIT_CONF_FILE (SCONFIGDIR "/sepermit.conf") +#ifdef VENDOR_SCONFIGDIR +# define SEPERMIT_VENDOR_CONF_FILE (VENDOR_SCONFIGDIR "/sepermit.conf"); +#endif #define MODULE "pam_sepermit" #define OPT_DELIM ":" @@ -370,16 +376,31 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, const char *user = NULL; char *seuser = NULL; char *level = NULL; - const char *cfgfile = SEPERMIT_CONF_FILE; + const char *cfgfile = NULL; /* Parse arguments. */ for (i = 0; i < argc; i++) { + const char *str; + if (strcmp(argv[i], "debug") == 0) { debug = 1; + } else if ((str = pam_str_skip_prefix(argv[i], "conf=")) != NULL) { + cfgfile = str; + } else { + pam_syslog(pamh, LOG_ERR, "unknown option: %s", argv[i]); } - if (strcmp(argv[i], "conf=") == 0) { - cfgfile = argv[i] + 5; - } + } + + if (cfgfile == NULL) { +#ifdef SEPERMIT_VENDOR_CONF_FILE + struct stat buffer; + + cfgfile = SEPERMIT_CONF_FILE; + if (stat(cfgfile, &buffer) != 0 && errno == ENOENT) + cfgfile = SEPERMIT_VENDOR_CONF_FILE; +#else + cfgfile = SEPERMIT_CONF_FILE; +#endif } if (debug) |