10 files changed, 250 insertions, 89 deletions
diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am
index 833d51a6..a71e6781 100644
--- a/modules/pam_time/Makefile.am
+++ b/modules/pam_time/Makefile.am
@@ -12,13 +12,17 @@ dist_man_MANS = time.conf.5 pam_time.8
 endif
 XMLS = README.xml time.conf.5.xml pam_time.8.xml
 dist_check_SCRIPTS = tst-pam_time
-TESTS = $(dist_check_SCRIPTS)
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 
 securelibdir = $(SECUREDIR)
+if HAVE_VENDORDIR
+secureconfdir = $(VENDOR_SCONFIGDIR)
+else
 secureconfdir = $(SCONFIGDIR)
+endif
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-DPAM_TIME_CONF=\"$(SCONFIGDIR)/time.conf\" $(WARN_CFLAGS)
+	    $(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -28,6 +32,9 @@ pam_time_la_LIBADD = $(top_builddir)/libpam/libpam.la
 securelib_LTLIBRARIES = pam_time.la
 dist_secureconf_DATA = time.conf
 
+check_PROGRAMS = tst-pam_time-retval
+tst_pam_time_retval_LDADD = $(top_builddir)/libpam/libpam.la
+
 if ENABLE_REGENERATE_MAN
 dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
diff --git a/modules/pam_time/Makefile.in b/modules/pam_time/Makefile.in
index 08d02d62..a1f0467c 100644
--- a/modules/pam_time/Makefile.in
+++ b/modules/pam_time/Makefile.in
@@ -94,6 +94,7 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+check_PROGRAMS = tst-pam_time-retval$(EXEEXT)
 subdir = modules/pam_time
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
@@ -157,6 +158,9 @@ AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
+tst_pam_time_retval_SOURCES = tst-pam_time-retval.c
+tst_pam_time_retval_OBJECTS = tst-pam_time-retval.$(OBJEXT)
+tst_pam_time_retval_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -172,7 +176,8 @@ am__v_at_1 =
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
 am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/pam_time.Plo
+am__depfiles_remade = ./$(DEPDIR)/pam_time.Plo \
+	./$(DEPDIR)/tst-pam_time-retval.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -192,8 +197,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = pam_time.c
-DIST_SOURCES = pam_time.c
+SOURCES = pam_time.c tst-pam_time-retval.c
+DIST_SOURCES = pam_time.c tst-pam_time-retval.c
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -431,6 +436,7 @@ CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
 DLLTOOL = @DLLTOOL@
+DOCBOOK_RNG = @DOCBOOK_RNG@
 DSYMUTIL = @DSYMUTIL@
 DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
@@ -443,11 +449,13 @@ EXEEXT = @EXEEXT@
 EXE_CFLAGS = @EXE_CFLAGS@
 EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
+HTML_STYLESHEET = @HTML_STYLESHEET@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -479,12 +487,14 @@ LIBSELINUX = @LIBSELINUX@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
 LN_S = @LN_S@
+LOGIND_CFLAGS = @LOGIND_CFLAGS@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
+MAN_STYLESHEET = @MAN_STYLESHEET@
 MKDIR_P = @MKDIR_P@
 MSGFMT = @MSGFMT@
 MSGFMT_015 = @MSGFMT_015@
@@ -507,6 +517,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PDF_STYLESHEET = @PDF_STYLESHEET@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -517,12 +528,16 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
+STRINGPARAM_PROFILECONDITIONS = @STRINGPARAM_PROFILECONDITIONS@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
+SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@
+SYSTEMD_LIBS = @SYSTEMD_LIBS@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
+TXT_STYLESHEET = @TXT_STYLESHEET@
 USE_NLS = @USE_NLS@
+VENDOR_SCONFIGDIR = @VENDOR_SCONFIGDIR@
 VERSION = @VERSION@
 WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
@@ -594,16 +609,18 @@ EXTRA_DIST = $(XMLS)
 @HAVE_DOC_TRUE@dist_man_MANS = time.conf.5 pam_time.8
 XMLS = README.xml time.conf.5.xml pam_time.8.xml
 dist_check_SCRIPTS = tst-pam_time
-TESTS = $(dist_check_SCRIPTS)
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
+@HAVE_VENDORDIR_FALSE@secureconfdir = $(SCONFIGDIR)
+@HAVE_VENDORDIR_TRUE@secureconfdir = $(VENDOR_SCONFIGDIR)
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-DPAM_TIME_CONF=\"$(SCONFIGDIR)/time.conf\" $(WARN_CFLAGS)
+	    $(WARN_CFLAGS)
 
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 pam_time_la_LIBADD = $(top_builddir)/libpam/libpam.la
 securelib_LTLIBRARIES = pam_time.la
 dist_secureconf_DATA = time.conf
+tst_pam_time_retval_LDADD = $(top_builddir)/libpam/libpam.la
 @ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
@@ -639,6 +656,15 @@ $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
 
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+
 install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
@@ -677,6 +703,10 @@ clean-securelibLTLIBRARIES:
 pam_time.la: $(pam_time_la_OBJECTS) $(pam_time_la_DEPENDENCIES) $(EXTRA_pam_time_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_time_la_OBJECTS) $(pam_time_la_LIBADD) $(LIBS)
 
+tst-pam_time-retval$(EXEEXT): $(tst_pam_time_retval_OBJECTS) $(tst_pam_time_retval_DEPENDENCIES) $(EXTRA_tst_pam_time_retval_DEPENDENCIES) 
+	@rm -f tst-pam_time-retval$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(tst_pam_time_retval_OBJECTS) $(tst_pam_time_retval_LDADD) $(LIBS)
+
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
 
@@ -684,6 +714,7 @@ distclean-compile:
 	-rm -f *.tab.c
 
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_time.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_time-retval.Po@am__quote@ # am--include-marker
 
 $(am__depfiles_remade):
 	@$(MKDIR_P) $(@D)
@@ -997,7 +1028,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS: $(dist_check_SCRIPTS)
+check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -1007,7 +1038,7 @@ check-TESTS: $(dist_check_SCRIPTS)
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all $(dist_check_SCRIPTS)
+recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -1025,6 +1056,13 @@ tst-pam_time.log: tst-pam_time
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
+tst-pam_time-retval.log: tst-pam_time-retval$(EXEEXT)
+	@p='tst-pam_time-retval$(EXEEXT)'; \
+	b='tst-pam_time-retval'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
 .test.log:
 	@p='$<'; \
 	$(am__set_b); \
@@ -1074,7 +1112,8 @@ distdir-am: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
+	  $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1119,11 +1158,12 @@ maintainer-clean-generic:
 	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 		-rm -f ./$(DEPDIR)/pam_time.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_time-retval.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1171,6 +1211,7 @@ installcheck-am:
 
 maintainer-clean: maintainer-clean-am
 		-rm -f ./$(DEPDIR)/pam_time.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_time-retval.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1195,7 +1236,7 @@ uninstall-man: uninstall-man5 uninstall-man8
 .MAKE: check-am install-am install-strip
 
 .PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
-	check-am clean clean-generic clean-libtool \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
 	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
 	distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
diff --git a/modules/pam_time/README b/modules/pam_time/README
index 9b20847c..2fa4c164 100644
--- a/modules/pam_time/README
+++ b/modules/pam_time/README
@@ -14,6 +14,9 @@ from which they are making their request.
 By default rules for time/port access are taken from config file /etc/security/
 time.conf. An alternative file can be specified with the conffile option.
 
+If there is no explicitly specified configuration file and /etc/security/
+time.conf does not exist, %vendordir%/security/time.conf is used.
+
 If Linux PAM is compiled with audit support the module will report when it
 denies access.
 
diff --git a/modules/pam_time/README.xml b/modules/pam_time/README.xml
index 6c11eec1..8a2faa0b 100644
--- a/modules/pam_time/README.xml
+++ b/modules/pam_time/README.xml
@@ -1,34 +1,19 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-"http://www.docbook.org/xml/4.3/docbookx.dtd"
-[
-<!--
-<!ENTITY pamtime SYSTEM "pam_time.8.xml">
--->
-<!--
-<!ENTITY timeconf SYSTEM "time.conf.5.xml">
--->
-]>
+<article xmlns="http://docbook.org/ns/docbook" version="5.0">
 
-<article>
-
-  <articleinfo>
+  <info>
 
     <title>
-      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_time.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_time-name"]/*)'/>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_time.8.xml" xpointer='xpointer(id("pam_time-name")/*)'/>
     </title>
 
-  </articleinfo>
+  </info>
 
   <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_time.8.xml" xpointer='xpointer(//refsect1[@id = "pam_time-description"]/*)'/>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_time.8.xml" xpointer='xpointer(id("pam_time-description")/*)'/>
   </section>
 
   <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="time.conf.5.xml" xpointer='xpointer(//refsect1[@id = "time.conf-examples"]/*)'/>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="time.conf.5.xml" xpointer='xpointer(id("time.conf-examples")/*)'/>
   </section>
 
-</article>
+</article>
+\ No newline at end of file
diff --git a/modules/pam_time/pam_time.8 b/modules/pam_time/pam_time.8
index 28d84d75..48c7ffce 100644
--- a/modules/pam_time/pam_time.8
+++ b/modules/pam_time/pam_time.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_time
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 09/03/2021
+.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/>
+.\"      Date: 05/07/2023
 .\"    Manual: Linux-PAM Manual
-.\"    Source: Linux-PAM Manual
+.\"    Source: Linux-PAM
 .\"  Language: English
 .\"
-.TH "PAM_TIME" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_TIME" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -44,18 +44,18 @@ option\&.
 If Linux PAM is compiled with audit support the module will report when it denies access\&.
 .SH "OPTIONS"
 .PP
-\fBconffile=/path/to/time\&.conf\fR
+conffile=/path/to/time\&.conf
 .RS 4
 Indicate an alternative time\&.conf style configuration file to override the default\&.
 .RE
 .PP
-\fBdebug\fR
+debug
 .RS 4
 Some debug information is printed with
 \fBsyslog\fR(3)\&.
 .RE
 .PP
-\fBnoaudit\fR
+noaudit
 .RS 4
 Do not report logins at disallowed time to the audit subsystem\&.
 .RE
diff --git a/modules/pam_time/pam_time.8.xml b/modules/pam_time/pam_time.8.xml
index 4708220c..1fa60a10 100644
--- a/modules/pam_time/pam_time.8.xml
+++ b/modules/pam_time/pam_time.8.xml
@@ -1,16 +1,13 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
-                   "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
-
-<refentry id='pam_time'>
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam_time">
 
   <refmeta>
     <refentrytitle>pam_time</refentrytitle>
     <manvolnum>8</manvolnum>
-    <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+    <refmiscinfo class="source">Linux-PAM</refmiscinfo>
+    <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo>
   </refmeta>
 
-  <refnamediv id='pam_time-name'>
+  <refnamediv xml:id="pam_time-name">
     <refname>pam_time</refname>
     <refpurpose>
       PAM module for time control access
@@ -20,22 +17,22 @@
 <!-- body begins here -->
 
   <refsynopsisdiv>
-    <cmdsynopsis id="pam_time-cmdsynopsis">
+    <cmdsynopsis xml:id="pam_time-cmdsynopsis" sepchar=" ">
       <command>pam_time.so</command>
-      <arg choice="opt">
+      <arg choice="opt" rep="norepeat">
 	conffile=conf-file
       </arg>
-      <arg choice="opt">
+      <arg choice="opt" rep="norepeat">
         debug
       </arg>
-      <arg choice="opt">
+      <arg choice="opt" rep="norepeat">
         noaudit
       </arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 
 
-  <refsect1 id="pam_time-description">
+  <refsect1 xml:id="pam_time-description">
     <title>DESCRIPTION</title>
     <para>
       The pam_time PAM module does not authenticate the user, but instead
@@ -51,19 +48,24 @@
       <filename>/etc/security/time.conf</filename>.
       An alternative file can be specified with the <emphasis>conffile</emphasis> option.
     </para>
+    <para condition="with_vendordir">
+      If there is no explicitly specified configuration file and
+      <filename>/etc/security/time.conf</filename> does not exist,
+      <filename>%vendordir%/security/time.conf</filename> is used.
+    </para>
     <para>
       If Linux PAM is compiled with audit support the module will report
       when it denies access.
     </para>
   </refsect1>
 
-  <refsect1 id="pam_time-options">
+  <refsect1 xml:id="pam_time-options">
     <title>OPTIONS</title>
     <variablelist>
 
      <varlistentry>
 	<term>
-	  <option>conffile=/path/to/time.conf</option>
+	  conffile=/path/to/time.conf
         </term>
         <listitem>
 	  <para>
@@ -74,7 +76,7 @@
 
       <varlistentry>
         <term>
-          <option>debug</option>
+          debug
         </term>
         <listitem>
           <para>
@@ -86,7 +88,7 @@
 
       <varlistentry>
         <term>
-          <option>noaudit</option>
+          noaudit
         </term>
         <listitem>
           <para>
@@ -98,14 +100,14 @@
     </variablelist>
   </refsect1>
 
-  <refsect1 id="pam_time-types">
+  <refsect1 xml:id="pam_time-types">
     <title>MODULE TYPES PROVIDED</title>
     <para>
       Only the <option>account</option> type is provided.
     </para>
   </refsect1>
 
-  <refsect1 id="pam_time-return_values">
+  <refsect1 xml:id="pam_time-return_values">
     <title>RETURN VALUES</title>
     <variablelist>
       <varlistentry>
@@ -151,11 +153,11 @@
     </variablelist>
   </refsect1>
 
-  <refsect1 id="pam_time-files">
+  <refsect1 xml:id="pam_time-files">
     <title>FILES</title>
     <variablelist>
       <varlistentry>
-        <term><filename>/etc/security/time.conf</filename></term>
+        <term>/etc/security/time.conf</term>
         <listitem>
           <para>Default configuration file</para>
         </listitem>
@@ -163,7 +165,7 @@
     </variablelist>
   </refsect1>
 
-  <refsect1 id='pam_time-examples'>
+  <refsect1 xml:id="pam_time-examples">
     <title>EXAMPLES</title>
       <programlisting>
 #%PAM-1.0
@@ -174,7 +176,7 @@ login  account  required  pam_time.so
       </programlisting>
   </refsect1>
 
-  <refsect1 id="pam_time-see_also">
+  <refsect1 xml:id="pam_time-see_also">
     <title>SEE ALSO</title>
     <para>
       <citerefentry>
@@ -189,10 +191,10 @@ login  account  required  pam_time.so
     </para>
   </refsect1>
 
-  <refsect1 id="pam_time-authors">
+  <refsect1 xml:id="pam_time-authors">
     <title>AUTHOR</title>
     <para>
       pam_time was written by Andrew G. Morgan &lt;morgan@kernel.org&gt;.
     </para>
   </refsect1>
-</refentry>
+</refentry>
+\ No newline at end of file
diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c
index 089ae22d..6b7adefc 100644
--- a/modules/pam_time/pam_time.c
+++ b/modules/pam_time/pam_time.c
@@ -33,6 +33,11 @@
 #include <libaudit.h>
 #endif
 
+#define PAM_TIME_CONF	(SCONFIGDIR "/time.conf")
+#ifdef VENDOR_SCONFIGDIR
+#define VENDOR_PAM_TIME_CONF (VENDOR_SCONFIGDIR "/time.conf")
+#endif
+
 #define PAM_TIME_BUFLEN        1000
 #define FIELD_SEPARATOR        ';'   /* this is new as of .02 */
 
@@ -53,7 +58,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, const char **
 {
     int ctrl = 0;
 
-    *conffile = PAM_TIME_CONF;
+    *conffile = NULL;
     /* step through arguments */
     for (; argc-- > 0; ++argv) {
 	const char *str;
@@ -77,6 +82,20 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, const char **
 	}
     }
 
+    if (*conffile == NULL) {
+	*conffile = PAM_TIME_CONF;
+#ifdef VENDOR_PAM_TIME_CONF
+	/*
+	 * Check whether PAM_TIME_CONF file is available.
+	 * If it does not exist, fall back to VENDOR_PAM_TIME_CONF file.
+	 */
+	struct stat buffer;
+	if (stat(*conffile, &buffer) != 0 && errno == ENOENT) {
+	    *conffile = VENDOR_PAM_TIME_CONF;
+	}
+#endif
+    }
+
     return ctrl;
 }
 
@@ -88,7 +107,7 @@ shift_buf(char *mem, int from)
     char *start = mem;
     while ((*mem = mem[from]) != '\0')
 	++mem;
-    memset(mem, '\0', PAM_TIME_BUFLEN - (mem - start));
+    pam_overwrite_n(mem, PAM_TIME_BUFLEN - (mem - start));
     return mem;
 }
 
@@ -149,7 +168,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state,
 	if (i < 0) {
 	    pam_syslog(pamh, LOG_ERR, "error reading %s: %m", file);
 	    close(fd);
-	    memset(*buf, 0, PAM_TIME_BUFLEN);
+	    pam_overwrite_n(*buf, PAM_TIME_BUFLEN);
 	    _pam_drop(*buf);
 	    *state = STATE_EOF;
 	    return -1;
@@ -168,7 +187,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state,
 	return -1;
     }
 
-    memset(to, '\0', PAM_TIME_BUFLEN - (to - *buf));
+    pam_overwrite_n(to, PAM_TIME_BUFLEN - (to - *buf));
 
     to = *buf;
     onspace = 1; /* delete any leading spaces */
diff --git a/modules/pam_time/time.conf.5 b/modules/pam_time/time.conf.5
index 2dda8bee..c68dfa74 100644
--- a/modules/pam_time/time.conf.5
+++ b/modules/pam_time/time.conf.5
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: time.conf
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 09/03/2021
+.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/>
+.\"      Date: 05/07/2023
 .\"    Manual: Linux-PAM Manual
-.\"    Source: Linux-PAM Manual
+.\"    Source: Linux-PAM
 .\"  Language: English
 .\"
-.TH "TIME\&.CONF" "5" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "TIME\&.CONF" "5" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_time/time.conf.5.xml b/modules/pam_time/time.conf.5.xml
index acbe2329..3fe263d5 100644
--- a/modules/pam_time/time.conf.5.xml
+++ b/modules/pam_time/time.conf.5.xml
@@ -1,13 +1,10 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-        "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<refentry id="time.conf">
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="time.conf">
 
   <refmeta>
     <refentrytitle>time.conf</refentrytitle>
     <manvolnum>5</manvolnum>
-    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+    <refmiscinfo class="source">Linux-PAM</refmiscinfo>
+    <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo>
   </refmeta>
 
   <refnamediv>
@@ -15,7 +12,7 @@
     <refpurpose>configuration file for the pam_time module</refpurpose>
   </refnamediv>
 
-  <refsect1 id='time.conf-description'>
+  <refsect1 xml:id="time.conf-description">
     <title>DESCRIPTION</title>
 
     <para>
@@ -43,9 +40,9 @@
     </para>
     <para>
       In words, each rule occupies a line, terminated with a newline
-      or the beginning of a comment; a '<emphasis remap='B'>#</emphasis>'.
+      or the beginning of a comment; a '<emphasis remap="B">#</emphasis>'.
       It contains four fields separated with semicolons,
-      '<emphasis remap='B'>;</emphasis>'.
+      '<emphasis remap="B">;</emphasis>'.
     </para>
 
     <para>
@@ -107,7 +104,7 @@
     </para>
   </refsect1>
 
-  <refsect1 id="time.conf-examples">
+  <refsect1 xml:id="time.conf-examples">
     <title>EXAMPLES</title>
     <para>
       These are some example lines which might be specified in
@@ -131,7 +128,7 @@ games ; * ; !waster ; Wd0000-2400 | Wk1800-0800
     </para>
   </refsect1>
 
-  <refsect1 id="time.conf-see_also">
+  <refsect1 xml:id="time.conf-see_also">
     <title>SEE ALSO</title>
     <para>
       <citerefentry><refentrytitle>pam_time</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
@@ -140,10 +137,10 @@ games ; * ; !waster ; Wd0000-2400 | Wk1800-0800
     </para>
   </refsect1>
 
-  <refsect1 id="time.conf-author">
+  <refsect1 xml:id="time.conf-author">
     <title>AUTHOR</title>
     <para>
       pam_time was written by Andrew G. Morgan &lt;morgan@kernel.org&gt;.
     </para>
   </refsect1>
-</refentry>
+</refentry>
+\ No newline at end of file
diff --git a/modules/pam_time/tst-pam_time-retval.c b/modules/pam_time/tst-pam_time-retval.c
new file mode 100644
index 00000000..281ac80d
--- /dev/null
+++ b/modules/pam_time/tst-pam_time-retval.c
@@ -0,0 +1,107 @@
+/*
+ * Check pam_time return values.
+ *
+ * Copyright (c) 2020-2022 Dmitry V. Levin <ldv@altlinux.org>
+ * Copyright (c) 2022 Stefan Schubert <schubi@suse.de>
+ */
+
+#include "test_assert.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <security/pam_appl.h>
+
+#define MODULE_NAME "pam_time"
+#define TEST_NAME "tst-" MODULE_NAME "-retval"
+
+static const char service_file[] = TEST_NAME ".service";
+static const char config_file[] = TEST_NAME ".conf";
+static struct pam_conv conv;
+
+int
+main(void)
+{
+	pam_handle_t *pamh = NULL;
+	FILE *fp;
+	char cwd[PATH_MAX];
+
+	ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
+
+	/* PAM_USER_UNKNOWN */
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0,
+		  fprintf(fp, "#%%PAM-1.0\n"
+			      "auth required %s/.libs/%s.so\n"
+			      "account required %s/.libs/%s.so\n"
+			      "password required %s/.libs/%s.so\n"
+			      "session required %s/.libs/%s.so\n",
+			  cwd, MODULE_NAME,
+			  cwd, MODULE_NAME,
+			  cwd, MODULE_NAME,
+			  cwd, MODULE_NAME));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, "", &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_setcred(pamh, 0));
+	ASSERT_EQ(PAM_USER_UNKNOWN, pam_acct_mgmt(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	ASSERT_NE(NULL, fp = fopen(config_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "# only root can access %s\n"
+				 "%s ; * ; !root ; !Al0000-2400\n",
+			     service_file, service_file));
+	ASSERT_EQ(0, fclose(fp));
+
+	/* conffile= specifies an existing file */
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0,
+		  fprintf(fp, "#%%PAM-1.0\n"
+			      "auth required %s/.libs/%s.so conffile=%s\n"
+			      "account required %s/.libs/%s.so conffile=%s\n"
+			      "password required %s/.libs/%s.so conffile=%s\n"
+			      "session required %s/.libs/%s.so conffile=%s\n",
+			  cwd, MODULE_NAME, config_file,
+			  cwd, MODULE_NAME, config_file,
+			  cwd, MODULE_NAME, config_file,
+			  cwd, MODULE_NAME, config_file));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, "root", &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_setcred(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_acct_mgmt(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, "noone", &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_setcred(pamh, 0));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_acct_mgmt(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	/* cleanup */
+	ASSERT_EQ(0, unlink(config_file));
+	ASSERT_EQ(0, unlink(service_file));
+
+	return 0;
+}