[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

pam.conf/pam.d behavior



We've found it necessary to have pam look for services in /etc/pam.conf if
they don't have an entry in /etc/pam.d, even if that directory doesn't exist.
This is the only behavior which will allow seamless upgrades from the
/etc/pam.conf style of configuration files.

I think the patch below will do this. I'm not sure it should be the default
behaviour (though it certainly could be), but it would be nice if the patch
were available through a #define or the patch is included in the PAM 
distribution for those folks who need it.

At any rate, please look over this patch and let me know if I missed something.

Erik

-------------------------------------------------------------------------------
|       I told you I'm not very bright -- Sugar in "Some Like It Hot"         |
|      "RPM is the greatest thing since swap-space" - Bryan C. Andregg
|                                                                             |
|       Erik Troan   =   ewt@redhat.com     =    ewt@sunsite.unc.edu          |

--- Linux-PAM-0.56/libpam/pam_handlers.c.ewt	Tue Mar  4 11:23:03 1997
+++ Linux-PAM-0.56/libpam/pam_handlers.c	Tue Mar  4 12:02:47 1997
@@ -39,7 +39,8 @@
 #define PAM_T_PASS    8
 
 static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f
-				, const char *known_service /* specific file */
+				, const char *known_service/* specific file */
+				, int not_other	 /* don't match service other */
     )
 {
     char buf[BUF_SIZE];
@@ -68,7 +69,10 @@
 	    this_service = tok = _pam_StrTok(buf, " \n\t", &nexttok);
 	}
 
-	other = !_pam_strCMP(this_service, PAM_DEFAULT_SERVICE);
+	if (not_other)
+	    other = 0;
+	else
+	    other = !_pam_strCMP(this_service, PAM_DEFAULT_SERVICE);
 	if (!_pam_strCMP(this_service, pamh->service_name) || other) {
 	    /* This is a service we are looking for */
 	    D(("_pam_init_handlers: Found PAM config entry for: %s"
@@ -248,7 +252,7 @@
 	    f = fopen(filename, "r");
 	    if (f != NULL) {
 		/* would test magic here? */
-		retval = _pam_parse_conf_file(pamh, f, pamh->service_name);
+		retval = _pam_parse_conf_file(pamh, f, pamh->service_name, 0);
 		fclose(f);
 		if (retval != PAM_SUCCESS) {
 		    _pam_log_error("_pam_init_handlers: error reading %s"
@@ -259,11 +263,19 @@
 		    read_something = 1;
 		}
 	    } else {
-		D(("unable to open %s", filename));
-		/*
-		 * XXX - should we log an error? Some people want to always
-		 * use "other"
-		 */
+		D(("unable to open %s -- checking %s", filename, PAM_CONFIG));
+
+		if ((f = fopen(PAM_CONFIG, "r")) == NULL) {
+		    _pam_log_error("_pam_init_handlers: could not open "
+				   PAM_CONFIG );
+		    return PAM_ABORT;
+		}
+
+		retval = _pam_parse_conf_file(pamh, f, NULL, 1);
+
+		D(("closing configuration file"));
+		fclose(f);
+
 		retval = PAM_SUCCESS;
 	    }
 	    _pam_drop(filename);
@@ -276,7 +288,7 @@
 		if (f != NULL) {
 		    /* would test magic here? */
 		    retval = _pam_parse_conf_file(pamh, f
-						  , PAM_DEFAULT_SERVICE);
+						  , PAM_DEFAULT_SERVICE, 0);
 		    fclose(f);
 		    if (retval != PAM_SUCCESS) {
 			_pam_log_error("_pam_init_handlers: error reading %s"
@@ -302,7 +314,7 @@
 		return PAM_ABORT;
 	    }
 
-	    retval = _pam_parse_conf_file(pamh, f, NULL);
+	    retval = _pam_parse_conf_file(pamh, f, NULL, 0);
 
 	    D(("closing configuration file"));
 	    fclose(f);



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []