From 28894b319488e8302899ee569b6e0911905f374e Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Thu, 18 Jan 2024 17:00:00 +0000 Subject: [PATCH] pam_env: fix --enable-vendordir fallback logic * modules/pam_env/pam_env.c (_parse_config_file) [!USE_ECONF && VENDOR_DEFAULT_CONF_FILE]: Do not fallback to vendor pam_env.conf file if the config file is specified via module arguments. Link: https://github.com/linux-pam/linux-pam/issues/738 Fixes: v1.5.3~69 ("pam_env: Use vendor specific pam_env.conf and environment as fallback") --- modules/pam_env/pam_env.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index a0b812fff..8b40b6a5a 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -850,20 +850,20 @@ _parse_config_file(pam_handle_t *pamh, int ctrl, const char *file) #ifdef USE_ECONF /* If "file" is not NULL, only this file will be parsed. */ retval = econf_read_file(pamh, file, " \t", PAM_ENV, ".conf", "security", &conf_list); -#else +#else /* !USE_ECONF */ /* Only one file will be parsed. So, file has to be set. */ - if (file == NULL) /* No filename has been set via argv. */ + if (file == NULL) { /* No filename has been set via argv. */ file = DEFAULT_CONF_FILE; -#ifdef VENDOR_DEFAULT_CONF_FILE - /* - * Check whether file is available. - * If it does not exist, fall back to VENDOR_DEFAULT_CONF_FILE file. - */ - struct stat stat_buffer; - if (stat(file, &stat_buffer) != 0 && errno == ENOENT) { - file = VENDOR_DEFAULT_CONF_FILE; +# ifdef VENDOR_DEFAULT_CONF_FILE + /* + * Check whether DEFAULT_CONF_FILE file is available. + * If it does not exist, fall back to VENDOR_DEFAULT_CONF_FILE file. + */ + struct stat stat_buffer; + if (stat(file, &stat_buffer) != 0 && errno == ENOENT) + file = VENDOR_DEFAULT_CONF_FILE; +# endif } -#endif retval = read_file(pamh, file, &conf_list); #endif