pam/usr-etc-support.patch

--- doc/man/pam.8.xml
+++ doc/man/pam.8.xml	2019/08/16 13:37:44
@@ -53,11 +53,13 @@
 
     <para>
       Vendor-supplied PAM configuration files might be installed in
-      the system directory <filename>/usr/lib/pam.d/</filename> instead
+      the system directory <filename>/usr/lib/pam.d/</filename> or
+      <filename>/usr/etc/pam.d/</filename> instead
       of the machine configuration directory <filename>/etc/pam.d/</filename>.
       If no machine configuration file is found, the vendor-supplied file
       is used. All files in <filename>/etc/pam.d/</filename> override
-      files with the same name in <filename>/usr/lib/pam.d/</filename>.
+      files with the same name in <filename>/usr/lib/pam.d/</filename>,
+      which override files with the same name in <filename>/usr/etc/pam.d/</filename>.
     </para>
 
 <para>From the point of view of the system administrator, for whom this
@@ -157,6 +159,16 @@
           </para>
         </listitem>
       </varlistentry>
+      <term><filename>/usr/etc/pam.d</filename></term>
+        <listitem>
+          <para>
+            the <emphasis remap='B'>Linux-PAM</emphasis> vendor configuration
+	    directory. Files in <filename>/etc/pam.d</filename> and
+	    <filename>/usr/lib/pam.d</filename> override files with the same
+	    name in this directory.
+          </para>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 
--- libpam/pam_handlers.c
+++ libpam/pam_handlers.c	2019/08/16 13:35:31
@@ -329,6 +329,21 @@
 	    *file = f;
 	    return PAM_SUCCESS;
     }
+
+    /* System Configuration /usr/etc/pam.d/ */
+    _pam_drop(p);
+    if (asprintf (&p, PAM_CONFIG_DIST2_DF, service) < 0) {
+        pam_syslog(pamh, LOG_CRIT, "asprintf failed");
+        return PAM_BUF_ERR;
+    }
+    D(("opening %s", p));
+    f = fopen(p, "r");
+    if (f != NULL) {
+            *path = p;
+            *file = f;
+            return PAM_SUCCESS;
+    }
+
     _pam_drop(p);
 
     return PAM_ABORT;
@@ -447,7 +462,8 @@
 
 	/* Is there a PAM_CONFIG_D directory? */
 	if ((stat(PAM_CONFIG_D, &test_d) == 0 && S_ISDIR(test_d.st_mode)) ||
-	    (stat(PAM_CONFIG_DIST_D, &test_d) == 0 && S_ISDIR(test_d.st_mode))) {
+	    (stat(PAM_CONFIG_DIST_D, &test_d) == 0 && S_ISDIR(test_d.st_mode)) ||
+	    (stat(PAM_CONFIG_DIST2_D, &test_d) == 0 && S_ISDIR(test_d.st_mode))) {
 	    char *path = NULL;
 	    int read_something=0;
 
--- libpam/pam_private.h
+++ libpam/pam_private.h	2019/08/16 13:33:04
@@ -29,6 +29,9 @@
 #define PAM_CONFIG_DF      "/etc/pam.d/%s"
 #define PAM_CONFIG_DIST_D  "/usr/lib/pam.d"
 #define PAM_CONFIG_DIST_DF "/usr/lib/pam.d/%s"
+#define PAM_CONFIG_DIST2_D  "/usr/etc/pam.d"
+#define PAM_CONFIG_DIST2_DF "/usr/etc/pam.d/%s"
+
 
 #define PAM_DEFAULT_SERVICE        "other"     /* lower case */
Accepting request 725009 from home:kukuk:etc Add /usr/etc/pam.d directory and read from it. OBS-URL: https://build.opensuse.org/request/show/725009 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=192 2019-08-21 11:20:26 +00:00			`--- doc/man/pam.8.xml`
			`+++ doc/man/pam.8.xml 2019/08/16 13:37:44`
			`@@ -53,11 +53,13 @@`

			`<para>`
			`Vendor-supplied PAM configuration files might be installed in`
			`- the system directory <filename>/usr/lib/pam.d/</filename> instead`
			`+ the system directory <filename>/usr/lib/pam.d/</filename> or`
			`+ <filename>/usr/etc/pam.d/</filename> instead`
			`of the machine configuration directory <filename>/etc/pam.d/</filename>.`
			`If no machine configuration file is found, the vendor-supplied file`
			`is used. All files in <filename>/etc/pam.d/</filename> override`
			`- files with the same name in <filename>/usr/lib/pam.d/</filename>.`
			`+ files with the same name in <filename>/usr/lib/pam.d/</filename>,`
			`+ which override files with the same name in <filename>/usr/etc/pam.d/</filename>.`
			`</para>`

			`<para>From the point of view of the system administrator, for whom this`
			`@@ -157,6 +159,16 @@`
			`</para>`
			`</listitem>`
			`</varlistentry>`
			`+ <term><filename>/usr/etc/pam.d</filename></term>`
			`+ <listitem>`
			`+ <para>`
			`+ the <emphasis remap='B'>Linux-PAM</emphasis> vendor configuration`
			`+ directory. Files in <filename>/etc/pam.d</filename> and`
			`+ <filename>/usr/lib/pam.d</filename> override files with the same`
			`+ name in this directory.`
			`+ </para>`
			`+ </listitem>`
			`+ </varlistentry>`
			`</variablelist>`
			`</refsect1>`

			`--- libpam/pam_handlers.c`
			`+++ libpam/pam_handlers.c 2019/08/16 13:35:31`
			`@@ -329,6 +329,21 @@`
			`*file = f;`
			`return PAM_SUCCESS;`
			`}`
			`+`
			`+ /* System Configuration /usr/etc/pam.d/ */`
			`+ _pam_drop(p);`
			`+ if (asprintf (&p, PAM_CONFIG_DIST2_DF, service) < 0) {`
			`+ pam_syslog(pamh, LOG_CRIT, "asprintf failed");`
			`+ return PAM_BUF_ERR;`
			`+ }`
			`+ D(("opening %s", p));`
			`+ f = fopen(p, "r");`
			`+ if (f != NULL) {`
			`+ *path = p;`
			`+ *file = f;`
			`+ return PAM_SUCCESS;`
			`+ }`
			`+`
			`_pam_drop(p);`

			`return PAM_ABORT;`
			`@@ -447,7 +462,8 @@`

			`/* Is there a PAM_CONFIG_D directory? */`
			`if ((stat(PAM_CONFIG_D, &test_d) == 0 && S_ISDIR(test_d.st_mode)) \|\|`
			`- (stat(PAM_CONFIG_DIST_D, &test_d) == 0 && S_ISDIR(test_d.st_mode))) {`
			`+ (stat(PAM_CONFIG_DIST_D, &test_d) == 0 && S_ISDIR(test_d.st_mode)) \|\|`
			`+ (stat(PAM_CONFIG_DIST2_D, &test_d) == 0 && S_ISDIR(test_d.st_mode))) {`
			`char *path = NULL;`
			`int read_something=0;`

			`--- libpam/pam_private.h`
			`+++ libpam/pam_private.h 2019/08/16 13:33:04`
			`@@ -29,6 +29,9 @@`
			`#define PAM_CONFIG_DF "/etc/pam.d/%s"`
			`#define PAM_CONFIG_DIST_D "/usr/lib/pam.d"`
			`#define PAM_CONFIG_DIST_DF "/usr/lib/pam.d/%s"`
			`+#define PAM_CONFIG_DIST2_D "/usr/etc/pam.d"`
			`+#define PAM_CONFIG_DIST2_DF "/usr/etc/pam.d/%s"`
			`+`

			`#define PAM_DEFAULT_SERVICE "other" /* lower case */`