pam/0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
Thorsten Kukuk 30c0969bef Accepting request 933444 from home:kukuk:tiu
- Use multibuild to build docu with correct paths and available
  features.
- common-session: move pam_systemd to first position as if the
  file would have been generated with pam-config
- Add vendordir fixes and enhancements from upstream:
  - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
  - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
  - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch

OBS-URL: https://build.opensuse.org/request/show/933444
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=254
2021-11-24 13:43:37 +00:00

62 lines
2.3 KiB
Diff

From 5deaac423159103d02b146afa753a8ebb7fddf09 Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com>
Date: Wed, 3 Nov 2021 09:02:40 +0100
Subject: [PATCH 3/3] Use vendor specific limits.conf as fallback (#402)
* Use vendor specific limits.conf as fallback
---
modules/pam_limits/pam_limits.8.xml | 6 ++++++
modules/pam_limits/pam_limits.c | 19 ++++++++++++++++---
2 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml
index bc46cbf4..c1c10eca 100644
--- a/modules/pam_limits/pam_limits.8.xml
+++ b/modules/pam_limits/pam_limits.8.xml
@@ -57,6 +57,12 @@
If a config file is explicitly specified with a module option then the
files in the above directory are not parsed.
</para>
+ <para condition="with_vendordir">
+ If there is no explicitly specified configuration file and
+ <filename>/etc/security/limits.conf</filename> does not exist,
+ <filename>%vendordir%/security/limits.conf</filename> is used.
+ If this file does not exist, too, an error is thrown.
+ </para>
<para>
The module must not be called by a multithreaded application.
</para>
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index 7cc45d77..53188965 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -816,9 +816,22 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid,
pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", CONF_FILE);
fil = fopen(CONF_FILE, "r");
if (fil == NULL) {
- pam_syslog (pamh, LOG_WARNING,
- "cannot read settings from %s: %m", CONF_FILE);
- return PAM_SERVICE_ERR;
+ int err = errno;
+
+#ifdef VENDORDIR
+ /* if the specified file does not exist, and it is not provided by
+ the user, try the vendor file as fallback. */
+ if (pl->conf_file == NULL && err == ENOENT)
+ fil = fopen(VENDORDIR"/security/limits.conf", "r");
+
+ if (fil == NULL)
+#endif
+ {
+ pam_syslog (pamh, LOG_WARNING,
+ "cannot read settings from %s: %s", CONF_FILE,
+ strerror(err));
+ return PAM_SERVICE_ERR;
+ }
}
/* start the show */
--
2.31.1