30c0969bef
- Use multibuild to build docu with correct paths and available features. - common-session: move pam_systemd to first position as if the file would have been generated with pam-config - Add vendordir fixes and enhancements from upstream: - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch OBS-URL: https://build.opensuse.org/request/show/933444 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=254
62 lines
2.3 KiB
Diff
62 lines
2.3 KiB
Diff
From 5deaac423159103d02b146afa753a8ebb7fddf09 Mon Sep 17 00:00:00 2001
|
|
From: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com>
|
|
Date: Wed, 3 Nov 2021 09:02:40 +0100
|
|
Subject: [PATCH 3/3] Use vendor specific limits.conf as fallback (#402)
|
|
|
|
* Use vendor specific limits.conf as fallback
|
|
---
|
|
modules/pam_limits/pam_limits.8.xml | 6 ++++++
|
|
modules/pam_limits/pam_limits.c | 19 ++++++++++++++++---
|
|
2 files changed, 22 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml
|
|
index bc46cbf4..c1c10eca 100644
|
|
--- a/modules/pam_limits/pam_limits.8.xml
|
|
+++ b/modules/pam_limits/pam_limits.8.xml
|
|
@@ -57,6 +57,12 @@
|
|
If a config file is explicitly specified with a module option then the
|
|
files in the above directory are not parsed.
|
|
</para>
|
|
+ <para condition="with_vendordir">
|
|
+ If there is no explicitly specified configuration file and
|
|
+ <filename>/etc/security/limits.conf</filename> does not exist,
|
|
+ <filename>%vendordir%/security/limits.conf</filename> is used.
|
|
+ If this file does not exist, too, an error is thrown.
|
|
+ </para>
|
|
<para>
|
|
The module must not be called by a multithreaded application.
|
|
</para>
|
|
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
|
|
index 7cc45d77..53188965 100644
|
|
--- a/modules/pam_limits/pam_limits.c
|
|
+++ b/modules/pam_limits/pam_limits.c
|
|
@@ -816,9 +816,22 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid,
|
|
pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", CONF_FILE);
|
|
fil = fopen(CONF_FILE, "r");
|
|
if (fil == NULL) {
|
|
- pam_syslog (pamh, LOG_WARNING,
|
|
- "cannot read settings from %s: %m", CONF_FILE);
|
|
- return PAM_SERVICE_ERR;
|
|
+ int err = errno;
|
|
+
|
|
+#ifdef VENDORDIR
|
|
+ /* if the specified file does not exist, and it is not provided by
|
|
+ the user, try the vendor file as fallback. */
|
|
+ if (pl->conf_file == NULL && err == ENOENT)
|
|
+ fil = fopen(VENDORDIR"/security/limits.conf", "r");
|
|
+
|
|
+ if (fil == NULL)
|
|
+#endif
|
|
+ {
|
|
+ pam_syslog (pamh, LOG_WARNING,
|
|
+ "cannot read settings from %s: %s", CONF_FILE,
|
|
+ strerror(err));
|
|
+ return PAM_SERVICE_ERR;
|
|
+ }
|
|
}
|
|
|
|
/* start the show */
|
|
--
|
|
2.31.1
|
|
|