Add a feature flag to control whether to fall back to the "other" policy
for chains that are still empty after the requested policy was loaded. git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@862 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
parent
653950434c
commit
d84d7367fe
3 changed files with 10 additions and 2 deletions
|
@ -186,6 +186,7 @@ enum {
|
|||
OPENPAM_VERIFY_POLICY_FILE,
|
||||
OPENPAM_RESTRICT_MODULE_NAME,
|
||||
OPENPAM_VERIFY_MODULE_FILE,
|
||||
OPENPAM_FALLBACK_TO_OTHER,
|
||||
OPENPAM_NUM_FEATURES
|
||||
};
|
||||
|
||||
|
|
|
@ -467,8 +467,10 @@ openpam_configure(pam_handle_t *pamh,
|
|||
for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) {
|
||||
if (pamh->chains[fclt] != NULL)
|
||||
continue;
|
||||
if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0)
|
||||
goto load_err;
|
||||
if (OPENPAM_FEATURE(FALLBACK_TO_OTHER)) {
|
||||
if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0)
|
||||
goto load_err;
|
||||
}
|
||||
}
|
||||
RETURNC(PAM_SUCCESS);
|
||||
load_err:
|
||||
|
|
|
@ -65,4 +65,9 @@ struct openpam_feature openpam_features[OPENPAM_NUM_FEATURES] = {
|
|||
"Verify ownership and permissions of module files",
|
||||
1
|
||||
),
|
||||
STRUCT_OPENPAM_FEATURE(
|
||||
FALLBACK_TO_OTHER,
|
||||
"Fall back to \"other\" policy for empty chains",
|
||||
1
|
||||
),
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue