Add a feature flag to control whether to fall back to the "other" policy
for chains that are still empty after the requested policy was loaded. git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@862 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
parent
653950434c
commit
d84d7367fe
|
@ -186,6 +186,7 @@ enum {
|
||||||
OPENPAM_VERIFY_POLICY_FILE,
|
OPENPAM_VERIFY_POLICY_FILE,
|
||||||
OPENPAM_RESTRICT_MODULE_NAME,
|
OPENPAM_RESTRICT_MODULE_NAME,
|
||||||
OPENPAM_VERIFY_MODULE_FILE,
|
OPENPAM_VERIFY_MODULE_FILE,
|
||||||
|
OPENPAM_FALLBACK_TO_OTHER,
|
||||||
OPENPAM_NUM_FEATURES
|
OPENPAM_NUM_FEATURES
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -467,8 +467,10 @@ openpam_configure(pam_handle_t *pamh,
|
||||||
for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) {
|
for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) {
|
||||||
if (pamh->chains[fclt] != NULL)
|
if (pamh->chains[fclt] != NULL)
|
||||||
continue;
|
continue;
|
||||||
if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0)
|
if (OPENPAM_FEATURE(FALLBACK_TO_OTHER)) {
|
||||||
goto load_err;
|
if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0)
|
||||||
|
goto load_err;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
RETURNC(PAM_SUCCESS);
|
RETURNC(PAM_SUCCESS);
|
||||||
load_err:
|
load_err:
|
||||||
|
|
|
@ -65,4 +65,9 @@ struct openpam_feature openpam_features[OPENPAM_NUM_FEATURES] = {
|
||||||
"Verify ownership and permissions of module files",
|
"Verify ownership and permissions of module files",
|
||||||
1
|
1
|
||||||
),
|
),
|
||||||
|
STRUCT_OPENPAM_FEATURE(
|
||||||
|
FALLBACK_TO_OTHER,
|
||||||
|
"Fall back to \"other\" policy for empty chains",
|
||||||
|
1
|
||||||
|
),
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue