85 lines
3.1 KiB
Text
85 lines
3.1 KiB
Text
From: Sam Hartman <hartmans@debian.org>
|
|
Date: Mon, 11 Sep 2023 14:00:42 -0600
|
|
Subject: lib_security_multiarch_compat
|
|
|
|
Unqualified module paths should always be looked up in *both* the default
|
|
module dir, *and* the ISA dir. That's what paths are for.
|
|
|
|
This lets us have a soft transition to multiarch for modules without having
|
|
to rewrite /etc/pam.d/ files or add ugly symlinks.
|
|
|
|
Authors: Steve Langasek <vorlon@debian.org>
|
|
|
|
Upstream status: not ready to be committed - this needs tweaked, we're
|
|
currently abusing the existing variables and inverting their meaning in
|
|
order to get everything installed where we want it and get absolute paths
|
|
the way we want them.
|
|
---
|
|
libpam/pam_handlers.c | 40 +++++++++++++++++++++++++---------------
|
|
1 file changed, 25 insertions(+), 15 deletions(-)
|
|
|
|
diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c
|
|
index 1df5e40..9838fb2 100644
|
|
--- a/libpam/pam_handlers.c
|
|
+++ b/libpam/pam_handlers.c
|
|
@@ -667,10 +667,30 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type)
|
|
/* Be pessimistic... */
|
|
success = PAM_ABORT;
|
|
|
|
- D(("_pam_dlopen(%s)", mod_path));
|
|
- mod->dl_handle = _pam_dlopen(mod_path);
|
|
- D(("_pam_dlopen'ed"));
|
|
- D(("dlopen'ed"));
|
|
+ D(("_pam_load_module: _pam_dlopen(%s)", mod_path));
|
|
+ if (mod_path[0] == '/') {
|
|
+ mod->dl_handle = _pam_dlopen(mod_path);
|
|
+ } else {
|
|
+ char *mod_full_path = NULL;
|
|
+ if (asprintf(&mod_full_path, "%s%s",
|
|
+ DEFAULT_MODULE_PATH, mod_path) >= 0) {
|
|
+ mod->dl_handle = _pam_dlopen(mod_full_path);
|
|
+ _pam_drop(mod_full_path);
|
|
+ } else {
|
|
+ pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path");
|
|
+ }
|
|
+ if (!mod->dl_handle) {
|
|
+ if (asprintf(&mod_full_path, "%s/%s",
|
|
+ _PAM_ISA, mod_path) >= 0) {
|
|
+ mod->dl_handle = _pam_dlopen(mod_full_path);
|
|
+ _pam_drop(mod_full_path);
|
|
+ } else {
|
|
+ pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path");
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+ D(("_pam_load_module: _pam_dlopen'ed"));
|
|
+ D(("_pam_load_module: dlopen'ed"));
|
|
if (mod->dl_handle == NULL) {
|
|
const char *isa = strstr(mod_path, "$ISA");
|
|
size_t isa_len = strlen("$ISA");
|
|
@@ -736,7 +756,6 @@ static int _pam_add_handler(pam_handle_t *pamh
|
|
struct handler **handler_p2;
|
|
struct handlers *the_handlers;
|
|
const char *sym, *sym2;
|
|
- char *mod_full_path;
|
|
servicefn func, func2;
|
|
int mod_type = PAM_MT_FAULTY_MOD;
|
|
|
|
@@ -748,16 +767,7 @@ static int _pam_add_handler(pam_handle_t *pamh
|
|
|
|
if ((handler_type == PAM_HT_MODULE || handler_type == PAM_HT_SILENT_MODULE) &&
|
|
mod_path != NULL) {
|
|
- if (mod_path[0] == '/') {
|
|
- mod = _pam_load_module(pamh, mod_path, handler_type);
|
|
- } else if (asprintf(&mod_full_path, "%s%s",
|
|
- DEFAULT_MODULE_PATH, mod_path) >= 0) {
|
|
- mod = _pam_load_module(pamh, mod_full_path, handler_type);
|
|
- _pam_drop(mod_full_path);
|
|
- } else {
|
|
- pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path");
|
|
- return PAM_ABORT;
|
|
- }
|
|
+ mod = _pam_load_module(pamh, mod_path, handler_type);
|
|
|
|
if (mod == NULL) {
|
|
/* if we get here with NULL it means allocation error */
|