summaryrefslogtreecommitdiffstats
path: root/debian/patches-applied/lib_security_multiarch_compat
blob: e386ff3914372aa27028c19023d6041a4b4d2060 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
Unqualified module paths should always be looked up in *both* the default
module dir, *and* the ISA dir.  That's what paths are for.

This lets us have a soft transition to multiarch for modules without having
to rewrite /etc/pam.d/ files or add ugly symlinks.

Authors: Steve Langasek <vorlon@debian.org>

Upstream status: not ready to be committed - this needs tweaked, we're
currently abusing the existing variables and inverting their meaning in
order to get everything installed where we want it and get absolute paths
the way we want them.

Index: pam-1.4.0/libpam/pam_handlers.c
===================================================================
--- pam-1.4.0.orig/libpam/pam_handlers.c
+++ pam-1.4.0/libpam/pam_handlers.c
@@ -735,7 +735,27 @@ _pam_load_module(pam_handle_t *pamh, con
 	success = PAM_ABORT;
 
 	D(("_pam_load_module: _pam_dlopen(%s)", mod_path));
-	mod->dl_handle = _pam_dlopen(mod_path);
+	if (mod_path[0] == '/') {
+	    mod->dl_handle = _pam_dlopen(mod_path);
+	} else {
+	    char *mod_full_path = NULL;
+	    if (asprintf(&mod_full_path, "%s%s",
+	                 DEFAULT_MODULE_PATH, mod_path) >= 0) {
+		mod->dl_handle = _pam_dlopen(mod_full_path);
+		_pam_drop(mod_full_path);
+	    } else {
+		pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path");
+	    }
+           if (!mod->dl_handle) {
+               if (asprintf(&mod_full_path, "%s/%s",
+                            _PAM_ISA, mod_path) >= 0) {
+                   mod->dl_handle = _pam_dlopen(mod_full_path);
+                   _pam_drop(mod_full_path);
+               } else {
+                   pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path");
+               }
+	    }
+	}
 	D(("_pam_load_module: _pam_dlopen'ed"));
 	D(("_pam_load_module: dlopen'ed"));
 	if (mod->dl_handle == NULL) {
@@ -812,7 +832,6 @@ int _pam_add_handler(pam_handle_t *pamh
     struct handler **handler_p2;
     struct handlers *the_handlers;
     const char *sym, *sym2;
-    char *mod_full_path;
     servicefn func, func2;
     int mod_type = PAM_MT_FAULTY_MOD;
 
@@ -824,16 +843,7 @@ int _pam_add_handler(pam_handle_t *pamh
 
     if ((handler_type == PAM_HT_MODULE || handler_type == PAM_HT_SILENT_MODULE) &&
 	mod_path != NULL) {
-	if (mod_path[0] == '/') {
-	    mod = _pam_load_module(pamh, mod_path, handler_type);
-	} else if (asprintf(&mod_full_path, "%s%s",
-			     DEFAULT_MODULE_PATH, mod_path) >= 0) {
-	    mod = _pam_load_module(pamh, mod_full_path, handler_type);
-	    _pam_drop(mod_full_path);
-	} else {
-	    pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path");
-	    return PAM_ABORT;
-	}
+	mod = _pam_load_module(pamh, mod_path, handler_type);
 
 	if (mod == NULL) {
 	    /* if we get here with NULL it means allocation error */