diff options
| -rw-r--r-- | modules/pam_pwhistory/pam_pwhistory.8.xml | 15 | ||||
| -rw-r--r-- | modules/pam_pwhistory/pwhistory_config.c | 16 |
2 files changed, 31 insertions, 0 deletions
diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml index 62848666..d83d8d97 100644 --- a/modules/pam_pwhistory/pam_pwhistory.8.xml +++ b/modules/pam_pwhistory/pam_pwhistory.8.xml @@ -251,6 +251,21 @@ password required pam_unix.so use_authtok <para>Default file with password history</para> </listitem> </varlistentry> + <varlistentry> + <term><filename>/etc/security/pwhistory.conf</filename></term> + <listitem> + <para>Config file for pam_pwhistory options</para> + </listitem> + </varlistentry> + <varlistentry condition="with_vendordir"> + <term><filename>%vendordir%/security/pwhistory.conf</filename></term> + <listitem> + <para> + Config file for pam_pwhistory options. It will be used if + <filename>/etc/security/pwhistory.conf</filename> does not exist. + </para> + </listitem> + </varlistentry> </variablelist> </refsect1> diff --git a/modules/pam_pwhistory/pwhistory_config.c b/modules/pam_pwhistory/pwhistory_config.c index b21879c6..692cf80e 100644 --- a/modules/pam_pwhistory/pwhistory_config.c +++ b/modules/pam_pwhistory/pwhistory_config.c @@ -39,6 +39,7 @@ #include <stdlib.h> #include <string.h> #include <syslog.h> +#include <sys/stat.h> #include <security/pam_modutil.h> @@ -47,6 +48,10 @@ #define PWHISTORY_DEFAULT_CONF SCONFIGDIR "/pwhistory.conf" +#ifdef VENDOR_SCONFIGDIR +#define VENDOR_PWHISTORY_DEFAULT_CONF (VENDOR_SCONFIGDIR "/pwhistory.conf") +#endif + void parse_config_file(pam_handle_t *pamh, int argc, const char **argv, struct options_t *options) @@ -65,6 +70,17 @@ parse_config_file(pam_handle_t *pamh, int argc, const char **argv, if (fname == NULL) { fname = PWHISTORY_DEFAULT_CONF; + +#ifdef VENDOR_PWHISTORY_DEFAULT_CONF + /* + * Check whether PWHISTORY_DEFAULT_CONF file is available. + * If it does not exist, fall back to VENDOR_PWHISTORY_DEFAULT_CONF file. + */ + struct stat buffer; + if (stat(fname, &buffer) != 0 && errno == ENOENT) { + fname = VENDOR_PWHISTORY_DEFAULT_CONF; + } +#endif } val = pam_modutil_search_key (pamh, fname, "debug"); |