Changeset 594 in openpam for trunk/lib/openpam_dynamic.c


Ignore:
Timestamp:
Apr 14, 2012, 2:18:41 PM (9 years ago)
Author:
Dag-Erling Smørgrav
Message:

Add an experimental mechanism for enabling / disabling optional features.
Use it to control policy and module file checks. The default settings
correspond to the current behavior: disallow path separators in policy
names, but allow them in module names; verify ownership and permissions
for both policy files and modules.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/lib/openpam_dynamic.c

    r525 r594  
    7171        if ((fd = open(modfn, O_RDONLY)) < 0)
    7272                return (NULL);
    73         if (openpam_check_desc_owner_perms(modfn, fd) != 0) {
     73        if (OPENPAM_FEATURE(VERIFY_MODULE_FILE) &&
     74            openpam_check_desc_owner_perms(modfn, fd) != 0) {
    7475                close(fd);
    7576                return (NULL);
     
    8889try_dlopen(const char *modfn)
    8990{
     91        int check_module_file;
    9092        void *dlh;
    9193
    92         if (openpam_check_path_owner_perms(modfn) != 0)
     94        openpam_get_feature(OPENPAM_FEATURE_CHECK_MODULE_FILE,
     95            &check_module_file);
     96        if (check_module_file &&
     97            openpam_check_path_owner_perms(modfn) != 0)
    9398                return (NULL);
    9499        if ((dlh = dlopen(modfn, RTLD_NOW)) == NULL) {
Note: See TracChangeset for help on using the changeset viewer.