mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
Fix bug #3727 with patch from Steve Langasek <vorlon@debian.org>
Jeremy.
This commit is contained in:
parent
507247dcbf
commit
0723760ba4
@ -77,6 +77,11 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags,
|
||||
_log_err( LOG_DEBUG, "acct: username [%s] obtained", name );
|
||||
}
|
||||
|
||||
if (geteuid() != 0) {
|
||||
_log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
|
||||
return PAM_AUTHINFO_UNAVAIL;
|
||||
}
|
||||
|
||||
/* Getting into places that might use LDAP -- protect the app
|
||||
from a SIGPIPE it's not expecting */
|
||||
oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
|
||||
|
@ -108,6 +108,12 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
|
||||
_log_err( LOG_DEBUG, "username [%s] obtained", name );
|
||||
}
|
||||
|
||||
if (geteuid() != 0) {
|
||||
_log_err( LOG_DEBUG, "Cannot access samba password database, not running as root.");
|
||||
retval = PAM_AUTHINFO_UNAVAIL;
|
||||
AUTH_RETURN;
|
||||
}
|
||||
|
||||
if (!initialize_password_db(True, NULL)) {
|
||||
_log_err( LOG_ALERT, "Cannot access samba password database" );
|
||||
retval = PAM_AUTHINFO_UNAVAIL;
|
||||
@ -136,7 +142,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
|
||||
sampass = NULL;
|
||||
AUTH_RETURN;
|
||||
}
|
||||
|
||||
|
||||
/* if this user does not have a password... */
|
||||
|
||||
if (_smb_blankpasswd( ctrl, sampass )) {
|
||||
|
@ -129,6 +129,11 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
|
||||
_log_err( LOG_DEBUG, "username [%s] obtained", user );
|
||||
}
|
||||
|
||||
if (geteuid() != 0) {
|
||||
_log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
|
||||
return PAM_AUTHINFO_UNAVAIL;
|
||||
}
|
||||
|
||||
/* Getting into places that might use LDAP -- protect the app
|
||||
from a SIGPIPE it's not expecting */
|
||||
oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
|
||||
|
@ -94,6 +94,10 @@ static int process_options(int argc, char **argv, int local_flags)
|
||||
while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LW")) != EOF) {
|
||||
switch(ch) {
|
||||
case 'L':
|
||||
if (getuid() != 0) {
|
||||
fprintf(stderr, "smbpasswd -L can only be used by root.\n");
|
||||
exit(1);
|
||||
}
|
||||
local_flags |= LOCAL_AM_ROOT;
|
||||
break;
|
||||
case 'c':
|
||||
|
Loading…
Reference in New Issue
Block a user