1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00

Fix bug #3727 with patch from Steve Langasek <vorlon@debian.org>

Jeremy.
(This used to be commit 0723760ba4)
This commit is contained in:
Jeremy Allison 2007-12-12 17:26:49 -08:00
parent 022014dba2
commit 9373e1ea90
4 changed files with 21 additions and 1 deletions

View File

@ -77,6 +77,11 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags,
_log_err( LOG_DEBUG, "acct: username [%s] obtained", name );
}
if (geteuid() != 0) {
_log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
return PAM_AUTHINFO_UNAVAIL;
}
/* Getting into places that might use LDAP -- protect the app
from a SIGPIPE it's not expecting */
oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);

View File

@ -108,6 +108,12 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
_log_err( LOG_DEBUG, "username [%s] obtained", name );
}
if (geteuid() != 0) {
_log_err( LOG_DEBUG, "Cannot access samba password database, not running as root.");
retval = PAM_AUTHINFO_UNAVAIL;
AUTH_RETURN;
}
if (!initialize_password_db(True, NULL)) {
_log_err( LOG_ALERT, "Cannot access samba password database" );
retval = PAM_AUTHINFO_UNAVAIL;
@ -136,7 +142,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
sampass = NULL;
AUTH_RETURN;
}
/* if this user does not have a password... */
if (_smb_blankpasswd( ctrl, sampass )) {

View File

@ -129,6 +129,11 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
_log_err( LOG_DEBUG, "username [%s] obtained", user );
}
if (geteuid() != 0) {
_log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
return PAM_AUTHINFO_UNAVAIL;
}
/* Getting into places that might use LDAP -- protect the app
from a SIGPIPE it's not expecting */
oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);

View File

@ -94,6 +94,10 @@ static int process_options(int argc, char **argv, int local_flags)
while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LW")) != EOF) {
switch(ch) {
case 'L':
if (getuid() != 0) {
fprintf(stderr, "smbpasswd -L can only be used by root.\n");
exit(1);
}
local_flags |= LOCAL_AM_ROOT;
break;
case 'c':