Module Name: src
Committed By: tonnerre
Date: Sun Jun 14 23:23:54 UTC 2009
Modified Files:
src/lib/libpam/modules/pam_unix: pam_unix.c
Log Message:
Restore the good old UNIX behavior of root password changing: only root
may change the root password.
(Checked that everybody else's password can be changed without any problem,
and checked that root can still change the root password.)
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/lib/libpam/modules/pam_unix/pam_unix.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libpam/modules/pam_unix/pam_unix.c
diff -u src/lib/libpam/modules/pam_unix/pam_unix.c:1.12 src/lib/libpam/modules/pam_unix/pam_unix.c:1.13
--- src/lib/libpam/modules/pam_unix/pam_unix.c:1.12 Mon Jan 26 04:01:14 2009
+++ src/lib/libpam/modules/pam_unix/pam_unix.c Sun Jun 14 23:23:54 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: pam_unix.c,v 1.12 2009/01/26 04:01:14 lukem Exp $ */
+/* $NetBSD: pam_unix.c,v 1.13 2009/06/14 23:23:54 tonnerre Exp $ */
/*-
* Copyright 1998 Juniper Networks, Inc.
@@ -40,7 +40,7 @@
#ifdef __FreeBSD__
__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_unix/pam_unix.c,v 1.49 2004/02/10 10:13:21 des Exp $");
#else
-__RCSID("$NetBSD: pam_unix.c,v 1.12 2009/01/26 04:01:14 lukem Exp $");
+__RCSID("$NetBSD: pam_unix.c,v 1.13 2009/06/14 23:23:54 tonnerre Exp $");
#endif
@@ -508,6 +508,14 @@
/* Root doesn't need the old password. */
return (pam_set_item(pamh, PAM_OLDAUTHTOK, ""));
}
+ /*
+ * Apparently we're not root, so let's forbid editing
+ * root.
+ * XXX Check for some flag to indicate if this
+ * XXX is the desired behavior.
+ */
+ if (pwd->pw_uid == 0)
+ return (PAM_PERM_DENIED);
}
if (pwd->pw_passwd[0] == '\0') {
