File: 021_nis_cleanup

package info (click to toggle)
pam 1.1.8-3.6
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 11,800 kB
  • ctags: 2,930
  • sloc: ansic: 31,350; xml: 21,611; sh: 11,344; makefile: 1,563; perl: 893; yacc: 408; lex: 70; sed: 16
file content (44 lines) | stat: -rw-r--r-- 1,614 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
Patch from Philippe Troin    <phil@fifi.org>

Originally this included a bunch of changes to locking, but the more
recent code pulled from Linux_pam CVS seems to fix that issue.

Index: pam.deb/modules/pam_unix/pam_unix_passwd.c
===================================================================
--- pam.deb.orig/modules/pam_unix/pam_unix_passwd.c
+++ pam.deb/modules/pam_unix/pam_unix_passwd.c
@@ -577,7 +577,7 @@
 
 		if (_unix_blankpasswd(pamh, ctrl, user)) {
 			return PAM_SUCCESS;
-		} else if (off(UNIX__IAMROOT, ctrl)) {
+		} else if (off(UNIX__IAMROOT, ctrl) || on(UNIX_NIS, ctrl)) {
 			/* instruct user what is happening */
 			if (asprintf(&Announce, _("Changing password for %s."),
 				user) < 0) {
@@ -590,7 +590,9 @@
 			set(UNIX__OLD_PASSWD, lctrl);
 			retval = _unix_read_password(pamh, lctrl
 						     ,Announce
-					     ,_("(current) UNIX password: ")
+					     ,(on(UNIX__IAMROOT, ctrl)
+			                       ? _("NIS server root password: ")
+			                       : _("(current) UNIX password: "))
 						     ,NULL
 						     ,_UNIX_OLD_AUTHTOK
 					     ,&pass_old);
@@ -601,9 +603,12 @@
 				    "password - (old) token not obtained");
 				return retval;
 			}
-			/* verify that this is the password for this user */
+			/* verify that this is the password for this user
+			 * if we're not using NIS */
 
-			retval = _unix_verify_password(pamh, user, pass_old, ctrl);
+			if (off(UNIX_NIS, ctrl)) {
+				retval = _unix_verify_password(pamh, user, pass_old, ctrl);
+			}
 		} else {
 			D(("process run by root so do nothing this time around"));
 			pass_old = NULL;