diff options
| author | Marcelo Araujo <araujo@FreeBSD.org> | 2015-10-02 08:58:50 +0000 |
|---|---|---|
| committer | Marcelo Araujo <araujo@FreeBSD.org> | 2015-10-02 08:58:50 +0000 |
| commit | 0bc80630127ddbbf54effb0ad0b2b8e22ba9e881 (patch) | |
| tree | ac78b9d3a94b49de363f2664e36ba3951c85622e /usr.sbin/rpc.yppasswdd | |
| parent | 10b83bb0e97612f6ec058bb4c9e4096c1d47e9de (diff) | |
| download | src-0bc80630127ddbbf54effb0ad0b2b8e22ba9e881.tar.gz src-0bc80630127ddbbf54effb0ad0b2b8e22ba9e881.zip | |
The rpc.yppasswdd has an option to not allow shell changes (-s), but is
always passed a shell by the remote yppasswd. If an NIS client overrides the
shell provided by the ypserv, then yppasswd (pam_unix, actually, afaict)
will pass this new shell to the yppasswdd. If this shell has been set on the
client to a shell which is invalid on the server, a user will never be able
to change their password on the client.
PR: 67142
Submitted by: russell@rucus.ru.ac.za
Approved by: bapt (mentor)
Sponsored by: EuroBSDCon Sweden.
Notes
Notes:
svn path=/head/; revision=288482
Diffstat (limited to 'usr.sbin/rpc.yppasswdd')
| -rw-r--r-- | usr.sbin/rpc.yppasswdd/yppasswdd_server.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c index 0260e4c9c1bc..9eb874b285a8 100644 --- a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c +++ b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c @@ -212,12 +212,12 @@ validate(struct passwd *opw, struct x_passwd *npw) * Don't allow the user to shoot himself in the foot, * even on purpose. */ - if (!ok_shell(npw->pw_shell)) { + if (!no_chsh && !ok_shell(npw->pw_shell)) { yp_error("%s is not a valid shell", npw->pw_shell); return(1); } - if (validchars(npw->pw_shell)) { + if (!no_chsh && validchars(npw->pw_shell)) { yp_error("specified shell contains invalid characters"); return(1); } |