On Wed, Nov 12, 2003 at 05:59:09PM +0100, Andreas Metzler wrote:
> You are wrong, unix_chkpwd does NIS (at least in the szenario I just
> tested). After changing unix_chkpwd from 4755 root:root to 2755
> root:shadow a NIS user can not unlock the terminal he has just locked
> himself with vlock anymore.
>
> The NIS-server is configured with
> * : * : shadow.byname : port
> * : * : passwd.adjunct.byname : port
>
> and
>
> MERGE_PASSWD=false
The code does this:
if (strcmp(pwd->pw_passwd, "*NP*") == 0) { /* NIS+
*/
uid_t save_uid;
save_uid = geteuid();
seteuid(pwd->pw_uid);
spwdent = getspnam(name);
seteuid(save_uid);
salt = x_strdup(spwdent->sp_pwdp);
} else {
salt = x_strdup(pwd->pw_passwd);
}
Obviously, seteuid isn't going to work when we aren't root.
--
- mdz
