Remove a bogus null password check which assumed that a user with an empty

password must necessarily have an empty pwd->pw_passwd.  Also add a check
that prevents users from setting a blank password unless the nullok option
was specified.  Root is still allowed to give anyone a blank password.

1 files changed, 8 insertions, 2 deletions

diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c
index de7dcc8..afceb0e 100644
--- a/lib/libpam/modules/pam_unix/pam_unix.c
+++ b/lib/libpam/modules/pam_unix/pam_unix.c
@@ -337,8 +337,10 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 		PAM_LOG("Got old password");
 		/* always encrypt first */
 		encrypted = crypt(old_pass, pwd->pw_passwd);
-		if ((old_pass[0] == '\0' && pwd->pw_passwd[0] != '\0') ||
-		    strcmp(encrypted, pwd->pw_passwd) != 0)
+		if (old_pass[0] == '\0' &&
+		    !pam_test_option(&options, PAM_OPT_NULLOK, NULL))
+			return (PAM_PERM_DENIED);
+		if (strcmp(encrypted, pwd->pw_passwd) != 0)
 			return (PAM_PERM_DENIED);
 	}
 	else if (flags & PAM_UPDATE_AUTHTOK) {
@@ -364,6 +366,10 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 			return (retval);
 		}
 
+		if (getuid() != 0 && new_pass[0] == '\0' &&
+		    !pam_test_option(&options, PAM_OPT_NULLOK, NULL))
+			return (PAM_PERM_DENIED);
+
 		if ((old_pwd = pw_dup(pwd)) == NULL)
 			return (PAM_BUF_ERR);