The rpc.yppasswdd has an option to not allow shell changes (-s), but is

always passed a shell by the remote yppasswd. If an NIS client overrides the
shell provided by the ypserv, then yppasswd (pam_unix, actually, afaict)
will pass this new shell to the yppasswdd. If this shell has been set on the
client to a shell which is invalid on the server, a user will never be able
to change their password on the client.

PR:		67142
Submitted by:	russell@rucus.ru.ac.za
Approved by:	bapt (mentor)
Sponsored by:	EuroBSDCon Sweden.

1 files changed, 2 insertions, 2 deletions

diff --git a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c
index 0260e4c..9eb874b 100644
--- a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c
+++ b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c
@@ -212,12 +212,12 @@ validate(struct passwd *opw, struct x_passwd *npw)
 	 * Don't allow the user to shoot himself in the foot,
 	 * even on purpose.
 	 */
-	if (!ok_shell(npw->pw_shell)) {
+	if (!no_chsh && !ok_shell(npw->pw_shell)) {
 		yp_error("%s is not a valid shell", npw->pw_shell);
 		return(1);
 	}
 
-	if (validchars(npw->pw_shell)) {
+	if (!no_chsh && validchars(npw->pw_shell)) {
 		yp_error("specified shell contains invalid characters");
 		return(1);
 	}