summaryrefslogtreecommitdiffstats
path: root/lib/libpam/modules/pam_unix/pam_unix.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libpam/modules/pam_unix/pam_unix.c')
-rw-r--r--lib/libpam/modules/pam_unix/pam_unix.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c
index de7dcc8..afceb0e 100644
--- a/lib/libpam/modules/pam_unix/pam_unix.c
+++ b/lib/libpam/modules/pam_unix/pam_unix.c
@@ -337,8 +337,10 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
PAM_LOG("Got old password");
/* always encrypt first */
encrypted = crypt(old_pass, pwd->pw_passwd);
- if ((old_pass[0] == '\0' && pwd->pw_passwd[0] != '\0') ||
- strcmp(encrypted, pwd->pw_passwd) != 0)
+ if (old_pass[0] == '\0' &&
+ !pam_test_option(&options, PAM_OPT_NULLOK, NULL))
+ return (PAM_PERM_DENIED);
+ if (strcmp(encrypted, pwd->pw_passwd) != 0)
return (PAM_PERM_DENIED);
}
else if (flags & PAM_UPDATE_AUTHTOK) {
@@ -364,6 +366,10 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
return (retval);
}
+ if (getuid() != 0 && new_pass[0] == '\0' &&
+ !pam_test_option(&options, PAM_OPT_NULLOK, NULL))
+ return (PAM_PERM_DENIED);
+
if ((old_pwd = pw_dup(pwd)) == NULL)
return (PAM_BUF_ERR);
OpenPOWER on IntegriCloud