Fix bug #3727 with patch from Steve Langasek <vorlon@debian.org>

[samba.git] / source3 / pam_smbpass / pam_smb_passwd.c

diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c
index f0fa018217bbe55953ac1b6564fc4b6f528a8bbd..de5310761f7cb765db8fab5f0db572907ae56005 100644 (file)
--- a/source3/pam_smbpass/pam_smb_passwd.c
+++ b/source3/pam_smbpass/pam_smb_passwd.c
@@ -129,6 +129,11 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
         _log_err( LOG_DEBUG, "username [%s] obtained", user );
     }
 
+    if (geteuid() != 0) {
+       _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
+       return PAM_AUTHINFO_UNAVAIL;
+    }
+
     /* Getting into places that might use LDAP -- protect the app
        from a SIGPIPE it's not expecting */
     oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);