_log_err( LOG_DEBUG, "acct: username [%s] obtained", name );
}
+ if (geteuid() != 0) {
+ _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
+ return PAM_AUTHINFO_UNAVAIL;
+ }
+
/* Getting into places that might use LDAP -- protect the app
from a SIGPIPE it's not expecting */
oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
_log_err( LOG_DEBUG, "username [%s] obtained", name );
}
+ if (geteuid() != 0) {
+ _log_err( LOG_DEBUG, "Cannot access samba password database, not running as root.");
+ retval = PAM_AUTHINFO_UNAVAIL;
+ AUTH_RETURN;
+ }
+
if (!initialize_password_db(True, NULL)) {
_log_err( LOG_ALERT, "Cannot access samba password database" );
retval = PAM_AUTHINFO_UNAVAIL;
sampass = NULL;
AUTH_RETURN;
}
-
+
/* if this user does not have a password... */
if (_smb_blankpasswd( ctrl, sampass )) {
_log_err( LOG_DEBUG, "username [%s] obtained", user );
}
+ if (geteuid() != 0) {
+ _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
+ return PAM_AUTHINFO_UNAVAIL;
+ }
+
/* Getting into places that might use LDAP -- protect the app
from a SIGPIPE it's not expecting */
oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LW")) != EOF) {
switch(ch) {
case 'L':
+ if (getuid() != 0) {
+ fprintf(stderr, "smbpasswd -L can only be used by root.\n");
+ exit(1);
+ }
local_flags |= LOCAL_AM_ROOT;
break;
case 'c':