Relevant BUGIDs:

author Tomas Mraz <tm@t8m.info>

Thu, 17 Apr 2008 14:29:02 +0000 (14:29 +0000)

committer Tomas Mraz <tm@t8m.info>

Thu, 17 Apr 2008 14:29:02 +0000 (14:29 +0000)
author Tomas Mraz <tm@t8m.info>
Thu, 17 Apr 2008 14:29:02 +0000 (14:29 +0000)
committer Tomas Mraz <tm@t8m.info>
Thu, 17 Apr 2008 14:29:02 +0000 (14:29 +0000)
diff --git a/ChangeLog b/ChangeLog

index aaf8737a0e6e62d7e323cc24c55a93bbd3d95981..dc7a49f4ef6078f0045449b1e900507bd77afecc 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,9 @@
         (pam_sm_authenticate): Call gethostname() to fill hostname in the
         loginfo.
  
+       * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Do not try
+       to lock if euid != 0.
+
  2008-04-16  Tomas Mraz <t8m@centrum.cz>
  
         * modules/pam_unix/Makefile.am: Link unix_chkpwd with libaudit.
diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c

index 0d5ab21ae0d2d0f6933e1f3676ef1dda060d3a36..15cdc3e1f4e6cafdfa34d70c6c55feaf681ac74e 100644 (file)
--- a/modules/pam_sepermit/pam_sepermit.c
+++ b/modules/pam_sepermit/pam_sepermit.c
@@ -305,7 +305,7 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user,
         free(line);
         fclose(f);
         if (matched) 
-               return exclusive ? sepermit_lock(pamh, user, debug) : 0;
+               return (geteuid() == 0 && exclusive) ? sepermit_lock(pamh, user, debug) : 0;
         else
                 return -1;
  }
author	Tomas Mraz <tm@t8m.info>
	Thu, 17 Apr 2008 14:29:02 +0000 (14:29 +0000)
committer	Tomas Mraz <tm@t8m.info>
	Thu, 17 Apr 2008 14:29:02 +0000 (14:29 +0000)
ChangeLog		patch \| blob \| history
modules/pam_sepermit/pam_sepermit.c		patch \| blob \| history