From a6562ebb2728c6493f3bdd6e2d5505dd9f962fe3 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Sun, 13 Jul 2003 06:34:15 +0000 Subject: Relevant BUGIDs: patch 476976 Purpose of commit: bugfix Commit summary: --------------- Patch from Nalin Dahyabhai: when updating /etc/{passwd,shadow}, always respect any admin-specified permissions on the existing files. --- modules/pam_unix/pam_unix_passwd.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index b5758080..4320171c 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -347,6 +347,7 @@ static int _update_passwd(pam_handle_t *pamh, const char *forwho, const char *towhat) { struct passwd *tmpent = NULL; + struct stat st; FILE *pwfile, *opwfile; int err = 1; int oldmask; @@ -364,8 +365,13 @@ static int _update_passwd(pam_handle_t *pamh, return PAM_AUTHTOK_ERR; } - chown(PW_TMPFILE, 0, 0); - chmod(PW_TMPFILE, 0644); + if (fstat(fileno(opwfile), &st) == -1) { + chown(PW_TMPFILE, 0, 0); + chmod(PW_TMPFILE, 0644); + } else { + chown(PW_TMPFILE, st.st_uid, st.st_gid); + chmod(PW_TMPFILE, st.st_mode); + } tmpent = fgetpwent(opwfile); while (tmpent) { if (!strcmp(tmpent->pw_name, forwho)) { @@ -406,6 +412,7 @@ static int _update_passwd(pam_handle_t *pamh, static int _update_shadow(const char *forwho, char *towhat) { struct spwd *spwdent = NULL, *stmpent = NULL; + struct stat st; FILE *pwfile, *opwfile; int err = 1; int oldmask; @@ -427,8 +434,13 @@ static int _update_shadow(const char *forwho, char *towhat) return PAM_AUTHTOK_ERR; } - chown(SH_TMPFILE, 0, 0); - chmod(SH_TMPFILE, 0600); + if (fstat(fileno(opwfile), &st) == -1) { + chown(SH_TMPFILE, 0, 0); + chmod(SH_TMPFILE, 0600); + } else { + chown(SH_TMPFILE, st.st_uid, st.st_gid); + chmod(SH_TMPFILE, st.st_mode); + } stmpent = fgetspent(opwfile); while (stmpent) { -- cgit v1.2.3