diff options
Diffstat (limited to 'src/su.c')
| -rw-r--r-- | src/su.c | 21 |
1 files changed, 20 insertions, 1 deletions
@@ -82,6 +82,7 @@ * Global variables */ const char *Prog; +FILE *shadow_logfd = NULL; static /*@observer@*/const char *caller_tty = NULL; /* Name of tty SU is run from */ static bool caller_is_root = false; static uid_t caller_uid; @@ -354,7 +355,9 @@ static void prepare_pam_close_session (void) pid_t pid; stop = true; - pid = waitpid (-1, &status, WUNTRACED); + do { + pid = waitpid (-1, &status, WUNTRACED); + } while (pid != -1 && pid != pid_child); /* When interrupted by signal, the signal will be * forwarded to the child, and termination will be @@ -503,6 +506,21 @@ static void check_perms_nopam (const struct passwd *pw) return; } + if (strcmp (pw->pw_passwd, "") == 0) { + char *prevent_no_auth = getdef_str("PREVENT_NO_AUTH"); + if(prevent_no_auth == NULL) { + prevent_no_auth = "superuser"; + } + if(strcmp(prevent_no_auth, "yes") == 0) { + fprintf(stderr, _("Password field is empty, this is forbidden for all accounts.\n")); + exit(1); + } else if( (pw->pw_uid == 0) + && (strcmp(prevent_no_auth, "superuser") == 0)) { + fprintf(stderr, _("Password field is empty, this is forbidden for super-user.\n")); + exit(1); + } + } + /* * BSD systems only allow "wheel" to SU to root. USG systems don't, * so we make this a configurable option. @@ -699,6 +717,7 @@ static void save_caller_context (char **argv) * most error messages. */ Prog = Basename (argv[0]); + shadow_logfd = stderr; caller_uid = getuid (); caller_is_root = (caller_uid == 0); |