The rpc.yppasswdd has an option to not allow shell changes (-s), but is

always passed a shell by the remote yppasswd. If an NIS client overrides the
shell provided by the ypserv, then yppasswd (pam_unix, actually, afaict)
will pass this new shell to the yppasswdd. If this shell has been set on the
client to a shell which is invalid on the server, a user will never be able
to change their password on the client.

PR:		67142
Submitted by:	russell@rucus.ru.ac.za
Approved by:	bapt (mentor)
Sponsored by:	EuroBSDCon Sweden.

diff --git a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c
index 0260e4c9c1bc1c095b733be4bb1c2a60fe39042e..9eb874b285a8fe2a1caddf56022b3d87ae794b5d 100644 (file)
--- a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c
+++ b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c
@@ -212,12 +212,12 @@ validate(struct passwd *opw, struct x_passwd *npw)
         * Don't allow the user to shoot himself in the foot,
         * even on purpose.
         */
-       if (!ok_shell(npw->pw_shell)) {
+       if (!no_chsh && !ok_shell(npw->pw_shell)) {
                yp_error("%s is not a valid shell", npw->pw_shell);
                return(1);
        }
 
-       if (validchars(npw->pw_shell)) {
+       if (!no_chsh && validchars(npw->pw_shell)) {
                yp_error("specified shell contains invalid characters");
                return(1);
        }