merge upstream version 1.1.0

author: Steve Langasek <vorlon@debian.org> 2009-08-24 03:06:11 -0700
committer: Steve Langasek <vorlon@debian.org> 2019-01-08 21:25:43 -0800
commit: 78915f5a06936cc24cf7776c8b53d08b6ea3616c (patch)
tree: 6325216d4660f2a33d2161d71302b8c3f47c76e5 /modules/pam_unix/unix_update.c
parent: fdd6439782a15a1abe342044e07e5f7501ae73de (diff)
parent: 212b52cf29c06cc209bc8ac0540dbab1acdf1464 (diff)
download: pam-78915f5a06936cc24cf7776c8b53d08b6ea3616c.tar.gz
pam-78915f5a06936cc24cf7776c8b53d08b6ea3616c.tar.bz2
pam-78915f5a06936cc24cf7776c8b53d08b6ea3616c.zip
1 files changed, 8 insertions, 5 deletions
diff --git a/modules/pam_unix/unix_update.c b/modules/pam_unix/unix_update.c
index f54a59ce..702912d0 100644
--- a/modules/pam_unix/unix_update.c
+++ b/modules/pam_unix/unix_update.c
@@ -71,11 +71,14 @@ set_password(const char *forwho, const char *shadow, const char *remember)
         goto done;
     }
 
-    /* does pass agree with the official one?
-       we always allow change from null pass */
-    retval = helper_verify_password(forwho, pass, 1);
-    if (retval != PAM_SUCCESS) {
-	goto done;
+    /* If real caller uid is not root we must verify that
+       received old pass agrees with the current one.
+       We always allow change from null pass. */
+    if (getuid()) {
+	retval = helper_verify_password(forwho, pass, 1);
+	if (retval != PAM_SUCCESS) {
+	    goto done;
+	}
     }
 
     /* first, save old password */
author	Steve Langasek <vorlon@debian.org>	2009-08-24 03:06:11 -0700
committer	Steve Langasek <vorlon@debian.org>	2019-01-08 21:25:43 -0800
commit	78915f5a06936cc24cf7776c8b53d08b6ea3616c (patch)
tree	6325216d4660f2a33d2161d71302b8c3f47c76e5 /modules/pam_unix/unix_update.c
parent	fdd6439782a15a1abe342044e07e5f7501ae73de (diff)
parent	212b52cf29c06cc209bc8ac0540dbab1acdf1464 (diff)
download	pam-78915f5a06936cc24cf7776c8b53d08b6ea3616c.tar.gz pam-78915f5a06936cc24cf7776c8b53d08b6ea3616c.tar.bz2 pam-78915f5a06936cc24cf7776c8b53d08b6ea3616c.zip