diff options
| author | Tomas Mraz <tm@t8m.info> | 2008-11-28 12:48:43 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2008-11-28 12:48:43 +0000 |
| commit | 51a9be048c75f86e2d2493a47b1f6fd25f5e549d (patch) | |
| tree | fb646d70a223dd24073064a7b1432cc3aa997df0 /modules | |
| parent | cf4f02cdbdd015b8360cc3fdf905afc2602b4d37 (diff) | |
| download | pam-51a9be048c75f86e2d2493a47b1f6fd25f5e549d.tar.gz pam-51a9be048c75f86e2d2493a47b1f6fd25f5e549d.tar.bz2 pam-51a9be048c75f86e2d2493a47b1f6fd25f5e549d.zip | |
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2008-11-28 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/unix_update.c (set_password): Allow root to change
passwords without verification of the old ones.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_unix/unix_update.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/modules/pam_unix/unix_update.c b/modules/pam_unix/unix_update.c index f54a59ce..702912d0 100644 --- a/modules/pam_unix/unix_update.c +++ b/modules/pam_unix/unix_update.c @@ -71,11 +71,14 @@ set_password(const char *forwho, const char *shadow, const char *remember) goto done; } - /* does pass agree with the official one? - we always allow change from null pass */ - retval = helper_verify_password(forwho, pass, 1); - if (retval != PAM_SUCCESS) { - goto done; + /* If real caller uid is not root we must verify that + received old pass agrees with the current one. + We always allow change from null pass. */ + if (getuid()) { + retval = helper_verify_password(forwho, pass, 1); + if (retval != PAM_SUCCESS) { + goto done; + } } /* first, save old password */ |