Relevant BUGIDs:

Purpose of commit: bugfix Commit summary: --------------- 2008-11-28 Tomas Mraz <t8m@centrum.cz> * modules/pam_unix/unix_update.c (set_password): Allow root to change passwords without verification of the old ones.
author: Tomas Mraz <tm@t8m.info> 2008-11-28 12:48:43 +0000
committer: Tomas Mraz <tm@t8m.info> 2008-11-28 12:48:43 +0000
commit: 51a9be048c75f86e2d2493a47b1f6fd25f5e549d (patch)
tree: fb646d70a223dd24073064a7b1432cc3aa997df0 /modules/pam_unix
parent: cf4f02cdbdd015b8360cc3fdf905afc2602b4d37 (diff)
1 files changed, 8 insertions, 5 deletions
diff --git a/modules/pam_unix/unix_update.c b/modules/pam_unix/unix_update.c
index f54a59ce..702912d0 100644
--- a/modules/pam_unix/unix_update.c
+++ b/modules/pam_unix/unix_update.c
@@ -71,11 +71,14 @@ set_password(const char *forwho, const char *shadow, const char *remember)
         goto done;
     }
 
-    /* does pass agree with the official one?
-       we always allow change from null pass */
-    retval = helper_verify_password(forwho, pass, 1);
-    if (retval != PAM_SUCCESS) {
-	goto done;
+    /* If real caller uid is not root we must verify that
+       received old pass agrees with the current one.
+       We always allow change from null pass. */
+    if (getuid()) {
+	retval = helper_verify_password(forwho, pass, 1);
+	if (retval != PAM_SUCCESS) {
+	    goto done;
+	}
     }
 
     /* first, save old password */
author	Tomas Mraz <tm@t8m.info>	2008-11-28 12:48:43 +0000
committer	Tomas Mraz <tm@t8m.info>	2008-11-28 12:48:43 +0000
commit	51a9be048c75f86e2d2493a47b1f6fd25f5e549d (patch)
tree	fb646d70a223dd24073064a7b1432cc3aa997df0 /modules/pam_unix
parent	cf4f02cdbdd015b8360cc3fdf905afc2602b4d37 (diff)