From d948d7defc434a8d7d1771e9e1b41ffd1c9b2954 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tm@t8m.info>
Date: Wed, 10 Nov 2004 09:44:32 +0000
Subject: Relevant BUGIDs: Redhat BZ 115309

Purpose of commit: bugfix

Commit summary:
---------------
Change the order of password change (first try local, then NIS)
---
 modules/pam_unix/pam_unix_passwd.c | 35 +++++++++++++++++------------------
 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 71695276..e3f32941 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -539,7 +539,23 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat,
 		goto done;
 	}
 
-	if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) {
+	if (_unix_comesfromsource(pamh, forwho, 1, 0)) {
+		/* first, save old password */
+		if (save_old_password(pamh, forwho, fromwhat, remember)) {
+			retval = PAM_AUTHTOK_ERR;
+			goto done;
+		}
+		if (on(UNIX_SHADOW, ctrl) || _unix_shadowed(pwd)) {
+			retval = _update_shadow(pamh, forwho, towhat);
+ 		        if (retval != PAM_SUCCESS && SELINUX_ENABLED) 
+			  retval = _unix_run_shadow_binary(pamh, ctrl, forwho, fromwhat, towhat);
+			if (retval == PAM_SUCCESS)
+				if (!_unix_shadowed(pwd))
+					retval = _update_passwd(pamh, forwho, "x");
+		} else {
+			retval = _update_passwd(pamh, forwho, towhat);
+		}
+	} else if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) {
 		struct timeval timeout;
 		struct yppasswd yppwd;
 		CLIENT *clnt;
@@ -605,23 +621,6 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat,
 #endif
 		return retval;
 	}
-	/* first, save old password */
-	if (save_old_password(pamh, forwho, fromwhat, remember)) {
-		retval = PAM_AUTHTOK_ERR;
-		goto done;
-	}
-	if (_unix_comesfromsource(pamh, forwho, 1, 0)) {
-		if (on(UNIX_SHADOW, ctrl) || _unix_shadowed(pwd)) {
-			retval = _update_shadow(pamh, forwho, towhat);
- 		        if (retval != PAM_SUCCESS && SELINUX_ENABLED) 
-			  retval = _unix_run_shadow_binary(pamh, ctrl, forwho, fromwhat, towhat);
-			if (retval == PAM_SUCCESS)
-				if (!_unix_shadowed(pwd))
-					retval = _update_passwd(pamh, forwho, "x");
-		} else {
-			retval = _update_passwd(pamh, forwho, towhat);
-		}
-	}
 
 done:
 #ifdef USE_LCKPWDF
-- 
cgit v1.2.3