From: Bdale Garbee <bdale@gag.com>
Date: Tue, 11 Jan 2011 17:18:15 +0000 (-0700)
Subject: patch from upstream to fix special case in password checking code
X-Git-Tag: debian/1.7.4p4-6~2
X-Git-Url: https://git.gag.com/?a=commitdiff_plain;h=32be23f693e5f9d1b112d4f3b9a597eaeb176ee6;p=debian%2Fsudo

patch from upstream to fix special case in password checking code
when only the gid is changing, closes #609641
---

diff --git a/check.c b/check.c
index afb6c22..badf3e4 100644
--- a/check.c
+++ b/check.c
@@ -119,7 +119,13 @@ check_user(validated, mode)
     if (ISSET(mode, MODE_INVALIDATE)) {
 	SET(validated, FLAG_CHECK_USER);
     } else {
-	if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())
+	/*
+	 * Don't prompt for the root passwd or if the user is exempt.
+	 * If the user is not changing uid/gid, no need for a password.
+	 */
+	if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
+	    (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) ||
+	    user_is_exempt())
 	    return;
     }