From 32be23f693e5f9d1b112d4f3b9a597eaeb176ee6 Mon Sep 17 00:00:00 2001 From: Bdale Garbee Date: Tue, 11 Jan 2011 10:18:15 -0700 Subject: [PATCH] patch from upstream to fix special case in password checking code when only the gid is changing, closes #609641 --- check.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/check.c b/check.c index afb6c22..badf3e4 100644 --- a/check.c +++ b/check.c @@ -119,7 +119,13 @@ check_user(validated, mode) if (ISSET(mode, MODE_INVALIDATE)) { SET(validated, FLAG_CHECK_USER); } else { - if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt()) + /* + * Don't prompt for the root passwd or if the user is exempt. + * If the user is not changing uid/gid, no need for a password. + */ + if (user_uid == 0 || (user_uid == runas_pw->pw_uid && + (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) || + user_is_exempt()) return; } -- 2.30.2