Fix bug introduced in rev 1.23:

pw_equal does not check crypted password field, so one cannot change crypted password keeping other fields intact. Approved by: des MCF after: 3 days
svn path=/head/; revision=162633
2024-11-27 03:11:52 +01:00 · 2006-09-25 15:06:24 +00:00 · 2006-09-25 15:06:24 +00:00 · 50789a2f3a · 2020-12-20 02:59:44 +00:00
commit 50789a2f3a
parent d038d0bd66
1 changed files with 6 additions and 1 deletions
--- a/usr.bin/chpass/chpass.c
+++ b/usr.bin/chpass/chpass.c
@ -217,7 +217,12 @@ main(int argc, char *argv[])
 		pw_fini();
 		if (pw == NULL)
 			err(1, "edit()");
-		if (pw_equal(old_pw, pw))
+		/* 
+		 * pw_equal does not check for crypted passwords, so we
+		 * should do it explicitly
+		 */
+		if (pw_equal(old_pw, pw) && 
+		    strcmp(old_pw->pw_passwd, pw->pw_passwd) == 0)
 			errx(0, "user information unchanged");
 	}