do not attempt to change password as root when changing an expired password

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1445 ef36b2f9-881f-0410-afb5-c4e39611909c
author: Arthur de Jong <arthur@arthurdejong.org> 2011-04-30 09:15:09 +0000
committer: Arthur de Jong <arthur@arthurdejong.org> 2011-04-30 09:15:09 +0000
commit: 0a53d49e39f69b7322b7655f17d2cca402cee5f7 (patch)
tree: 9f965f0594da4e6f0674bbace357d8e8336f6c0f
parent: 88d6fd14d8575c43470e38a8da0d211596645224 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/pam/pam.c b/pam/pam.c
index 2e61f74..2fe6023 100644
--- a/pam/pam.c
+++ b/pam/pam.c
@@ -563,7 +563,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh,int flags,int argc,const char **argv)
     /* see if the user is trying to modify another user's password */
     pwent=getpwnam(username);
     myuid=getuid();
-    if ((pwent!=NULL)&&(pwent->pw_uid!=myuid))
+    if ((pwent!=NULL)&&(pwent->pw_uid!=myuid)&&(!(flags&PAM_CHANGE_EXPIRED_AUTHTOK)))
     {
       /* we are root so we can test if nslcd will allow us to change the
          user's password without the admin password */
author	Arthur de Jong <arthur@arthurdejong.org>	2011-04-30 09:15:09 +0000
committer	Arthur de Jong <arthur@arthurdejong.org>	2011-04-30 09:15:09 +0000
commit	0a53d49e39f69b7322b7655f17d2cca402cee5f7 (patch)
tree	9f965f0594da4e6f0674bbace357d8e8336f6c0f
parent	88d6fd14d8575c43470e38a8da0d211596645224 (diff)