From 20019be7c8667b70ff68692b24029aed2c857639 Mon Sep 17 00:00:00 2001
From: Rob Landley <rob@landley.net>
Date: Thu, 14 May 2015 13:48:55 -0500
Subject: Bugfix from Hyejin Kim: su should not prompt root user for new user's
 password.

---
 toys/lsb/su.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'toys/lsb/su.c')

diff --git a/toys/lsb/su.c b/toys/lsb/su.c
index 616541b9..612daef1 100644
--- a/toys/lsb/su.c
+++ b/toys/lsb/su.c
@@ -54,11 +54,13 @@ void su_main()
   else name = "root";
 
   if (!(shp = getspnam(name))) perror_exit("no '%s'", name);
-  if (*shp->sp_pwdp != '$') goto deny;
-  if (read_password(toybuf, sizeof(toybuf), "Password: ")) goto deny;
-  passhash = crypt(toybuf, shp->sp_pwdp);
-  memset(toybuf, 0, sizeof(toybuf));
-  if (!passhash || strcmp(passhash, shp->sp_pwdp)) goto deny;
+  if (getuid()) {
+    if (*shp->sp_pwdp != '$') goto deny;
+    if (read_password(toybuf, sizeof(toybuf), "Password: ")) goto deny;
+    passhash = crypt(toybuf, shp->sp_pwdp);
+    memset(toybuf, 0, sizeof(toybuf));
+    if (!passhash || strcmp(passhash, shp->sp_pwdp)) goto deny;
+  }
 
   up = xgetpwnam(name);
   xsetuser(up);
-- 
cgit v1.2.3