[Pkg-shadow-devel] Bug#321384: su refuses to change an expired password for root

[Nicolas François]

Hello Tomasz,

Can you have a look at this patch?

It performs an pam_chauthok when pam_acct_mgmt returns an
PAM_CHANGE_EXPIRED_AUTHOK.

BTW, in adduser.c: s/spoll/spool/

Kind Regrads
-- 
Nekral
-------------- next part --------------
Index: src/su.c
===================================================================
RCS file: /cvsroot/shadow/src/su.c,v
retrieving revision 1.41
diff -u -r1.41 su.c
--- src/su.c	4 Aug 2005 19:13:43 -0000	1.41
+++ src/su.c	5 Aug 2005 22:55:18 -0000
@@ -519,6 +519,16 @@
 		if (amroot) {
 			fprintf (stderr, _("%s: %s\n(Ignored)\n"), Prog,
 				 pam_strerror (pamh, ret));
+		} if (ret == PAM_NEW_AUTHTOK_REQD) {
+			ret = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+			if (ret != PAM_SUCCESS) {
+				SYSLOG ((LOG_ERR, "pam_chauthtok: %s",
+				         pam_strerror (pamh, ret)));
+				fprintf (stderr, _("%s: %s\n"), Prog,
+				         pam_strerror (pamh, ret));
+				pam_end (pamh, ret);
+				su_failure (tty);
+			}
 		} else {
 			SYSLOG ((LOG_ERR, "pam_acct_mgmt: %s",
 				 pam_strerror (pamh, ret)));