Fix bug introduced in rev 1.23:

pw_equal does not check crypted password field, so one cannot change
crypted password keeping other fields intact.

Approved by:	des
MCF after:	3 days

1 files changed, 6 insertions, 1 deletions

diff --git a/usr.bin/chpass/chpass.c b/usr.bin/chpass/chpass.c
index ad6b9850370d..2504e68ec17d 100644
--- a/usr.bin/chpass/chpass.c
+++ b/usr.bin/chpass/chpass.c
@@ -217,7 +217,12 @@ main(int argc, char *argv[])
 		pw_fini();
 		if (pw == NULL)
 			err(1, "edit()");
-		if (pw_equal(old_pw, pw))
+		/* 
+		 * pw_equal does not check for crypted passwords, so we
+		 * should do it explicitly
+		 */
+		if (pw_equal(old_pw, pw) && 
+		    strcmp(old_pw->pw_passwd, pw->pw_passwd) == 0)
 			errx(0, "user information unchanged");
 	}